Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

System hangs and other symptoms

This is a discussion on System hangs and other symptoms within the Resolved HJT Threads forums, part of the Tech Support Forum category. Here is a post (mine) from the Microsoft 7 forum: A hangup problem has developed on my Gateway Media Center


 
 
Thread Tools Search this Thread
Old 09-23-2015, 06:21 AM   #1
Registered Member
 
Join Date: Mar 2009
Posts: 61
OS: Win XP Pro



Here is a post (mine) from the Microsoft 7 forum:

A hangup problem has developed on my Gateway Media Center (Win 7) machine. It has odd characteristics.The computer boots fine, and will run any program I choose, for as long as I choose. But if I let the machine sit for 10 minutes. It locks up. The mouse continues to work but no programs will boot, including shutdown.

If I boot into Safe mode, the computer works fine, for as long as I want to use it. IOW, it does NOT hang. Makes me think it might be a driver problem, altho, contrary to popular belief, Safe mode does load a lot of drivers.

I ran ESET on it several times. First time it found 96 infected files, which it deleted. Second time, it found nothing.

My gut feeling is, it's not a virus, but rather, a driver gone bad. I'm not smart enough to figure it out for sure, which is why I'm here. Appreciate your help.

Wes
WesNathan is online now Report Post Reply With Quote Multi-Quote This Message Quick reply to this message
Old Yesterday, 12:23 PM #2
joeten
Microsoft-Team Manager
Hardware - Team Manager

joeten's Avatar

Join Date: Dec 2008
Location: Glasgow Scotland
Posts: 61,706
OS: win 7 pro/ultimate/xp vm



Re: EMET, and hangups
Hi have you tried a clean boot to troubleshoot https://support.microsoft.com/en-gb/...?wa=wsignin1.0 Please read it fully first.
__________________









Eliminate all other factors, and the one which remains must be the truth.
joeten is offline Report Post Reply With Quote Multi-Quote This Message Quick reply to this message
Old Yesterday, 07:27 PM #3
Masterchiefxx17
Microsoft MVP
Team Manager
- Articles Team
Moderator
- Hardware Team
- Microsoft Support

Masterchiefxx17's Avatar

Microsoft Most Valuable Professional

Join Date: Feb 2010
Location: Wisconsin, USA
Posts: 33,459
OS: Windows 7 64bit Professional (SP1), Windows 8.1 64bit

My System


Re: EMET, and hangups
Quote:
Originally Posted by WesNathan View Post
Two questions:


Quote:
2. A hangup problem has developed on my Gateway Media Center (Win 7) machine. It has odd characteristics.The computer boots fine, and will run any program I choose, for as long as I choose. But if I let the machine sit for 10 minutes. It locks up. The mouse continues to work but no programs will boot, including shutdown.

If I boot into Safe mode, the computer works fine, for as long as I want to use it. IOW, it does NOT hang. Makes me think it might be a driver problem, altho, contrary to popular belief, Safe mode does load a lot of drivers.

I ran ESET on it several times. First time it found 96 infected files, which it deleted. Second time, it found nothing.

My gut feeling is, it's not a virus, but rather, a driver gone bad. I'm not smart enough to figure it out for sure, which is why I'm here. Appreciate your help.

Wes
It could be that your PC still has infected files. I recommend speaking with our malware team.



There is another symptom that worries me. When I try to access one of my bank's online banking site, it get this message:

This Connection is Untrusted

You have asked Firefox to connect securely to onlinebanking.suntrust.com, but we can't confirm that your connection is secure.

Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
What Should I Do?

If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.

onlinebanking.suntrust.com uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown.
The server might not be sending the appropriate intermediate certificates.
An additional root certificate may need to be imported.

(Error code: sec_error_unknown_issuer)


I've been using this site and the same logon info for many years, with never a problem. I can log into my other bank site without a problem.

I've been online today for several hours. The computer is running normally, with the exception of the bank login problem. I know, from recent experience, if I walk away for 10 minutes, the machine will lock up, requiring a reboot.

????
__________________
WesNathan is offline  
Sponsored Links
Advertisement
 
Old 09-24-2015, 03:00 AM   #2
Registered Member
 
Join Date: Mar 2009
Posts: 61
OS: Win XP Pro



I may have solved the banking problem. Tried it this morning and access worked normally. All I did was run a Free Registry Repair program. It found a bunch of junk, which I deleted. I've been using this program for several months. It works as intended. I run this program about once a week.
WesNathan is offline  
Old 09-24-2015, 09:16 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

We do not recommend the use of registry cleaners. Our colleague miekiemoes has an excellent writeup here

We suggest uninstalling them via Programs and Features in your Control Panel.

Reg cleaners will, in the long run, cause more problems than they appear to fix.

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Do NOT click the green 'Download' button(if visible).
  • Click the blue 'Download now @bleepingcomputer' button.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Sponsored Links
Advertisement
 
Old 09-26-2015, 04:53 AM   #4
Registered Member
 
Join Date: Mar 2009
Posts: 61
OS: Win XP Pro



Things are really screwed up now. Adwcleaner won't run. The scan gets to 'browsers', then barfs with this error message: "variable must be of type 'object'. Tried to run it in safe mode, same result.

Also, for whatever reason, Last Pass refuses to function. It doesn't boot up with Firefox as it should. Downloaded a new version of the FF addon. None of the addons work in safe mode. Can't see any of them. The new version tries to install but hangs at the end (in 'normal' mode)

Even your forum looks different. Could be Safe mode. I've only got one item in this thread. I know there's lots more than that. (Just received another message from you and the link takes me to the correct thread. I guess email still works.

Fixing Last Pass is a number one priority. I don't think the problem is with LP; I think it's something involving problems on the computer. Should I re-install Firefox?

Please forward this to the anti malware forum and the EMET, and hangups thread.
WesNathan is offline  
Old 09-26-2015, 01:05 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello WesNathan. I am only trained in malware removal, therefore I can only address malware problems.

You can try re-installing FF. If AdwCleaner still won't complete, continue with the FRST instructions.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-01-2015, 04:49 AM   #6
Registered Member
 
Join Date: Mar 2009
Posts: 61
OS: Win XP Pro



Here are the FRST scan files (I think, altho I don't see a way to attach the files to this message.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-09-2015
Ran by Terry (administrator) on TERRY-PC (01-10-2015 07:31:09)
Running from C:\Users\Terry\Downloads
Loaded Profiles: Terry (Available Profiles: Terry & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.1\EMET_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.1\EMET_Agent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(johnsadventures.com) C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Farbar) C:\Users\Terry\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [536576 2014-12-29] (Greenshot)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [77056 2013-05-16] (WordWeb Software)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Privatefirewall] => C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-3051025223-178680314-3478485062-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935768 2015-09-29] (SUPERAntiSpyware)
HKU\S-1-5-21-3051025223-178680314-3478485062-1000\...\Run: [BackgroundSwitcher] => C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe [117400 2015-05-27] (johnsadventures.com)
HKU\S-1-5-21-3051025223-178680314-3478485062-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-3051025223-178680314-3478485062-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-08-03] (Glarysoft Ltd)
HKU\S-1-5-21-3051025223-178680314-3478485062-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-02-21]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ED80F6C4-D432-453F-A510-0912A636D14F}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3051025223-178680314-3478485062-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3051025223-178680314-3478485062-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3051025223-178680314-3478485062-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about: blank
HKU\S-1-5-21-3051025223-178680314-3478485062-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3051025223-178680314-3478485062-1000 -> DefaultScope {7F96910A-6A98-4272-85BE-AB4D10BB0635} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file1202&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByCtBzzyDyDtByBtDyC0FtDtN0D0Tzu0SyBtBtAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1122054685&ir=
SearchScopes: HKU\S-1-5-21-3051025223-178680314-3478485062-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3051025223-178680314-3478485062-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-3051025223-178680314-3478485062-1000 -> {7F96910A-6A98-4272-85BE-AB4D10BB0635} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file1202&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByCtBzzyDyDtByBtDyC0FtDtN0D0Tzu0SyBtBtAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1122054685&ir=
SearchScopes: HKU\S-1-5-21-3051025223-178680314-3478485062-1000 -> {ED9E75E7-E634-4EEB-A61D-6ABA135D9C9B} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-02-21] (LastPass)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2013-09-02] ()
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-02-21] (LastPass)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2013-09-02] ()
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-02-21] (LastPass)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2013-09-02] ()
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-02-21] (LastPass)
Toolbar: HKU\S-1-5-21-3051025223-178680314-3478485062-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2013-09-02] ()

FireFox:
========
FF ProfilePath: C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\pyfki9y2.default-1432038195407
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-07-13] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-02-21] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-04-05] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-07-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-02-21] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-04-05] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-3051025223-178680314-3478485062-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Terry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF Extension: LastPass - C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\pyfki9y2.default-1432038195407\Extensions\[email protected] [2015-07-18]
FF Extension: ReminderFox - C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\pyfki9y2.default-1432038195407\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2015-05-28]
FF Extension: Adblock Plus - C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\pyfki9y2.default-1432038195407\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-22]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files (x86)\WordWeb\WCaptureMoz [2013-04-15]
FF HKU\S-1-5-21-3051025223-178680314-3478485062-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\WordWeb\WCaptureMoz

Chrome:
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-13]
CHR Extension: (Google Docs) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-13]
CHR Extension: (Google Drive) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-13]
CHR Extension: (YouTube) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-13]
CHR Extension: (Google Search) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-13]
CHR Extension: (Google Sheets) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-13]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-10-13]
CHR Extension: (Google Wallet) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-13]
CHR Extension: (Gmail) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-13] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 BtSwitcherService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe [64216 2012-03-22] (Cambridge Silicon Radio Limited)
R2 CSRBtAudioService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe [465624 2012-03-22] (Cambridge Silicon Radio Limited)
R2 CsrBtOBEXService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe [1041616 2012-03-22] (Cambridge Silicon Radio Limited)
R2 CsrBtService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe [825032 2012-03-22] (Cambridge Silicon Radio Limited)
S3 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37416 2015-06-23] (CHENGDU YIWO Tech Development Co., Ltd)
R2 EMET_Service; C:\Program Files (x86)\EMET 5.1\EMET_Service.exe [31880 2014-11-09] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 PFNet; C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
S4 PSEXESVC; C:\Windows\PSEXESVC.EXE [181064 2015-04-23] (Sysinternals)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 FoxitCloudUpdateService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [X]
S3 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2015-03-30] (Glarysoft Ltd)
R3 csravrcp; C:\Windows\System32\DRIVERS\csravrcp.sys [26304 2012-03-22] (Cambridge Silicon Radio Limited)
R3 CsrBthAudioHF; C:\Windows\System32\DRIVERS\CsrBthAudioHF.sys [39120 2012-03-22] (Cambridge Silicon Radio Limited)
R3 CsrBtPort; C:\Windows\System32\DRIVERS\CsrBtPort.sys [2784968 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csrhfgcc; C:\Windows\System32\DRIVERS\csrhfgcc.sys [38080 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csrpan; C:\Windows\System32\DRIVERS\csrpan.sys [39616 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csrserial; C:\Windows\System32\DRIVERS\csrserial.sys [61128 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csrusb; C:\Windows\System32\Drivers\csrusb.sys [47296 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csr_bthav; C:\Windows\System32\drivers\csrbthav.sys [99520 2012-03-22] (Cambridge Silicon Radio Limited)
R3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2014-11-18] ()
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-15] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-08-14] (Glarysoft Ltd)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R1 SafDskNT; C:\Windows\system32\drivers\SAFDSKNT.SYS [76112 2009-12-07] (PC Dynamics, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [32472 2014-06-12] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-01 07:31 - 2015-10-01 07:32 - 00020686 _____ C:\Users\Terry\Downloads\FRST.txt
2015-10-01 07:29 - 2015-10-01 07:31 - 00000000 ____D C:\FRST
2015-10-01 07:28 - 2015-10-01 07:28 - 02192384 _____ (Farbar) C:\Users\Terry\Downloads\FRST64(1).exe
2015-09-30 22:27 - 2015-09-30 22:27 - 02256552 _____ (Resplendence Software Projects Sp. ) C:\Users\Terry\Downloads\whocrashedSetup.exe
2015-09-30 22:10 - 2015-09-30 22:10 - 00000000 ____D C:\Users\Terry\AppData\Local\Apple Computer
2015-09-30 22:09 - 2015-09-30 22:09 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-30 22:09 - 2015-09-30 22:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-30 22:07 - 2015-09-30 22:09 - 00000000 ____D C:\Program Files\iTunes
2015-09-30 22:07 - 2015-09-30 22:08 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-09-30 22:07 - 2015-09-30 22:07 - 00000000 ____D C:\Program Files\iPod
2015-09-30 22:05 - 2015-09-30 22:05 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-09-30 22:05 - 2015-09-30 22:05 - 00000000 ____D C:\Users\Terry\AppData\Local\Apple
2015-09-30 22:05 - 2015-09-30 22:05 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-09-30 22:04 - 2015-09-30 22:04 - 00000000 ____D C:\Program Files\Bonjour
2015-09-30 22:04 - 2015-09-30 22:04 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-09-30 21:58 - 2015-09-30 22:00 - 167601944 _____ (Apple Inc.) C:\Users\Terry\Downloads\iTunes6464Setup(1).exe
2015-09-30 14:23 - 2015-10-01 06:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-09-25 17:11 - 2015-09-25 17:11 - 00029094 _____ C:\Users\Terry\Documents\System hangs and other symptoms - Tech Support Forum.htm
2015-09-25 17:03 - 2015-09-25 17:03 - 01662976 _____ C:\Users\Terry\Downloads\AdwCleaner(1).exe
2015-09-25 14:08 - 2015-09-25 19:49 - 00000000 ____D C:\Falcon
2015-09-25 12:19 - 2015-09-25 19:49 - 00000000 ____D C:\Program Files\Sandboxie
2015-09-23 08:34 - 2015-06-13 10:58 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-23 08:18 - 2015-09-23 08:19 - 00243688 _____ C:\Users\Terry\Downloads\Firefox Setup Stub 41.0.exe
2015-09-22 06:06 - 2015-10-01 07:15 - 00415053 _____ C:\Windows\WindowsUpdate.log
2015-09-22 06:03 - 2015-10-01 05:56 - 00002016 _____ C:\Windows\setupact.log
2015-09-22 06:03 - 2015-09-22 06:03 - 00000000 _____ C:\Windows\setuperr.log
2015-09-22 05:57 - 2015-09-22 05:57 - 00000000 ____D C:\Users\Terry\Documents\Driver backups
2015-09-21 11:12 - 2015-09-21 11:12 - 00001090 _____ C:\Users\Terry\Desktop\mahjongg.exe - Shortcut.lnk
2015-09-19 07:17 - 2015-08-17 21:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-19 07:17 - 2015-08-17 21:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-19 07:17 - 2015-08-15 02:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-19 07:17 - 2015-08-15 02:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-19 07:17 - 2015-08-15 02:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-19 07:17 - 2015-08-15 02:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-19 07:17 - 2015-08-15 02:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-19 07:17 - 2015-08-15 02:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-19 07:17 - 2015-08-15 02:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-19 07:17 - 2015-08-15 02:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-19 07:17 - 2015-08-15 02:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-19 07:17 - 2015-08-15 02:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-19 07:17 - 2015-08-15 02:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-19 07:17 - 2015-08-15 02:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-19 07:17 - 2015-08-15 02:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-19 07:17 - 2015-08-15 02:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-19 07:17 - 2015-08-15 02:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-19 07:17 - 2015-08-15 02:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-19 07:17 - 2015-08-15 02:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-19 07:17 - 2015-08-15 02:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-19 07:17 - 2015-08-15 01:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-19 07:17 - 2015-08-15 01:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-09-19 07:17 - 2015-08-15 01:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-19 07:17 - 2015-08-15 01:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-19 07:17 - 2015-08-15 01:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-19 07:17 - 2015-08-15 01:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-19 07:17 - 2015-08-15 01:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-19 07:17 - 2015-08-15 01:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-09-19 07:17 - 2015-08-15 01:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-19 07:17 - 2015-08-15 01:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-19 07:17 - 2015-08-15 01:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-09-19 07:17 - 2015-08-15 01:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-09-19 07:17 - 2015-08-15 01:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-19 07:17 - 2015-08-15 01:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-19 07:17 - 2015-08-15 01:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-09-19 07:17 - 2015-08-15 01:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-19 07:17 - 2015-08-15 01:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-19 07:17 - 2015-08-15 01:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-09-19 07:17 - 2015-08-15 01:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-19 07:17 - 2015-08-15 01:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-19 07:17 - 2015-08-15 01:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-19 07:17 - 2015-08-15 01:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-19 07:17 - 2015-08-15 01:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-19 07:17 - 2015-08-15 01:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-19 07:17 - 2015-08-15 01:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-19 07:17 - 2015-08-15 01:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-19 07:17 - 2015-08-15 01:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-09-19 07:17 - 2015-08-15 01:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-19 07:17 - 2015-08-15 01:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-19 07:17 - 2015-08-15 01:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-19 07:17 - 2015-08-15 01:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-19 07:17 - 2015-08-15 01:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-19 07:17 - 2015-08-15 01:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-19 07:17 - 2015-08-15 01:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-19 07:17 - 2015-08-15 01:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-09-19 07:17 - 2015-08-15 00:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-19 07:17 - 2015-08-15 00:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-19 07:17 - 2015-08-15 00:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-19 07:17 - 2015-08-15 00:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-19 07:17 - 2015-08-15 00:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-19 07:16 - 2015-08-05 13:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-19 07:16 - 2015-08-05 13:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-19 07:16 - 2015-08-05 13:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-19 07:16 - 2015-08-05 13:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-19 07:15 - 2015-07-14 23:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-19 07:15 - 2015-07-14 22:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-19 07:13 - 2015-07-22 20:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-19 07:13 - 2015-07-22 12:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-19 07:13 - 2015-07-09 13:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-19 07:13 - 2015-07-09 13:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-19 07:13 - 2015-07-09 13:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-09-19 07:13 - 2015-07-09 13:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-09-19 07:12 - 2015-07-22 20:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-19 07:12 - 2015-07-22 20:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-19 07:12 - 2015-07-22 20:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-19 07:12 - 2015-07-22 20:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-19 07:12 - 2015-07-22 20:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-09-19 07:12 - 2015-07-22 20:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-09-19 07:12 - 2015-07-22 20:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-09-19 07:12 - 2015-07-22 20:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-09-19 07:12 - 2015-07-22 20:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-19 07:12 - 2015-07-22 20:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-19 07:12 - 2015-07-22 20:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-09-19 07:12 - 2015-07-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-19 07:12 - 2015-07-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-19 07:12 - 2015-07-22 20:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-19 07:12 - 2015-07-22 20:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-19 07:12 - 2015-07-22 20:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-19 07:12 - 2015-07-22 20:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-19 07:12 - 2015-07-22 20:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-19 07:12 - 2015-07-22 20:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-19 07:12 - 2015-07-22 20:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-19 07:12 - 2015-07-22 20:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-19 07:12 - 2015-07-22 20:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-19 07:12 - 2015-07-22 20:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-19 07:12 - 2015-07-22 20:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-19 07:12 - 2015-07-22 20:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-19 07:12 - 2015-07-22 20:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-19 07:12 - 2015-07-22 20:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-19 07:12 - 2015-07-22 20:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-19 07:12 - 2015-07-22 20:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-19 07:12 - 2015-07-22 20:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-19 07:12 - 2015-07-22 20:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-09-19 07:12 - 2015-07-22 20:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-09-19 07:12 - 2015-07-22 20:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-19 07:12 - 2015-07-22 20:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-19 07:12 - 2015-07-22 19:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-19 07:12 - 2015-07-22 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-19 07:12 - 2015-07-22 19:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-19 07:12 - 2015-07-22 19:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 19:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 19:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 19:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 19:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-19 07:12 - 2015-07-22 13:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-09-19 07:12 - 2015-07-22 13:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-09-19 07:12 - 2015-07-22 13:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-19 07:12 - 2015-07-22 13:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-19 07:12 - 2015-07-22 13:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-19 07:12 - 2015-07-22 13:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-09-19 07:12 - 2015-07-22 13:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-09-19 07:12 - 2015-07-22 13:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-09-19 07:12 - 2015-07-22 13:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-09-19 07:12 - 2015-07-22 13:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-09-19 07:12 - 2015-07-22 13:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-09-19 07:12 - 2015-07-22 13:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-09-19 07:12 - 2015-07-22 13:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-09-19 07:12 - 2015-07-22 13:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-09-19 07:12 - 2015-07-22 13:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-09-19 07:12 - 2015-07-22 13:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-09-19 07:12 - 2015-07-22 13:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-09-19 07:12 - 2015-07-22 13:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-09-19 07:12 - 2015-07-22 13:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-19 07:12 - 2015-07-22 13:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-09-19 07:12 - 2015-07-22 13:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-09-19 07:12 - 2015-07-22 13:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-09-19 07:12 - 2015-07-22 13:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-09-19 07:12 - 2015-07-22 13:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-09-19 07:12 - 2015-07-22 13:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-09-19 07:12 - 2015-07-22 13:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-09-19 07:12 - 2015-07-22 13:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-09-19 07:12 - 2015-07-22 13:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 13:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 12:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-19 07:12 - 2015-07-22 12:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-19 07:12 - 2015-07-22 12:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-19 07:12 - 2015-07-22 12:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-09-19 07:12 - 2015-07-22 12:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-09-19 07:12 - 2015-07-22 12:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 12:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-19 07:12 - 2015-07-22 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-19 07:09 - 2015-06-25 06:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-19 07:09 - 2015-06-25 06:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-19 07:09 - 2015-06-25 06:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-19 07:09 - 2015-06-25 05:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-19 07:07 - 2015-08-27 14:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-19 07:07 - 2015-08-27 14:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-19 07:07 - 2015-08-27 14:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-19 07:07 - 2015-08-27 14:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-19 07:07 - 2015-08-27 13:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-19 07:07 - 2015-08-27 13:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-19 07:07 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-09-19 07:07 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-09-19 07:06 - 2015-08-04 14:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-19 07:06 - 2015-08-04 14:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-19 07:06 - 2015-08-04 13:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-19 07:06 - 2015-08-04 13:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-19 07:06 - 2015-08-04 13:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-19 07:06 - 2015-08-04 13:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-19 07:06 - 2015-08-04 13:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-19 07:06 - 2015-08-04 13:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-19 07:06 - 2015-08-04 12:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-19 06:38 - 2015-09-01 23:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-19 06:38 - 2015-09-01 23:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-19 06:38 - 2015-09-01 23:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-19 06:38 - 2015-09-01 23:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-19 06:38 - 2015-09-01 22:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-19 06:38 - 2015-09-01 22:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-19 06:38 - 2015-09-01 22:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-19 06:38 - 2015-09-01 22:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-19 06:38 - 2015-09-01 21:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-19 06:38 - 2015-09-01 21:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-19 06:38 - 2015-09-01 21:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-19 06:38 - 2015-08-26 14:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-19 06:38 - 2015-08-26 14:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-19 06:38 - 2015-08-26 14:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-19 06:38 - 2015-08-26 14:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-19 06:38 - 2015-08-26 14:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-19 06:38 - 2015-08-26 14:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-19 06:38 - 2015-08-26 14:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-19 06:38 - 2015-08-26 14:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-19 06:38 - 2015-08-26 14:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-19 06:38 - 2015-08-26 14:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-19 06:38 - 2015-08-26 14:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-19 06:38 - 2015-08-26 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-19 06:38 - 2015-08-26 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-19 06:38 - 2015-08-26 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-19 06:38 - 2015-08-26 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-19 06:38 - 2015-08-26 13:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-19 06:01 - 2015-09-19 06:01 - 00000000 ____D C:\Program Files (x86)\ESET
2015-09-19 06:00 - 2015-09-19 06:01 - 02870984 _____ (ESET) C:\Users\Terry\Downloads\esetsmartinstaller_enu(1).exe
2015-09-18 23:44 - 2015-09-18 23:44 - 00000000 ____D C:\Users\Terry\AppData\Roaming\ESET
2015-09-18 23:44 - 2015-09-18 23:44 - 00000000 ____D C:\Users\Terry\AppData\Local\ESET
2015-09-18 23:40 - 2015-09-18 23:40 - 00000000 ____D C:\ProgramData\ESET
2015-09-18 23:40 - 2015-09-18 23:40 - 00000000 ____D C:\Program Files\ESET
2015-09-18 13:09 - 2015-09-18 13:09 - 00006576 ____N C:\bootsqm.dat
2015-09-14 08:51 - 2015-09-19 05:46 - 00000000 ____D C:\Users\Terry\Desktop\New Briefcase
2015-09-04 09:18 - 2015-09-04 09:18 - 00012651 _____ C:\Users\Terry\Documents\7 Signs You're On Your Way To A Sexless Marriage.htm

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-01 07:07 - 2015-02-07 16:09 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-01 07:06 - 2014-01-15 20:42 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-01 06:11 - 2015-08-28 08:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-01 06:07 - 2009-07-14 00:45 - 00022576 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-01 06:07 - 2009-07-14 00:45 - 00022576 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-01 06:05 - 2014-05-30 15:45 - 00000000 ____D C:\Diabetes
2015-10-01 05:56 - 2014-09-17 11:03 - 00000000 ____D C:\ProgramData\VMware
2015-10-01 05:55 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-30 22:11 - 2013-10-30 21:42 - 00000000 ____D C:\Users\Terry\AppData\Roaming\Apple Computer
2015-09-30 22:07 - 2015-01-30 12:31 - 00000000 ____D C:\ProgramData\Apple Computer
2015-09-30 22:07 - 2013-10-30 21:35 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-30 22:02 - 2013-10-30 21:34 - 00000000 ____D C:\ProgramData\Apple
2015-09-30 21:25 - 2015-02-19 07:57 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task aaeee35a-98d3-4787-8f93-349d3b7710b5.job
2015-09-30 16:00 - 2015-06-21 11:43 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ed842035-498c-4d4e-9fdd-bbcacf664f8e.job
2015-09-29 16:30 - 2009-07-14 01:08 - 00032626 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-29 16:29 - 2013-04-20 09:47 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-09-27 06:25 - 2014-10-02 17:24 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2015-09-26 07:21 - 2014-12-15 16:43 - 00000000 ____D C:\AdwCleaner
2015-09-25 19:49 - 2015-07-12 21:09 - 00000000 ____D C:\Users\Terry\AppData\Roaming\Greenshot
2015-09-25 19:49 - 2013-05-07 21:32 - 00000000 ____D C:\Users\DefaultAppPool
2015-09-25 19:49 - 2013-04-06 15:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-25 19:49 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2015-09-25 17:52 - 2013-10-20 15:35 - 00000000 ____D C:\Program Files\7-Zip
2015-09-25 15:52 - 2013-04-03 16:45 - 00000000 ____D C:\Users\Terry
2015-09-22 10:00 - 2014-09-17 17:59 - 00000000 ____D C:\Users\Terry\AppData\Roaming\VMware
2015-09-22 10:00 - 2014-09-17 17:59 - 00000000 ____D C:\Users\Terry\AppData\Local\VMware
2015-09-22 06:00 - 2014-02-13 22:28 - 00000000 ____D C:\Users\Terry\AppData\Roaming\GlarySoft
2015-09-20 16:27 - 2014-08-18 11:54 - 00000000 ____D C:\Users\Terry\Documents\NBSC Computer Programs and Files
2015-09-20 16:26 - 2014-02-12 12:37 - 00000000 ____D C:\Users\Terry\AppData\Roaming\rmi
2015-09-20 16:25 - 2015-03-30 07:49 - 00000000 ____D C:\USB Files - Folders
2015-09-19 12:10 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-09-19 10:31 - 2009-07-14 01:13 - 00865768 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-19 10:26 - 2009-07-14 00:45 - 00495696 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-19 10:20 - 2009-07-14 03:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-19 10:20 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-19 07:02 - 2015-02-07 16:09 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-19 07:02 - 2014-01-15 20:42 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-19 05:46 - 2014-11-05 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2015-09-19 05:46 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-09-19 05:46 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\servicing
2015-09-19 05:46 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-09-09 09:34 - 2013-08-14 22:53 - 00000000 ____D C:\Windows\system32\MRT

==================== Files in the root of some directories =======

2015-07-15 16:13 - 2015-07-15 16:13 - 6420480 _____ () C:\Program Files (x86)\GUT34D6.tmp
2015-07-17 08:12 - 2015-07-17 08:12 - 6420480 _____ () C:\Program Files (x86)\GUTD163.tmp
2013-05-11 06:04 - 2015-02-21 10:25 - 14190648 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-04-21 16:13 - 2014-04-21 16:13 - 0000288 _____ () C:\Users\Terry\AppData\Roaming\.backup.dm
2013-11-04 13:29 - 2013-11-04 13:29 - 0000040 _____ () C:\Users\Terry\AppData\Roaming\burnaware.ini
2015-01-28 19:35 - 2015-08-17 18:56 - 0000040 _____ () C:\Users\Terry\AppData\Roaming\cdr.ini
2013-07-27 07:02 - 2013-12-23 14:29 - 0000070 _____ () C:\Users\Terry\AppData\Roaming\WB.CFG
2013-06-17 22:02 - 2013-06-23 07:02 - 0000005 _____ () C:\Users\Terry\AppData\Roaming\WBPU-TTL.DAT
2014-06-12 14:03 - 2014-12-26 08:23 - 0009216 _____ () C:\Users\Terry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-15 08:47 - 2013-09-15 08:47 - 0000001 _____ () C:\Users\Terry\AppData\Local\llftool.4.30.agreement
2013-07-20 23:11 - 2013-07-20 23:11 - 0001545 _____ () C:\Users\Terry\AppData\Local\recently-used.xbel
2013-08-13 09:10 - 2015-07-21 08:57 - 0007618 _____ () C:\Users\Terry\AppData\Local\Resmon.ResmonCfg
2015-05-04 15:05 - 2015-07-06 13:07 - 0000021 _____ () C:\Users\Terry\AppData\Local\UACBrResultRetrieving.dat
2015-07-24 10:28 - 2015-08-17 19:00 - 0001534 _____ () C:\ProgramData\ss.ini

Files to move or delete:
====================
C:\Users\Terry\backup_backup_files_2013-09-15_130441.bat
C:\Users\Terry\microsoft.dat


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-21 08:55

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (46.5 KB, 20 views)
File Type: txt FRST.txt (58.4 KB, 19 views)
WesNathan is offline  
Old 10-01-2015, 09:52 AM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, WesNathan.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

How To Create a Windows 7 System Repair Disc [Easy]

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: {13EAF546-EE64-40AD-BAFE-5ECA9A255952} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
    C:\Program Files (x86)\IObit
    Task: {47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4} - \Microsoft\Windows\Customer Experience Improvement Program\UsbCeip -> No File <==== ATTENTION
    Task: {7C720F62-7EA5-43D2-9C68-E5A6A7D39E4B} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files (x86)\File Type Assistant\tsasetup.exe <==== ATTENTION
    Task: {B3F24F2B-398E-4FCA-810A-EE460BF3A324} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe <==== ATTENTION
    Task: {C016366B-7126-46CA-B36B-592A3D95A60B} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator -> No File <==== ATTENTION
    Task: {FDD56C73-F0D5-41B6-B767-6EFFD7966428} - \Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask -> No File <==== ATTENTION
    FirewallRules: [{8C63939B-4416-43C9-80EB-2856189E885B}] => (Allow) C:\Users\Terry\AppData\Local\Temp\nsjDD45.tmp\Installer-76276273.exe
    FirewallRules: [{595A285F-BE65-4345-8269-60ED394D9071}] => (Allow) C:\Users\Terry\AppData\Local\Temp\nsjDD45.tmp\Installer-76276273.exe
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-3051025223-178680314-3478485062-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3051025223-178680314-3478485062-1000 -> DefaultScope {7F96910A-6A98-4272-85BE-AB4D10BB0635} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file1202&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByCtBzzyDyDtByBtDyC0FtDtN0D0Tzu0SyBtBtAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1122054685&ir=
    SearchScopes: HKU\S-1-5-21-3051025223-178680314-3478485062-1000 -> {7F96910A-6A98-4272-85BE-AB4D10BB0635} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file1202&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByCtBzzyDyDtByBtDyC0FtDtN0D0Tzu0SyBtBtAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1122054685&ir=
    FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
    FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
    S3 FoxitCloudUpdateService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [X]
    C:\PROGRAM FILES (X86)\FOXIT SOFTWARE
    S3 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    C:\Users\Terry\backup_backup_files_2013-09-15_130441.bat
    C:\Users\Terry\microsoft.dat
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TrayApplication" /f
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-01-2015, 09:53 AM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, WesNathan.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

How To Create a Windows 7 System Repair Disc [Easy]

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: {13EAF546-EE64-40AD-BAFE-5ECA9A255952} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
    C:\Program Files (x86)\IObit
    Task: {47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4} - \Microsoft\Windows\Customer Experience Improvement Program\UsbCeip -> No File <==== ATTENTION
    Task: {7C720F62-7EA5-43D2-9C68-E5A6A7D39E4B} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files (x86)\File Type Assistant\tsasetup.exe <==== ATTENTION
    Task: {B3F24F2B-398E-4FCA-810A-EE460BF3A324} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe <==== ATTENTION
    Task: {C016366B-7126-46CA-B36B-592A3D95A60B} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator -> No File <==== ATTENTION
    Task: {FDD56C73-F0D5-41B6-B767-6EFFD7966428} - \Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask -> No File <==== ATTENTION
    FirewallRules: [{8C63939B-4416-43C9-80EB-2856189E885B}] => (Allow) C:\Users\Terry\AppData\Local\Temp\nsjDD45.tmp\Installer-76276273.exe
    FirewallRules: [{595A285F-BE65-4345-8269-60ED394D9071}] => (Allow) C:\Users\Terry\AppData\Local\Temp\nsjDD45.tmp\Installer-76276273.exe
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-3051025223-178680314-3478485062-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3051025223-178680314-3478485062-1000 -> DefaultScope {7F96910A-6A98-4272-85BE-AB4D10BB0635} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file1202&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByCtBzzyDyDtByBtDyC0FtDtN0D0Tzu0SyBtBtAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1122054685&ir=
    SearchScopes: HKU\S-1-5-21-3051025223-178680314-3478485062-1000 -> {7F96910A-6A98-4272-85BE-AB4D10BB0635} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file1202&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByCtBzzyDyDtByBtDyC0FtDtN0D0Tzu0SyBtBtAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1122054685&ir=
    FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
    FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
    S3 FoxitCloudUpdateService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [X]
    C:\PROGRAM FILES (X86)\FOXIT SOFTWARE
    S3 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    C:\Users\Terry\backup_backup_files_2013-09-15_130441.bat
    C:\Users\Terry\microsoft.dat
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TrayApplication" /f
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-03-2015, 05:49 AM   #9
Registered Member
 
Join Date: Mar 2009
Posts: 61
OS: Win XP Pro



Things are starting to work again. LastPass is back. The hangup problem has apparently gone away. I can now walk away from the computer for 2 or 3 hours, come back and everything works. Guess we can attribute this to Farbar. How long all this is going to last I don't know. Appreciate your help.
Wes
WesNathan is offline  
Old 10-03-2015, 01:17 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Wes. You're very welcome. Glad to hear it. Hopefully everything will last indefinitely.

Are you able to follow the previous AdwCleaner instructions now?

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

Note: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe

Next, go File > New Task(Run...) and type explorer then press 'Enter'.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-04-2015, 04:21 AM   #11
Registered Member
 
Join Date: Mar 2009
Posts: 61
OS: Win XP Pro



"Are you able to follow the previous AdwCleaner instructions now? "

Nope. Still get the same error message.
WesNathan is offline  
Old 10-04-2015, 06:34 AM   #12
Registered Member
 
Join Date: Mar 2009
Posts: 61
OS: Win XP Pro



Attached is the combofix scan. It deleted, I don't know, maybe 2000 files, and two folders.

One residual problem: My desktop icons are hidden. The links are there. I can see them in Windows Explorer. But, thus far they are not visible. And, yes, the 'show desktop icons' is turned on.
Attached Files
File Type: txt ComboFix.txt (422.0 KB, 23 views)
WesNathan is offline  
Old 10-04-2015, 08:26 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Wes. You're very welcome. Have you rebooted since the icons were hidden?

None of our tools have touched your icons.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-05-2015, 04:21 AM   #14
Registered Member
 
Join Date: Mar 2009
Posts: 61
OS: Win XP Pro



A reboot fixed the icon problem. Thanks.
WesNathan is offline  
Old 10-05-2015, 01:20 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Wes. You're very welcome.

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Uninstall the following via the Programs and Features Panel (Start->(Settings)->Control Panel->Programs->Programs and Features):

Java(TM) 7 Update 45

These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

Go here and follow the prompts to install the latest Java > java.com: Java + You

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as administrator command.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-09-2015, 10:55 AM   #16
Registered Member
 
Join Date: Mar 2009
Posts: 61
OS: Win XP Pro



ESET found no threats.
WesNathan is offline  
Old 10-09-2015, 02:12 PM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Wes. If there are no other problems...

Congratulations. Well done! Your logs appear clean. You should be good to go.

Please disable Security Essentials before uninstalling ComboFix and then re-enable it after doing so.

Press the Windows "logo" key and "R" key and Copy/Paste the following single-line command into the Run box and click OK:

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Quick Scan weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide here and for Windows 7 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-17-2015, 09:02 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



As this topic appears to be resolved, this thread will be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:57 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts