Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Removing Taboola adds from friend's computer/home page [Solved]


  • This topic is locked This topic is locked

#16
JEISEN

JEISEN

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 167 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-01-2017
Ran by Rose (administrator) on ROSE-PC (13-01-2017 14:10:01)
Running from C:\Users\Rose\Downloads
Loaded Profiles: Rose (Available Profiles: Rose)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchksrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIFCA.EXE
(© 2015 Microsoft Corporation) C:\Users\Rose\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\WNDA3100v3\WNDA3100v3.EXE
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Intel) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Intel) C:\Program Files (x86)\Intel\AMT\UNS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [atchk] => C:\Program Files (x86)\Intel\AMT\atchk.exe [401408 2009-12-01] (Intel Corporation)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2010-06-14] (Analog Devices, Inc.)
HKLM-x32\...\Run: [jswtrayutil] => "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1687921294-1965150460-3559065622-1000\...\Run: [EPSON NX410 Series (Copy 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCA.EXE [223232 2008-10-01] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1687921294-1965150460-3559065622-1000\...\Run: [BingSvc] => C:\Users\Rose\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Genie.lnk [2015-11-07]
ShortcutTarget: NETGEAR WNA1100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v3 Genie.lnk [2016-04-11]
ShortcutTarget: NETGEAR WNDA3100v3 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v3\WNDA3100v3.EXE (NETGEAR)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.85.30.3 172.85.30.5
Tcpip\..\Interfaces\{2007EEF5-2412-42DC-8FDA-E5F04BAFD448}: [DhcpNameServer] 173.44.120.40 173.44.120.41
Tcpip\..\Interfaces\{5A365DA6-A0B7-4593-A2D8-97906C55A9CE}: [DhcpNameServer] 172.85.30.3 172.85.30.5

Internet Explorer:
==================

FireFox:
========
FF ProfilePath: C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\czz45gaq.default-1483506533445 [2017-01-13]
FF Homepage: Mozilla\Firefox\Profiles\czz45gaq.default-1483506533445 -> hxxp://www.msn.com/?pfr=1
FF Extension: (Adblock Plus) - C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\czz45gaq.default-1483506533445\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-01-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation) [File not signed]
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [971160 2016-12-15] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337600 2016-12-15] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [725976 2016-12-15] (AVG Technologies CZ, s.r.o.)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
R2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R3 WNDA3100v3; C:\Windows\System32\DRIVERS\WNDA3100v3.sys [2225808 2014-12-08] (MediaTek Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-13 14:07 - 2017-01-13 14:07 - 00015484 _____ C:\Users\Rose\Downloads\Fixlog.txt
2017-01-11 11:21 - 2017-01-05 13:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-11 11:21 - 2017-01-05 13:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-11 11:21 - 2017-01-05 13:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-11 11:21 - 2017-01-05 13:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-11 11:21 - 2017-01-05 13:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-11 11:21 - 2017-01-05 13:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-11 11:21 - 2017-01-05 13:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-11 11:21 - 2017-01-05 13:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-11 11:21 - 2017-01-05 13:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-11 11:21 - 2017-01-05 13:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-11 11:21 - 2017-01-05 13:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-11 11:21 - 2017-01-05 13:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-11 11:21 - 2017-01-05 13:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-11 11:21 - 2017-01-05 13:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-11 11:21 - 2017-01-05 13:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-11 11:21 - 2017-01-05 13:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-11 11:21 - 2017-01-05 13:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-11 11:21 - 2017-01-05 13:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-11 11:21 - 2017-01-05 13:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-11 11:21 - 2017-01-05 13:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-11 11:21 - 2017-01-05 13:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-11 11:21 - 2017-01-05 12:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-11 11:21 - 2017-01-05 12:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-11 11:21 - 2017-01-05 12:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-11 11:21 - 2017-01-05 12:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-11 11:21 - 2017-01-05 12:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-11 11:21 - 2017-01-05 12:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-11 11:21 - 2017-01-05 12:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-11 11:21 - 2017-01-05 12:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-11 11:21 - 2017-01-05 12:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-11 11:21 - 2017-01-05 12:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-11 11:21 - 2017-01-05 12:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-11 11:21 - 2017-01-05 12:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-11 11:21 - 2017-01-05 12:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-11 11:21 - 2017-01-05 12:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-11 11:21 - 2017-01-05 12:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-11 11:21 - 2017-01-05 12:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-11 11:21 - 2017-01-05 12:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-11 11:21 - 2017-01-05 12:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-11 11:21 - 2017-01-05 12:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-11 11:21 - 2017-01-05 12:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-11 11:21 - 2017-01-05 12:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-11 11:21 - 2017-01-05 12:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-11 11:21 - 2017-01-05 12:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-10 13:45 - 2017-01-13 14:06 - 00000000 ____D C:\Users\Rose\Downloads\FRST-OlderVersion
2017-01-04 10:49 - 2017-01-04 10:49 - 00000000 ____D C:\searchplugins
2017-01-04 10:49 - 2017-01-04 10:49 - 00000000 ____D C:\extensions
2017-01-04 10:48 - 2017-01-04 10:48 - 02569592 _____ (Microsoft Corporation) C:\Users\Rose\Downloads\DefaultPack(1).EXE
2017-01-04 10:47 - 2017-01-04 10:47 - 02569592 _____ (Microsoft Corporation) C:\Users\Rose\Downloads\DefaultPack.EXE
2017-01-04 10:30 - 2017-01-04 10:30 - 02519416 _____ (Microsoft Corporation) C:\Users\Rose\Downloads\MSNHomepage.EXE
2017-01-04 00:09 - 2017-01-04 00:09 - 00000000 ____D C:\Users\Rose\Desktop\Old Firefox Data
2016-12-14 10:57 - 2016-11-12 14:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-12-14 10:57 - 2016-11-12 13:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-12-14 10:57 - 2016-11-12 12:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-12-14 10:56 - 2016-11-21 13:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-12-14 10:56 - 2016-11-20 11:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-12-14 10:56 - 2016-11-20 09:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-12-14 10:56 - 2016-11-17 11:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-12-14 10:56 - 2016-11-14 18:27 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-12-14 10:56 - 2016-11-14 17:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-12-14 10:56 - 2016-11-12 14:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-12-14 10:56 - 2016-11-12 14:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-12-14 10:56 - 2016-11-12 14:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-12-14 10:56 - 2016-11-12 14:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-12-14 10:56 - 2016-11-12 14:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-12-14 10:56 - 2016-11-12 14:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-12-14 10:56 - 2016-11-12 14:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-12-14 10:56 - 2016-11-12 14:21 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-12-14 10:56 - 2016-11-12 14:15 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-12-14 10:56 - 2016-11-12 14:14 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-12-14 10:56 - 2016-11-12 14:09 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-12-14 10:56 - 2016-11-12 14:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-12-14 10:56 - 2016-11-12 14:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-12-14 10:56 - 2016-11-12 14:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-12-14 10:56 - 2016-11-12 14:07 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-12-14 10:56 - 2016-11-12 13:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-12-14 10:56 - 2016-11-12 13:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-12-14 10:56 - 2016-11-12 13:52 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-12-14 10:56 - 2016-11-12 13:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-12-14 10:56 - 2016-11-12 13:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-12-14 10:56 - 2016-11-12 13:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-12-14 10:56 - 2016-11-12 13:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-12-14 10:56 - 2016-11-12 13:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-12-14 10:56 - 2016-11-12 13:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-12-14 10:56 - 2016-11-12 13:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-12-14 10:56 - 2016-11-12 13:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-12-14 10:56 - 2016-11-12 13:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-12-14 10:56 - 2016-11-12 13:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-12-14 10:56 - 2016-11-12 13:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-12-14 10:56 - 2016-11-12 13:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-12-14 10:56 - 2016-11-12 13:20 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-12-14 10:56 - 2016-11-12 13:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-12-14 10:56 - 2016-11-12 13:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-12-14 10:56 - 2016-11-12 13:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-12-14 10:56 - 2016-11-12 13:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-12-14 10:56 - 2016-11-12 13:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-12-14 10:56 - 2016-11-12 13:14 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-12-14 10:56 - 2016-11-12 13:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-12-14 10:56 - 2016-11-12 13:11 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-12-14 10:56 - 2016-11-12 13:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-12-14 10:56 - 2016-11-12 13:08 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-12-14 10:56 - 2016-11-12 13:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-12-14 10:56 - 2016-11-12 13:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-12-14 10:56 - 2016-11-12 12:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-12-14 10:56 - 2016-11-12 12:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-12-14 10:56 - 2016-11-12 12:52 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-12-14 10:56 - 2016-11-12 12:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-12-14 10:56 - 2016-11-12 12:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-12-14 10:56 - 2016-11-12 12:47 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-12-14 10:56 - 2016-11-12 12:40 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-12-14 10:56 - 2016-11-12 12:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-12-14 10:56 - 2016-11-12 12:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-12-14 10:56 - 2016-11-12 12:36 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-12-14 10:56 - 2016-11-12 12:36 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-12-14 10:56 - 2016-11-12 12:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-12-14 10:56 - 2016-11-12 12:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-12-14 10:56 - 2016-11-12 12:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-12-14 10:56 - 2016-11-12 12:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-12-14 10:56 - 2016-11-12 12:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-12-14 10:56 - 2016-11-12 12:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-12-14 10:56 - 2016-11-12 12:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-12-14 10:56 - 2016-11-10 11:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-12-14 10:56 - 2016-11-10 11:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-12-14 10:56 - 2016-11-09 11:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-12-14 10:56 - 2016-11-09 11:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-12-14 10:56 - 2016-11-09 11:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-12-14 10:56 - 2016-11-09 11:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-12-14 10:56 - 2016-11-09 11:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-12-14 10:56 - 2016-11-09 11:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-12-14 10:56 - 2016-11-09 11:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-12-14 10:56 - 2016-11-09 11:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-12-14 10:56 - 2016-11-09 11:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-12-14 10:56 - 2016-11-09 11:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-12-14 10:56 - 2016-11-09 11:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-12-14 10:56 - 2016-11-09 11:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-12-14 10:56 - 2016-11-09 11:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-12-14 10:56 - 2016-11-09 10:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-12-14 10:56 - 2016-11-06 11:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-12-14 10:56 - 2016-11-06 11:16 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-12-14 10:56 - 2016-11-06 11:01 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-12-14 10:56 - 2016-10-27 10:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-12-14 10:56 - 2016-10-27 10:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-12-14 10:56 - 2016-10-11 10:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-12-14 10:56 - 2016-10-11 10:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-12-14 10:56 - 2016-10-11 10:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-12-14 10:56 - 2016-10-11 10:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-12-14 10:56 - 2016-10-11 10:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-12-14 10:56 - 2016-10-11 10:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-12-14 10:56 - 2016-10-11 10:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-12-14 10:56 - 2016-10-11 10:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-12-14 10:56 - 2016-10-11 10:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-12-14 10:56 - 2016-10-11 10:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-12-14 10:56 - 2016-10-11 10:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-12-14 10:56 - 2016-10-11 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-12-14 10:56 - 2016-10-11 10:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-12-14 10:56 - 2016-10-11 10:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-12-14 10:56 - 2016-10-11 10:21 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 10:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-12-14 10:56 - 2016-10-11 10:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-12-14 10:56 - 2016-10-11 10:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-12-14 10:56 - 2016-10-11 09:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-12-14 10:56 - 2016-10-11 09:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-12-14 10:56 - 2016-10-11 09:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2016-12-14 10:56 - 2016-10-11 09:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-12-14 10:56 - 2016-10-11 09:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-12-14 10:56 - 2016-10-11 09:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-12-14 10:56 - 2016-10-11 09:51 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-12-14 10:56 - 2016-10-11 09:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-12-14 10:56 - 2016-10-11 09:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 09:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 09:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 09:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-12-14 10:56 - 2016-10-11 08:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2016-12-14 10:56 - 2016-10-11 08:17 - 00419648 _____ C:\Windows\system32\locale.nls
2016-12-14 10:56 - 2016-10-08 08:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-12-14 10:56 - 2016-10-04 10:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-12-14 10:56 - 2016-10-04 10:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-12-14 10:56 - 2016-10-04 10:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-12-14 10:56 - 2016-10-04 10:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-12-14 10:56 - 2016-10-04 10:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-12-14 10:56 - 2016-10-04 10:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-12-14 10:56 - 2016-10-04 10:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-12-14 10:56 - 2016-10-04 10:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-13 14:11 - 2016-06-23 13:17 - 00008507 _____ C:\Users\Rose\Downloads\FRST.txt
2017-01-13 14:10 - 2016-06-23 13:16 - 00000000 ____D C:\FRST
2017-01-13 14:08 - 2016-11-18 21:01 - 00000000 ____D C:\Users\Rose\AppData\LocalLow\Mozilla
2017-01-13 14:06 - 2016-06-23 13:15 - 02419200 _____ (Farbar) C:\Users\Rose\Downloads\FRST64.exe
2017-01-13 12:34 - 2015-11-07 11:02 - 00000000 ____D C:\ProgramData\MFAData
2017-01-13 08:55 - 2009-07-13 23:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-13 08:55 - 2009-07-13 23:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-13 08:46 - 2016-04-11 18:52 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-01-13 08:45 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-12 18:59 - 2016-09-20 17:13 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-01-12 17:05 - 2015-07-07 13:17 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-12 17:04 - 2015-07-07 13:18 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-12 10:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2017-01-12 00:05 - 2015-07-07 10:06 - 00000000 ____D C:\Windows\system32\MRT
2017-01-12 00:03 - 2015-07-07 10:06 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-10 20:14 - 2015-07-07 13:15 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-10 20:14 - 2015-07-07 13:15 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 20:14 - 2015-07-07 13:15 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-10 20:14 - 2015-07-07 13:15 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-10 13:59 - 2016-06-23 13:18 - 00021352 _____ C:\Users\Rose\Downloads\Addition.txt
2017-01-09 15:03 - 2009-07-14 00:13 - 00781782 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-09 15:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-01-02 22:32 - 2015-11-07 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-12-17 10:25 - 2016-11-18 14:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-17 10:25 - 2015-11-07 10:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-17 10:25 - 2010-11-20 22:47 - 00030904 _____ C:\Windows\PFRO.log
2016-12-15 11:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Microsoft.NET
2016-12-15 11:47 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\assembly
2016-12-15 09:25 - 2009-07-13 21:34 - 00262144 ____H C:\Users\Default\NTUSER.DAT.LOG1
2016-12-15 09:24 - 2009-07-13 23:45 - 00267672 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-15 09:22 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Internet Explorer
2016-12-15 09:22 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files (x86)\Internet Explorer
2016-12-15 09:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Boot
2016-12-15 09:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppPatch
2016-12-15 00:08 - 2015-07-07 13:20 - 00773560 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

Some files in TEMP:
====================
C:\Users\Rose\AppData\Local\Temp\avguirn_081247668940.exe
C:\Users\Rose\AppData\Local\Temp\avguirn_081486885703.exe
C:\Users\Rose\AppData\Local\Temp\avguirn_081635537688.exe
C:\Users\Rose\AppData\Local\Temp\avguirn_082013740879.exe
C:\Users\Rose\AppData\Local\Temp\avguirn_082084462725.exe
C:\Users\Rose\AppData\Local\Temp\avguirn_08238857032.exe
C:\Users\Rose\AppData\Local\Temp\avguirn_08276474042.exe
C:\Users\Rose\AppData\Local\Temp\avguirn_0828183126.exe
C:\Users\Rose\AppData\Local\Temp\avguirn_08454881608.exe
C:\Users\Rose\AppData\Local\Temp\avguirn_08574558967.exe
C:\Users\Rose\AppData\Local\Temp\avguirn_0880885172.exe
C:\Users\Rose\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Rose\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Rose\AppData\Local\Temp\GLB1A2B.EXE
C:\Users\Rose\AppData\Local\Temp\Setup.exe
C:\Users\Rose\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Rose\AppData\Local\Temp\_is3180.exe
C:\Users\Rose\AppData\Local\Temp\_isCF0.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-13 09:27

==================== End of FRST.txt ============================


  • 0

Advertisements


#17
JEISEN

JEISEN

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 167 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2017
Ran by Rose (13-01-2017 14:11:29)
Running from C:\Users\Rose\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-11-07 18:19:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1687921294-1965150460-3559065622-500 - Administrator - Disabled)
Guest (S-1-5-21-1687921294-1965150460-3559065622-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1687921294-1965150460-3559065622-1002 - Limited - Enabled)
Rose (S-1-5-21-1687921294-1965150460-3559065622-1000 - Administrator - Enabled) => C:\Users\Rose

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20053 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
AVG (HKLM\...\AvgZen) (Version: 1.113.2.50020 - AVG Technologies)
AVG (Version: 16.141.7996 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4749 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.141.7996 - AVG Technologies)
AVG Zen (Version: 1.113.1 - AVG Technologies) Hidden
Bingo Master (HKLM-x32\...\Bingo Master) (Version:  - )
Collector's Edition 251 (HKLM-x32\...\Collector's Edition 251) (Version:  - )
Cook'n for PC (HKLM-x32\...\Cook'n for PC) (Version:  - )
Epson CreativeZone (HKLM-x32\...\{E6C82F8F-2031-4825-8CC3-98C5960875C1}) (Version:  - )
Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON NX410 Series Printer Uninstall (HKLM\...\EPSON NX410 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)
NETGEAR WNDA3100v3 (x32 Version: 1.0.0.10 - NETGEAR) Hidden
NETGEAR WNDA3100v3 Genie (HKLM-x32\...\InstallShield_{60C50FCC-545B-4D5D-B0D1-4A773143BCE7}) (Version: 1.0.0.10 - NETGEAR)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16432 - Microsoft Corporation)
World's Best Board Games (HKLM-x32\...\{D990DBB3-510C-4EC6-8299-CEF4CE949E69}_is1) (Version:  - cerasus.media GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07CC30AC-7C95-4FDD-9D5D-5521B43282BB} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {3A993CFA-C7D5-4DA9-AFA7-EEA65CB35F4A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {699DEAA5-6457-4F78-A32B-1817E6EDF3FD} - System32\Tasks\{2FAA0E06-03D1-471D-BA17-1E3F052C92E1} => pcalua.exe -a C:\Users\Rose\Downloads\epson13422.exe -d C:\Users\Rose\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-12-22 09:03 - 2014-12-22 12:03 - 00122880 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v3\Ralink.dll
2012-11-21 17:26 - 2012-11-21 20:26 - 01204224 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v3\RaWLAPI.dll
2016-06-25 12:29 - 2009-03-12 14:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2016-06-25 12:29 - 2008-11-21 12:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2016-11-28 16:28 - 2016-11-28 16:27 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\techinline.net -> hxxps://*.techinline.net
IE trusted site: HKU\S-1-5-21-1687921294-1965150460-3559065622-1000\...\fixme.it -> hxxps://fixme.it
IE trusted site: HKU\S-1-5-21-1687921294-1965150460-3559065622-1000\...\techinline.net -> hxxps://*.techinline.net

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1687921294-1965150460-3559065622-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 172.85.30.3 - 172.85.30.5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{4F1E18F5-067F-494E-BB82-FC196A691F40}E:\snapy drivers'\sdi_r167.exe] => E:\snapy drivers'\sdi_r167.exe
FirewallRules: [UDP Query User{77ED0BC5-A97D-4C49-8C3C-3106769608E0}E:\snapy drivers'\sdi_r167.exe] => E:\snapy drivers'\sdi_r167.exe
FirewallRules: [{B6FEF0F3-971E-4FB2-B157-7609D9E59D08}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F968AB03-AB6D-4D64-A7AD-F4A12587C8D4}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{246E0C6C-39A8-49BC-8EC8-EFA5967E4DE6}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{FE340FBB-36C4-49F8-A52D-E38222A4BACE}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [TCP Query User{92FBD79C-4633-4548-845B-CD2944AC5D4E}C:\users\rose\appdata\local\dvo\cook'n10app\cook'n.exe] => C:\users\rose\appdata\local\dvo\cook'n10app\cook'n.exe
FirewallRules: [UDP Query User{0A0B5702-1B1F-4E3F-B71B-14524957413F}C:\users\rose\appdata\local\dvo\cook'n10app\cook'n.exe] => C:\users\rose\appdata\local\dvo\cook'n10app\cook'n.exe
FirewallRules: [{5F4FF82F-497D-4CAA-B618-D38A182B8666}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{97150B0C-E684-4D5F-9ABE-D8B8E9A218E2}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A19B2D93-C3D8-4326-8612-96793793A668}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{E4025C45-A020-418E-9B7C-817564568D1F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{046AE693-5F4D-4A5A-AD1D-32C0EF85603C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{048DB2EE-7636-4734-991B-91E2C2165FD2}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{1E721C11-BF87-4400-8EB3-8C3EC8BBD69F}] => C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{B28A4B67-B5F1-4C43-8667-C241DF24F250}] => C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{56F27ACF-F5F9-4D87-A941-046B0A6F6016}] => C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{C27FB072-6559-44D9-A28A-30FA287027C0}] => C:\Program Files (x86)\AVG\Av\avgemca.exe

==================== Restore Points =========================

22-12-2016 10:52:35 Scheduled Checkpoint
30-12-2016 10:05:41 Scheduled Checkpoint
06-01-2017 14:35:34 Scheduled Checkpoint
12-01-2017 00:01:01 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 70%
Total physical RAM: 2004.61 MB
Available physical RAM: 593.96 MB
Total Virtual: 4009.23 MB
Available Virtual: 2331.78 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:142.28 GB) (Free:103.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 5F88294C)
Partition 1: (Active) - (Size=6.8 GB) - (Type=27)
Partition 2: (Not Active) - (Size=142.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,052 posts
  • MVP

Logs look pretty clean.  Did you tell AdBlock Plus  to NOT Allow some non-intrusive advertising?

 

Are you still seeing the taboola ads?


  • 1

#19
JEISEN

JEISEN

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 167 posts

Logs look pretty clean.  Did you tell AdBlock Plus  to NOT Allow some non-intrusive advertising?

 

Are you still seeing the taboola ads?

What Taboola ads? :cheers:  Thank you VERY much!!! Yes I did uncheck it. I found it under filter preferences not in options. :thumbsup:


  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,052 posts
  • MVP

Cleanup time:

 

 
 
To delete the Quarantine Folder used by FRST create a fixlist.txt file with just the following line:
 
DeleteQuarantine:
 
Save the fixlist.txt to the same folder as FRST then run FRST and hit Fix.  You can easily delete any other folders and logs.
 
If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.
 
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.
 
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
 
 
If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on.  Go to adblockplus.org with each browser and get the add-on.  (It's actually a program for IE)
 
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox.  Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
 
Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.
 
Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
 
CryptoPrevent
 
 
The free version does not update on its own so you should check for updated versions once in a while. When you install it the default is NONE which is kind of worthless so change it to Standard or default. If you have problems after installing CryptoPrevent you can just uninstall it.
 
If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
 
Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.
 
 
My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's an Orcas Island environmental organization that I volunteered with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)
 
Ron

  • 1

#21
JEISEN

JEISEN

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 167 posts

Thanks for the cleanup info and the rest of the informative stuff!

No we didn't do Speccy

Yes updating Adobe is a constant thing I do for her, since she's found the games on Facebook! Yes Adobe is bothersome with their "extras". I started using Unchecky-but I still manually check that things are unchecked.  When I first started helping her she was using IE and had like five tools from different companies. Yes McAfee is useless. I've got her using AVG.

Thanks for the Adobe Reader tip. I was unaware of that one for myself as well.

Yes I've been using ABP for years.  I didn't know about the IE connection. It was deleted from her system by her ISP tech. He told her she didn't need ABP. I can't imagine why he would say that.

Thanks for SpeedyFox too. That is a constant complaint. That her connection  or game play is slow. Her ISP told her the owners of the property where she lives have been told the internet lines are old/outdated (cable). But they haven't been willing to spend the money to rewire their apartments. Plus she uses a wireless router. I did do encryption on it for her. When a neighbor's kid would come to stay on weekends she noticed her signal would be less than usual.

I never got in to the file sharing thing.

Thanks again Ron! I will make my donation to Kwiaht on my next payday!


  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,052 posts
  • MVP

Thanks for the thought but if you are living from payday to payday please do not donate.  The link is just for people who have more money than they know what to do with.

 

I have found that a lot of wireless routers do not automatically choose the best channel even tho they claim to.  There is a program called 

inssider
 
Double click to install it. Then run it by right click and Run As Admni.
 
It will show you a graph in the bottom right that has your signal in blue and competing signals in orange and yellow.  It may also recommend a different channel which might have less interference.
 
Moving to a different channel (by logging on to your router) can drastically improve performance.  (There are newer versions of the program but they require a license.  This version was the last version that was free.)
 
I use Chrome all of the time and am on Facebook a lot.  At the last location we had a slow connection and the ads from Facebook which ADP didn't catch were killing Facebook.  I found an add-on called: QCLean which actually works.    Haven't tried it on Firefox yet but expect it works on Firefox too.  https://addons.mozil...x/addon/qclean/
 
It's a good idea to have two browsers installed in case one of them gets screwed up.  

  • 1

#23
JEISEN

JEISEN

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 167 posts

Thanks! Those sound really helpful. Those will keep me busy this week!

I tried chrome a while ago. I didn't like it for some reason-I can't remember!

I should give it another try.

Very true about a second browser. I used Opera along time ago-been awhile.

Thanks for the links!


  • 0

#24
JEISEN

JEISEN

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 167 posts

Sorry for the very late reply. I'm back home for now. She is still Taboola free! I will be doing the clean up on her system on Tuesday. I just got a Win10 machine! I guess this one can be closed-Thanks!


  • 0

#25
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,052 posts
  • MVP

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 1

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP