Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojin was detected with ESET online scanner [Solved]

Started by Destiny000 , Oct 29 2016 12:33 PM

  • This topic is locked This topic is locked

#1
Destiny000
Posted 29 October 2016 - 12:33 PM

Destiny000

    Member

  • Member
  • PipPipPip
  • 130 posts

I was trying to figure out what was wrong with my grandparents laptop as it was acting funny and updates were not working, it could not search for updates, Microsoft security essentials could not update, even after restarting computer and messing with settings multiple times. So i used ESET online scanner just in case, since it had been awhile since i last checked out the laptop. It detected and eliminated what looked to be trojins. So I just wanted to make sure that there was nothing else left on the system. Updates are working better now but still wonky, sometimes installing, sometimes not, and having to make repeat attempts but at least it is finding updates now. Microsoft security essentials still 'sometimes' behaves weird and says we are not connected to a network to check for updates. 0.o

 

The laptop is Lenovo Windows 7

 

I have attached the scans. Thanks!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-10-2016
Ran by Owner (administrator) on OWNER-THINK (29-10-2016 12:01:30)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
(Sierra Wireless Inc.) C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
() C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe
(Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Opera Software) C:\Program Files (x86)\Opera\25.0.1614.50\opera.exe
() C:\Program Files (x86)\Opera\25.0.1614.50\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\25.0.1614.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\25.0.1614.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\25.0.1614.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\25.0.1614.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\25.0.1614.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\25.0.1614.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\25.0.1614.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\25.0.1614.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\25.0.1614.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\25.0.1614.50\opera.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-06-01] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11586944 2012-06-18] (Motorola Solutions, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-12] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-25] ()
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2014-02-17] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [297008 2014-01-28] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2809072 2014-02-24] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-05-14] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [PWMTRV] => C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [6422696 2016-04-14] (Lenovo Group Limited)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1085744 2012-11-21] (Lenovo)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [TRUUpdater] => C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe [329072 2010-10-08] (Sierra Wireless, Inc.)
HKLM-x32\...\Run: [WatcherHelper] => C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe [116080 2010-11-15] (Sierra Wireless Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2013-03-12] (Vimicro)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2651088 2016-10-28] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3225172192-3160805140-2408353075-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-12-24] (Google Inc.)
HKU\S-1-5-21-3225172192-3160805140-2408353075-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-11-26] (Google Inc.)
HKU\S-1-5-21-3225172192-3160805140-2408353075-1000\...\Run: [MusicManager] => C:\Users\Owner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
HKU\S-1-5-21-3225172192-3160805140-2408353075-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403224 2015-05-07] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3225172192-3160805140-2408353075-1000\...\MountPoints2: {3ee56ef3-b81e-11e3-abec-681729f6404f} - D:\WIN\setup.exe
HKU\S-1-5-21-3225172192-3160805140-2408353075-1000\...\MountPoints2: {8cea2343-b468-11e3-bbca-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-3225172192-3160805140-2408353075-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-04-03]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:56863;https=127.0.0.1:56863
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2DAD7AD7-6C0F-428E-853D-AA2BCF5FCEC0}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-3225172192-3160805140-2408353075-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-3225172192-3160805140-2408353075-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
HKU\S-1-5-21-3225172192-3160805140-2408353075-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
SearchScopes: HKLM -> {F5AB347C-1BEE-4A59-A22D-3A251828A460} URL = 
SearchScopes: HKU\S-1-5-21-3225172192-3160805140-2408353075-1000 -> {F5AB347C-1BEE-4A59-A22D-3A251828A460} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-02] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-02] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-02] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-02] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-3225172192-3160805140-2408353075-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-02] (Google Inc.)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-27] ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-04-02] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-27] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-14] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-14] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3225172192-3160805140-2408353075-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3225172192-3160805140-2408353075-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3225172192-3160805140-2408353075-1000: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2013-03-25] (Intel)
FF Plugin HKU\S-1-5-21-3225172192-3160805140-2408353075-1000: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [2013-03-25] (Intel)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (AppUp) - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2015-05-26]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-26]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-26]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2015-11-18]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-26]
CHR Extension: (Blur Privacy Dashboard) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjidbdiahninbecbcigapoocbkfncobc [2015-05-26]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-26]
CHR Extension: (PassLok privacy) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcchpdljafmfegifkigklfcmkphfmbh [2015-05-26]
CHR Extension: (Bookmark Manager) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-26]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-26]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-26]
 
Opera: 
=======
OPR Extension: (uTorrent easy client) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\ccobhfmlehfonhlhjjcnalkafhhcjocn [2016-08-12]
OPR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibeanghkfkghfakebjafimamcpnplmhj [2016-10-06]
OPR Extension: (Bookmarks Manager) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\nkgbeagkihphgjnlkclfjjjplmefndnm [2014-04-02]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [160048 2012-11-21] (Lenovo)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [715784 2015-05-07] (Garmin Ltd. or its subsidiaries)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-14] (Intel Corporation)
S3 intelsba; C:\Program Files\Intel\Intel® Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [48832 2013-04-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-14] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [198704 2014-01-28] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-07-29] (IObit)
S2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [710144 2016-09-06] (Lenovo.)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155088 2016-10-28] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation)
R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28544 2016-09-10] ()
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [194928 2011-01-07] (Sierra Wireless, Inc.)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [254232 2016-10-27] (RaMMicHaeL)
R2 ValBioService; C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe [22776 2015-12-02] (Validity Sensors, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [88400 2015-12-06] (Synaptics Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [80896 2012-05-21] (Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [111104 2012-05-21] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1424184 2015-11-02] (Motorola Solutions, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77416 2016-10-28] ()
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [71472 2012-11-21] (Windows ® Win 7 DDK provider)
S3 GeneStor; C:\Windows\System32\DRIVERS\GeneStor.sys [60928 2015-11-02] (GenesysLogic)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-10-12] (REALiX™)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-29] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [178976 2015-11-02] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11534096 2015-11-02] (Intel Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [301784 2015-11-02] (Realtek Semiconductor Corp.)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-24] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-10-26] ()
S3 swiwdmbus; C:\Windows\System32\DRIVERS\swiwdmbusx64.sys [106752 2010-11-16] (Sierra Wireless Inc.)
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [245760 2010-11-16] (Sierra Wireless Inc.)
S3 SWUMXA3; C:\Windows\System32\DRIVERS\swumxa3.sys [211072 2010-11-16] (Sierra Wireless Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-11-29] (Windows ® Win 7 DDK provider)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1049984 2013-04-30] (Vimicro Corporation)
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-11-29] (Windows ® Win 7 DDK provider)
S3 MWAC; \??\C:\Windows\system32\drivers\ [X]
S3 SWUMX20; system32\DRIVERS\swumx20.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-29 12:01 - 2016-10-29 12:03 - 00028081 _____ C:\Users\Owner\Desktop\FRST.txt
2016-10-29 12:01 - 2016-10-29 12:01 - 00000000 ____D C:\FRST
2016-10-29 12:00 - 2016-10-29 12:00 - 02408448 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2016-10-29 03:44 - 2016-09-30 01:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-29 03:44 - 2016-09-29 23:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-29 03:43 - 2016-09-30 14:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-29 03:43 - 2016-09-30 13:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-10-29 03:43 - 2016-09-30 09:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-29 03:43 - 2016-09-30 09:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-29 03:43 - 2016-09-30 09:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-29 03:43 - 2016-09-30 00:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-29 03:43 - 2016-09-30 00:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-29 03:43 - 2016-09-30 00:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-29 03:43 - 2016-09-30 00:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-29 03:43 - 2016-09-30 00:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-29 03:43 - 2016-09-30 00:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-29 03:43 - 2016-09-30 00:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-29 03:43 - 2016-09-30 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-29 03:43 - 2016-09-30 00:18 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-29 03:43 - 2016-09-30 00:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-29 03:43 - 2016-09-30 00:14 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-29 03:43 - 2016-09-30 00:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-29 03:43 - 2016-09-30 00:13 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-29 03:43 - 2016-09-30 00:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-29 03:43 - 2016-09-30 00:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-29 03:43 - 2016-09-30 00:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-29 03:43 - 2016-09-30 00:05 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-29 03:43 - 2016-09-30 00:02 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-29 03:43 - 2016-09-29 23:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-29 03:43 - 2016-09-29 23:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-10-29 03:43 - 2016-09-29 23:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-29 03:43 - 2016-09-29 23:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-29 03:43 - 2016-09-29 23:50 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-29 03:43 - 2016-09-29 23:47 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-29 03:43 - 2016-09-29 23:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-29 03:43 - 2016-09-29 23:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-29 03:43 - 2016-09-29 23:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-10-29 03:43 - 2016-09-29 23:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-10-29 03:43 - 2016-09-29 23:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-10-29 03:43 - 2016-09-29 23:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-10-29 03:43 - 2016-09-29 23:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-29 03:43 - 2016-09-29 23:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-10-29 03:43 - 2016-09-29 23:35 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-29 03:43 - 2016-09-29 23:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-10-29 03:43 - 2016-09-29 23:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-29 03:43 - 2016-09-29 23:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-10-29 03:43 - 2016-09-29 23:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-29 03:43 - 2016-09-29 23:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-29 03:43 - 2016-09-29 23:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-10-29 03:43 - 2016-09-29 23:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-10-29 03:43 - 2016-09-29 23:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-29 03:43 - 2016-09-29 23:31 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-29 03:43 - 2016-09-29 23:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-10-29 03:43 - 2016-09-29 23:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-29 03:43 - 2016-09-29 23:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-10-29 03:43 - 2016-09-29 23:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-10-29 03:43 - 2016-09-29 23:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-29 03:43 - 2016-09-29 23:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-10-29 03:43 - 2016-09-29 23:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-10-29 03:43 - 2016-09-29 23:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-10-29 03:43 - 2016-09-29 23:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-10-29 03:43 - 2016-09-29 23:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-29 03:43 - 2016-09-29 23:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-10-29 03:43 - 2016-09-29 23:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-29 03:43 - 2016-09-29 23:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-29 03:43 - 2016-09-29 23:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-10-29 03:43 - 2016-09-29 23:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-29 03:43 - 2016-09-29 23:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-29 03:43 - 2016-09-29 22:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-29 03:43 - 2016-09-29 22:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-29 03:43 - 2016-09-29 22:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-29 03:43 - 2016-09-29 22:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-29 03:43 - 2016-09-15 09:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-29 03:43 - 2016-09-15 09:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-29 03:43 - 2016-09-15 09:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-29 03:43 - 2016-09-15 09:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-10-29 03:43 - 2016-09-12 15:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-29 03:43 - 2016-09-12 15:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-29 03:43 - 2016-09-12 15:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-29 03:43 - 2016-09-12 15:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-29 03:43 - 2016-09-12 15:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-29 03:43 - 2016-09-12 15:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-29 03:43 - 2016-09-12 15:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-29 03:43 - 2016-09-12 15:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-29 03:43 - 2016-09-12 15:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-29 03:43 - 2016-09-12 15:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-29 03:43 - 2016-09-12 15:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-29 03:43 - 2016-09-12 15:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-29 03:43 - 2016-09-12 15:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-29 03:43 - 2016-09-12 15:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-29 03:43 - 2016-09-12 15:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-29 03:43 - 2016-09-12 15:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-29 03:43 - 2016-09-12 15:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-29 03:43 - 2016-09-12 15:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-29 03:43 - 2016-09-12 15:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-29 03:43 - 2016-09-12 15:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-29 03:43 - 2016-09-12 15:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-29 03:43 - 2016-09-12 14:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-29 03:43 - 2016-09-12 14:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-29 03:43 - 2016-09-12 14:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-29 03:43 - 2016-09-12 14:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-29 03:43 - 2016-09-12 14:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-29 03:43 - 2016-09-12 14:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-29 03:43 - 2016-09-12 14:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-29 03:43 - 2016-09-12 14:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-29 03:43 - 2016-09-12 14:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-29 03:43 - 2016-09-12 14:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-29 03:43 - 2016-09-12 14:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-29 03:43 - 2016-09-12 14:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-29 03:43 - 2016-09-12 14:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-29 03:43 - 2016-09-12 14:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-29 03:43 - 2016-09-12 14:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-29 03:43 - 2016-09-12 14:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-29 03:43 - 2016-09-12 14:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-29 03:43 - 2016-09-12 14:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-29 03:43 - 2016-09-12 14:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-29 03:43 - 2016-09-12 14:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-29 03:43 - 2016-09-12 14:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-29 03:43 - 2016-09-12 14:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-29 03:43 - 2016-09-12 14:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-29 03:43 - 2016-09-12 14:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-29 03:43 - 2016-09-12 13:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-29 03:43 - 2016-09-12 12:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-29 03:43 - 2016-09-12 12:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-29 03:43 - 2016-09-10 10:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-29 03:43 - 2016-09-10 09:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-29 03:43 - 2016-09-09 12:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-29 03:43 - 2016-09-09 12:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-29 03:43 - 2016-09-09 12:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 12:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 12:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-29 03:43 - 2016-09-09 12:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-29 03:43 - 2016-09-09 12:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-29 03:43 - 2016-09-09 12:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-29 03:43 - 2016-09-09 12:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-29 03:43 - 2016-09-09 11:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-29 03:43 - 2016-09-09 11:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-29 03:43 - 2016-09-09 11:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-29 03:43 - 2016-09-09 11:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 11:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 11:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-29 03:43 - 2016-09-09 11:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-29 03:43 - 2016-09-09 11:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-29 03:43 - 2016-09-09 11:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-10-29 03:43 - 2016-09-09 11:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-29 03:43 - 2016-09-09 11:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-29 03:43 - 2016-09-09 11:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-29 03:43 - 2016-09-09 11:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-29 03:43 - 2016-09-09 11:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-29 03:43 - 2016-09-09 11:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-29 03:43 - 2016-09-09 11:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 11:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 11:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-29 03:43 - 2016-09-09 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-29 03:43 - 2016-09-08 14:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-29 03:43 - 2016-09-08 14:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-29 03:43 - 2016-09-08 14:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-29 03:43 - 2016-09-08 14:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-29 03:43 - 2016-09-08 08:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-29 03:43 - 2016-09-08 08:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-29 03:43 - 2016-08-16 12:47 - 00419640 _____ C:\Windows\SysWOW64\locale.nls
2016-10-29 03:43 - 2016-08-16 12:47 - 00419640 _____ C:\Windows\system32\locale.nls
2016-10-29 03:43 - 2016-08-12 11:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-29 03:43 - 2016-08-12 11:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-29 03:43 - 2016-08-12 11:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-29 03:43 - 2016-08-12 11:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-29 03:43 - 2016-08-12 11:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-29 03:43 - 2016-08-12 10:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-10-29 03:43 - 2016-08-12 10:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-29 03:43 - 2016-08-12 10:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-10-29 03:43 - 2016-08-12 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-10-29 03:43 - 2016-08-12 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-10-29 03:43 - 2016-08-12 10:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-29 03:43 - 2016-08-06 09:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-29 03:43 - 2016-08-06 09:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-29 03:43 - 2016-08-06 09:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-29 03:43 - 2016-08-06 09:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-29 03:43 - 2016-08-06 09:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-29 03:43 - 2016-08-06 09:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-29 03:43 - 2016-08-06 09:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-10-29 03:43 - 2016-08-06 09:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-10-29 03:43 - 2016-08-06 09:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-10-29 03:43 - 2016-08-06 09:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-10-29 03:43 - 2016-08-06 09:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-10-29 03:43 - 2016-08-06 09:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-29 03:43 - 2016-08-06 09:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-29 03:43 - 2016-08-06 08:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-10-29 03:43 - 2016-08-06 08:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-10-29 03:43 - 2016-08-06 08:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-10-29 03:43 - 2016-06-14 11:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-29 03:43 - 2016-06-14 11:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-29 03:43 - 2016-06-14 11:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-29 03:43 - 2016-06-14 11:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-29 03:43 - 2016-06-14 11:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-29 03:43 - 2016-06-14 11:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-29 03:43 - 2016-06-14 11:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-29 03:43 - 2016-06-14 11:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-29 03:43 - 2016-06-14 11:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-29 03:43 - 2016-06-14 11:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-29 03:43 - 2016-06-14 11:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-29 03:43 - 2016-06-14 11:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-29 03:43 - 2016-06-14 11:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-29 03:43 - 2016-06-14 11:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-29 03:43 - 2016-06-14 11:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-29 03:43 - 2016-06-14 11:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-29 03:43 - 2016-06-14 11:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-29 03:43 - 2016-06-14 11:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-29 03:43 - 2016-06-14 11:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-29 03:43 - 2016-06-14 11:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-29 03:43 - 2016-06-14 11:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-29 03:43 - 2016-06-14 11:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-29 03:43 - 2016-06-14 11:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-29 03:43 - 2016-06-14 11:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-29 03:43 - 2016-06-14 11:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-29 03:43 - 2016-06-14 11:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-29 03:43 - 2016-06-14 11:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-29 03:43 - 2016-06-14 11:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-29 03:43 - 2016-06-14 11:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-29 03:43 - 2016-06-14 11:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-29 03:43 - 2016-06-14 09:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-10-29 03:43 - 2016-06-14 09:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-10-29 03:43 - 2016-06-14 09:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-10-29 03:43 - 2016-06-14 09:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-10-29 03:43 - 2016-06-14 09:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-10-29 03:43 - 2016-06-14 09:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-10-29 03:43 - 2016-06-14 09:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-10-29 03:43 - 2016-06-14 09:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-10-29 03:43 - 2016-06-14 09:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-10-29 03:43 - 2016-06-14 09:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-10-29 03:43 - 2016-06-14 09:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-10-29 03:43 - 2016-06-14 09:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-10-29 03:43 - 2016-06-14 09:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-10-29 03:43 - 2016-06-14 09:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-10-29 03:43 - 2016-06-14 09:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-10-29 03:43 - 2016-06-14 09:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-10-29 03:43 - 2016-06-14 09:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-10-29 03:43 - 2016-06-14 09:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-10-29 03:43 - 2016-06-14 09:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-10-29 03:43 - 2016-06-14 09:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-10-29 03:43 - 2016-06-14 09:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-10-29 03:43 - 2016-06-14 09:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-10-29 03:43 - 2016-06-14 09:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-29 03:43 - 2016-06-14 09:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-29 03:43 - 2016-06-14 09:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-29 03:43 - 2016-06-14 09:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-10-29 03:43 - 2016-06-14 09:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-10-29 03:43 - 2016-06-14 09:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-29 03:43 - 2016-06-14 09:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-29 03:35 - 2016-07-22 08:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-29 03:35 - 2016-07-22 08:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-10-28 22:21 - 2016-10-28 22:21 - 00000954 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Fix it Center.lnk
2016-10-28 22:21 - 2016-10-28 22:21 - 00000942 _____ C:\Users\Public\Desktop\Microsoft Fix it Center.lnk
2016-10-28 22:21 - 2016-10-28 22:21 - 00000000 ____D C:\Windows\MATS
2016-10-28 22:21 - 2016-10-28 22:21 - 00000000 ____D C:\Program Files\Microsoft Fix it Center
2016-10-28 22:18 - 2016-10-28 22:18 - 00000134 _____ C:\Users\Owner\Desktop\Microsoft Fix it.url
2016-10-28 21:30 - 2015-01-08 21:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2016-10-28 21:30 - 2015-01-08 21:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2016-10-28 21:30 - 2015-01-08 21:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2016-10-28 21:30 - 2015-01-08 20:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2016-10-28 21:29 - 2016-01-11 13:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-10-28 21:28 - 2016-03-16 12:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-10-28 21:28 - 2016-03-16 12:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-10-28 21:28 - 2016-03-16 12:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-10-28 21:28 - 2016-02-02 12:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-10-28 21:28 - 2015-05-25 12:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2016-10-28 21:28 - 2015-05-25 12:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2016-10-28 21:28 - 2015-05-25 12:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2016-10-28 21:28 - 2015-05-25 12:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2016-10-28 21:28 - 2015-05-25 12:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2016-10-28 21:28 - 2015-05-25 12:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2016-10-28 21:28 - 2015-05-25 12:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2016-10-28 21:28 - 2015-05-25 12:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2016-10-28 21:28 - 2015-05-25 12:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2016-10-28 21:28 - 2015-05-25 12:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2016-10-28 21:28 - 2015-05-25 12:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2016-10-28 21:28 - 2015-05-25 12:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2016-10-28 21:26 - 2016-05-13 16:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-10-28 21:26 - 2016-05-13 16:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-10-28 21:26 - 2016-05-13 16:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-10-28 21:26 - 2016-05-13 16:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-10-28 21:26 - 2016-05-13 15:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-10-28 21:26 - 2016-05-13 15:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-10-28 21:26 - 2016-05-13 15:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-10-28 21:26 - 2016-05-13 15:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-10-28 21:26 - 2016-05-13 15:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-10-28 21:26 - 2016-05-13 15:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-10-28 21:26 - 2016-05-13 15:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-10-28 21:26 - 2016-05-13 15:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-10-28 21:26 - 2016-05-13 15:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-10-28 21:26 - 2016-05-13 15:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-10-28 21:26 - 2016-05-13 15:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-10-28 21:26 - 2016-05-13 15:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-10-28 21:26 - 2016-05-12 11:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-10-28 21:26 - 2016-05-12 09:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-10-28 21:26 - 2016-05-12 09:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-10-28 21:26 - 2016-05-04 11:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-10-28 21:26 - 2016-05-04 11:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-10-28 21:26 - 2016-05-04 11:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-10-28 21:26 - 2016-05-04 11:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-10-28 21:26 - 2016-05-04 11:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-10-28 21:26 - 2016-05-04 11:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-10-28 21:26 - 2016-05-04 11:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-10-28 21:26 - 2016-05-04 11:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-10-28 21:26 - 2016-05-04 09:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-10-28 21:26 - 2016-05-04 08:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-10-28 21:26 - 2016-02-05 13:03 - 00147904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2016-10-28 21:26 - 2016-02-05 12:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-10-28 21:26 - 2016-02-05 12:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-10-28 21:26 - 2016-02-05 11:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-10-28 21:26 - 2016-01-20 18:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-10-28 21:26 - 2015-11-19 08:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-10-28 21:26 - 2015-11-19 08:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-10-28 21:26 - 2015-11-19 08:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-10-28 21:26 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-10-28 21:26 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-10-28 21:26 - 2015-11-19 08:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-10-28 21:26 - 2015-11-19 08:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-10-28 21:26 - 2015-11-19 08:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-10-28 21:26 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-10-28 21:26 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-10-28 21:26 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-10-28 21:26 - 2015-07-09 11:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-10-28 21:26 - 2015-07-09 11:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2016-10-28 21:26 - 2015-07-09 11:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-10-28 21:26 - 2015-07-09 11:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2016-10-28 21:26 - 2015-06-03 14:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-10-28 21:26 - 2015-01-28 21:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2016-10-28 21:26 - 2015-01-28 21:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2016-10-28 21:25 - 2016-07-07 09:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-10-28 21:25 - 2016-07-07 09:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-10-28 21:25 - 2016-07-07 09:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-10-28 21:25 - 2016-07-07 09:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2016-10-28 21:25 - 2015-10-29 11:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2016-10-28 21:25 - 2015-10-29 11:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2016-10-28 21:25 - 2015-10-29 11:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2016-10-28 21:25 - 2015-10-29 11:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2016-10-28 21:25 - 2015-10-29 11:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2016-10-28 21:25 - 2015-10-29 11:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2016-10-28 21:25 - 2015-10-29 11:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2016-10-28 21:24 - 2015-07-22 18:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-10-28 21:24 - 2015-07-22 18:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2016-10-28 21:24 - 2015-07-22 11:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2016-10-28 21:24 - 2015-07-22 10:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-10-28 21:23 - 2016-08-29 09:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-10-28 21:23 - 2016-08-29 09:31 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-10-28 21:23 - 2016-08-29 09:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-10-28 21:23 - 2016-08-29 09:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-10-28 21:23 - 2016-08-29 09:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-10-28 21:23 - 2016-08-29 09:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-10-28 21:23 - 2016-08-29 09:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-10-28 21:23 - 2016-08-29 08:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-10-28 21:23 - 2016-08-16 14:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2016-10-28 21:23 - 2016-08-16 14:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2016-10-28 21:23 - 2016-08-16 14:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2016-10-28 21:23 - 2016-08-16 14:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-10-28 21:23 - 2016-08-16 14:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2016-10-28 21:23 - 2016-08-16 14:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2016-10-28 21:23 - 2016-08-16 14:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2016-10-28 21:23 - 2015-04-10 21:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2016-10-28 21:22 - 2016-03-09 13:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-10-28 21:22 - 2016-03-09 12:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-10-28 21:22 - 2016-03-09 12:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-10-28 21:22 - 2016-03-09 12:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-10-28 21:22 - 2015-08-27 12:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2016-10-28 21:22 - 2015-08-27 12:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2016-10-28 21:22 - 2015-08-27 11:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2016-10-28 21:22 - 2015-08-27 11:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2016-10-28 20:58 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2016-10-28 20:58 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2016-10-28 11:22 - 2016-10-28 11:22 - 00000000 ____D C:\Users\Owner\AppData\Local\ESET
2016-10-28 11:20 - 2016-10-28 11:21 - 00221662 _____ C:\Users\Owner\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab
2016-10-28 11:15 - 2016-10-28 11:16 - 00000639 _____ C:\Users\Owner\Downloads\WindowsUpdateDiagnostic.diagcab
2016-10-28 10:05 - 2016-10-28 10:05 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Owner\Downloads\esetonlinescanner_enu.exe
2016-10-27 23:08 - 2016-08-12 10:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-10-27 23:08 - 2016-08-12 10:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-10-27 23:08 - 2016-08-12 10:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-10-27 23:05 - 2016-08-05 09:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-10-27 23:05 - 2016-08-05 09:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-10-27 23:04 - 2016-08-16 11:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-10-27 23:04 - 2016-08-15 20:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-10-27 23:03 - 2016-08-06 09:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-10-27 23:03 - 2016-08-06 09:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-10-27 22:17 - 2016-10-27 22:17 - 00000000 ____D C:\Users\Owner\AppData\Local\Tvsukernel
2016-10-27 22:03 - 2016-10-27 22:03 - 00002096 _____ C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2016-10-27 22:02 - 2016-10-27 22:10 - 10758584 _____ (Adobe Systems Inc.) C:\Users\Owner\Downloads\AdobeAIRInstaller.exe
2016-10-27 21:54 - 2016-10-27 21:57 - 00000000 ___HD C:\Windows\AxInstSV
2016-10-27 21:43 - 2016-10-29 11:51 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-10-27 21:40 - 2016-10-27 21:42 - 01887208 _____ (Malwarebytes ) C:\Users\Owner\Downloads\mbae-setup-1.09.1.1232.exe
2016-10-27 21:39 - 2016-10-27 22:11 - 00000000 ____D C:\ProgramData\Unchecky
2016-10-27 21:39 - 2016-10-27 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2016-10-27 21:39 - 2016-10-27 21:39 - 00000000 ____D C:\Program Files (x86)\Unchecky
2016-10-27 21:37 - 2016-10-27 21:37 - 01453048 _____ (RaMMicHaeL) C:\Users\Owner\Downloads\unchecky_setup.exe
2016-10-27 21:00 - 2016-09-06 01:33 - 00710144 _____ (Lenovo.) C:\Windows\system32\LPlatSvc.exe
2016-10-27 21:00 - 2016-09-06 01:33 - 00180736 _____ (Lenovo.) C:\Windows\system32\ibmpmsvc.exe
2016-10-27 21:00 - 2016-09-06 01:33 - 00082232 _____ (Lenovo.) C:\Windows\system32\Drivers\ibmpmdrv.sys
2016-10-27 21:00 - 2016-09-06 01:33 - 00058368 _____ (Lenovo.) C:\Windows\system32\tpinspm.dll
2016-10-27 21:00 - 2016-09-06 01:29 - 00088064 _____ (Lenovo.) C:\Windows\system32\ibmpmctl.exe
2016-10-07 11:50 - 2016-10-07 11:50 - 00001381 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2016-10-07 11:50 - 2016-10-07 11:50 - 00001369 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2016-10-07 11:50 - 2016-10-07 11:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-29 11:59 - 2009-07-13 22:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-29 11:59 - 2009-07-13 22:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-29 11:29 - 2014-04-02 16:35 - 00000000 ____D C:\Program Files (x86)\Opera
2016-10-29 11:29 - 2009-07-13 23:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-29 11:29 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-10-29 11:25 - 2014-04-03 02:46 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-29 11:25 - 2014-04-02 16:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-29 11:24 - 2014-04-03 02:46 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-29 11:23 - 2016-02-17 20:22 - 00000000 ____D C:\ProgramData\Synaptics
2016-10-29 11:23 - 2014-04-02 17:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-29 11:23 - 2014-04-02 17:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-29 11:23 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-29 11:23 - 2009-07-13 22:45 - 00420408 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-29 11:21 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-10-29 11:21 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\Dism
2016-10-29 11:05 - 2014-06-16 07:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-29 10:14 - 2014-03-25 15:48 - 00000000 ____D C:\Windows\system32\MRT
2016-10-29 10:05 - 2014-03-25 15:48 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-29 10:01 - 2014-04-02 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-29 04:23 - 2014-04-03 19:46 - 00000000 ____D C:\Users\Owner\Downloads\Program Installation Files
2016-10-29 04:21 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2016-10-28 22:57 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\tracing
2016-10-28 22:57 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-10-28 22:23 - 2015-11-26 17:09 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3225172192-3160805140-2408353075-1000Core.job
2016-10-28 22:18 - 2014-04-04 10:09 - 00000000 ____D C:\AdwCleaner
2016-10-28 21:32 - 2014-03-25 17:10 - 00766100 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-10-28 21:01 - 2015-10-01 05:25 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{84BCCA97-92C5-4671-AAD2-653D7C905F29}
2016-10-28 13:25 - 2014-04-02 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-10-28 13:25 - 2014-04-02 16:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-10-28 11:23 - 2014-04-03 10:38 - 00000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2016-10-28 11:17 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2016-10-28 10:26 - 2014-12-24 09:05 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-28 10:25 - 2015-11-02 07:16 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-27 22:22 - 2014-04-03 19:59 - 00000000 ____D C:\ProgramData\ProductData
2016-10-27 22:11 - 2014-06-16 07:36 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-27 22:11 - 2014-04-03 02:46 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-27 22:11 - 2014-04-03 02:46 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-27 22:11 - 2014-04-03 02:46 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-27 22:11 - 2014-04-03 02:46 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-27 22:03 - 2013-10-15 01:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-10-27 22:03 - 2013-10-15 01:40 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
2016-10-27 22:02 - 2014-04-02 22:32 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Adobe
2016-10-27 22:02 - 2013-10-15 01:40 - 00000000 ____D C:\Windows\Downloaded Installations
2016-10-27 22:02 - 2013-10-15 01:32 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-10-27 21:57 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-10-27 21:00 - 2013-10-15 01:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-10-27 19:22 - 2010-11-20 21:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-27 18:57 - 2014-04-03 02:47 - 00002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-08 03:13 - 2013-10-14 09:02 - 00000000 ____D C:\ProgramData\Lenovo
2016-10-08 03:03 - 2014-04-02 23:51 - 00002128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-10-08 03:03 - 2014-04-02 23:51 - 00001945 _____ C:\Windows\epplauncher.mif
2016-10-08 03:03 - 2014-04-02 23:51 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-10-08 03:02 - 2014-04-02 23:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-10-07 11:50 - 2014-10-26 15:25 - 00002910 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Owner
2016-10-06 02:28 - 2013-10-15 01:49 - 00000000 ____D C:\Windows\System32\Tasks\TVT
2016-10-06 02:27 - 2013-10-15 01:39 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
 
==================== Files in the root of some directories =======
 
2014-03-25 15:01 - 2014-04-02 16:23 - 0010163 _____ () C:\Users\Owner\AppData\Roaming\AbsoluteReminder.xml
2014-06-19 05:52 - 2014-06-19 05:52 - 0000024 _____ () C:\Users\Owner\AppData\Roaming\temp.ini
2014-04-01 15:04 - 2014-04-01 15:04 - 0000044 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2013-10-15 01:37 - 2013-10-15 01:37 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-10-15 01:44 - 2013-10-15 01:44 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log
2013-10-15 01:42 - 2013-10-15 01:43 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2013-10-15 01:43 - 2013-10-15 01:44 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2013-10-15 01:44 - 2013-10-15 01:44 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log
 
Files to move or delete:
====================
C:\Windows\Tasks\At1.job
 
 
Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\ose00000.exe
C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-10-27 18:48
 
==================== End of FRST.txt ============================

Attached Files


Edited by RKinner, 30 October 2016 - 12:43 PM.

  • 0

Advertisements

#2
dbreeze
Posted 04 November 2016 - 02:40 AM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Hi Destiny000,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

  • Please read all of my response through at least once before attempting to follow the procedures described.  I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.  If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
  • Posts that are not replied to in four (4) days will result in the topic being closed.   We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.  All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.  If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.  Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.  Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.



- Save ALL Tools to your Desktop-


 


All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

Quoted from and used by permission of BrianDrab.  Thank you.



Let's get started....

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Aff Packages

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.  

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


SECOND >>>>

Open notepad by pressing the Windows Key + R Key, typing in Notepad in the Run dialog and then pressing Enter.  Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 


 

 

Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3225172192-3160805140-2408353075-1000\...\MountPoints2: {3ee56ef3-b81e-11e3-abec-681729f6404f} - D:\WIN\setup.exe
HKU\S-1-5-21-3225172192-3160805140-2408353075-1000\...\MountPoints2: {8cea2343-b468-11e3-bbca-806e6f6e6963} - Q:\LenovoQDrive.exe
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:56863;https=127.0.0.1:56863
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-26]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-26]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-26]
OPR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibeanghkfkghfakebjafimamcpnplmhj [2016-10-06]
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-10-26] ()
S3 MWAC; \??\C:\Windows\system32\drivers\ [X]
S3 SWUMX20; system32\DRIVERS\swumx20.sys [X]
C:\Windows\system32\DRIVERS\swumx20.sys
C:\Windows\System32\DRIVERS\SWDUMon.sys
2016-10-27 22:22 - 2014-04-03 19:59 - 00000000 ____D C:\ProgramData\ProductData
2013-10-15 01:37 - 2013-10-15 01:37 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Windows\Tasks\At1.job
C:\Users\Owner\AppData\Local\Temp\ose00000.exe
C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-3225172192-3160805140-2408353075-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3225172192-3160805140-2408353075-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3225172192-3160805140-2408353075-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3225172192-3160805140-2408353075-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {4EE92DED-FAEB-43E7-B9C1-3A122C19D823} - System32\Tasks\At1 => C:\Windows\SysWOW64\mcbuildder.exe <==== ATTENTION
Task: C:\Windows\Tasks\At1.job => C:\Windows\SysWOW64\mcbuildder.ex C:\Windows\SysWOW64\AUDIOKSEE.dll
C:\Windows\SysWOW64\mcbuildder.exe
C:\Windows\SysWOW64\AUDIOKSEE.dll
AlternateDataStreams: C:\Windows:nlsPreferences [386]
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..".  The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.  

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on.  Press the Fix button just once and wait.  The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


LAST >>>>


AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
[ul]
Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:
AdwCleaner_v5016_zpsf8ln0fea.png

Click the Scan button and wait for the scan to finish.

After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don't want to remove.

Click the Clean button.

Everything checked will be deleted.

When the program has finished cleaning a report appears.

Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg

On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C#].txt
[/ul]

Optional:
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.




Information to Reply with >>>>


  • How did the uninstall go?  Any problems?
  • The Fixlog.txt text file posted please.
  • The AdwCleaner[C#].txt log file.
  • Any questions or concerns you have.

  • 0

#3
Destiny000
Posted 04 November 2016 - 07:01 PM

Destiny000

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

The uninstall went fine, no problems.

 

Here is the fixlog followed by the adwcleaner log: 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016

Ran by Owner (04-11-2016 18:28:53) Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3225172192-3160805140-2408353075-1000\...\MountPoints2: {3ee56ef3-b81e-11e3-abec-681729f6404f} - D:\WIN\setup.exe
HKU\S-1-5-21-3225172192-3160805140-2408353075-1000\...\MountPoints2: {8cea2343-b468-11e3-bbca-806e6f6e6963} - Q:\LenovoQDrive.exe
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:56863;https=127.0.0.1:56863
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-26]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-26]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-26]
OPR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibeanghkfkghfakebjafimamcpnplmhj [2016-10-06]
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-10-26] ()
S3 MWAC; \??\C:\Windows\system32\drivers\ [X]
S3 SWUMX20; system32\DRIVERS\swumx20.sys [X]
C:\Windows\system32\DRIVERS\swumx20.sys
C:\Windows\System32\DRIVERS\SWDUMon.sys
2016-10-27 22:22 - 2014-04-03 19:59 - 00000000 ____D C:\ProgramData\ProductData
2013-10-15 01:37 - 2013-10-15 01:37 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Windows\Tasks\At1.job
C:\Users\Owner\AppData\Local\Temp\ose00000.exe
C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-3225172192-3160805140-2408353075-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3225172192-3160805140-2408353075-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3225172192-3160805140-2408353075-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3225172192-3160805140-2408353075-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {4EE92DED-FAEB-43E7-B9C1-3A122C19D823} - System32\Tasks\At1 => C:\Windows\SysWOW64\mcbuildder.exe <==== ATTENTION
Task: C:\Windows\Tasks\At1.job => C:\Windows\SysWOW64\mcbuildder.ex C:\Windows\SysWOW64\AUDIOKSEE.dll
C:\Windows\SysWOW64\mcbuildder.exe
C:\Windows\SysWOW64\AUDIOKSEE.dll
AlternateDataStreams: C:\Windows:nlsPreferences [386]
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-3225172192-3160805140-2408353075-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ee56ef3-b81e-11e3-abec-681729f6404f}" => key removed successfully
HKCR\CLSID\{3ee56ef3-b81e-11e3-abec-681729f6404f} => key not found. 
"HKU\S-1-5-21-3225172192-3160805140-2408353075-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cea2343-b468-11e3-bbca-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{8cea2343-b468-11e3-bbca-806e6f6e6963} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp" => key removed successfully
"HKCR\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending" => key removed successfully
"HKCR\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot" => key removed successfully
"HKCR\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared" => key removed successfully
"HKCR\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}" => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf => moved successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf => moved successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg => moved successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibeanghkfkghfakebjafimamcpnplmhj => moved successfully
SWDUMon => service removed successfully
MWAC => service removed successfully
SWUMX20 => service removed successfully
"C:\Windows\system32\DRIVERS\swumx20.sys" => not found.
C:\Windows\System32\DRIVERS\SWDUMon.sys => moved successfully
C:\ProgramData\ProductData => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\Windows\Tasks\At1.job => moved successfully
C:\Users\Owner\AppData\Local\Temp\ose00000.exe => moved successfully
C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe => moved successfully
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll => moved successfully
"HKU\S-1-5-21-3225172192-3160805140-2408353075-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}" => key removed successfully
"HKU\S-1-5-21-3225172192-3160805140-2408353075-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully
"HKU\S-1-5-21-3225172192-3160805140-2408353075-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-3225172192-3160805140-2408353075-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4EE92DED-FAEB-43E7-B9C1-3A122C19D823}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EE92DED-FAEB-43E7-B9C1-3A122C19D823}" => key removed successfully
C:\Windows\System32\Tasks\At1 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At1" => key removed successfully
C:\Windows\Tasks\At1.job => not found.
"C:\Windows\SysWOW64\mcbuildder.exe" => not found.
C:\Windows\SysWOW64\AUDIOKSEE.dll => moved successfully
C:\Windows => ":nlsPreferences" ADS removed successfully.
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {54D5F27D-4D94-40A2-B651-0A4AE18712F5}.
Unable to cancel {37E08027-3061-4092-83FB-3085F3BB1C2B}.
Unable to cancel {B3F04167-3BDC-4D9B-9FB2-A44264EFA156}.
Unable to cancel {C215A1DB-0512-4965-8640-CEC5822E53E0}.
Unable to cancel {66C129C3-CDAB-486D-A04D-580E718E75A7}.
0 out of 5 jobs canceled.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3225172192-3160805140-2408353075-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3225172192-3160805140-2408353075-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 102857603 B
Java, Flash, Steam htmlcache => 8585 B
Windows/system/drivers => 232363138 B
Edge => 0 B
Chrome => 765609923 B
Firefox => 0 B
Opera => 108753313 B
 
Temp, IE cache, history, cookies, recent:
Default => 1152 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 70132 B
LocalService => 0 B
NetworkService => 104635416 B
Owner => 1179872970 B
 
RecycleBin => 0 B
EmptyTemp: => 2.3 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 18:31:35 ====
 
ADW LOG

 

# AdwCleaner v6.030 - Logfile created 04/11/2016 at 18:52:39

# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-04.2 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Owner - OWNER-THINK
# Running from : C:\Users\Owner\Desktop\adwcleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\Public\Documents\Downloaded Installers
[-] Folder deleted: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.wajam.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ca.izito.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cars.trovit.ca
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\izito.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\land.pckeeper.software
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pckeeper.software
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovit.ca
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.wajam.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ca.izito.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cars.trovit.ca
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\izito.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\land.pckeeper.software
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pckeeper.software
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovit.ca
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext [DisableAddonLoadTimePerformanceNotifications]
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: amogncdhclnhneejdfggljpdgigffhfi
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: iagcpbojonfafbgbmkdplkoobcenmpll
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [6020 Bytes] - [04/11/2016 18:52:39]
C:\AdwCleaner\AdwCleaner[R0].txt - [1478 Bytes] - [04/04/2014 10:09:45]
C:\AdwCleaner\AdwCleaner[R1].txt - [1230 Bytes] - [01/06/2014 15:00:14]
C:\AdwCleaner\AdwCleaner[R2].txt - [2004 Bytes] - [26/10/2014 15:45:01]
C:\AdwCleaner\AdwCleaner[R3].txt - [1113 Bytes] - [26/10/2014 15:49:58]
C:\AdwCleaner\AdwCleaner[R4].txt - [1173 Bytes] - [26/10/2014 19:26:23]
C:\AdwCleaner\AdwCleaner[R5].txt - [1232 Bytes] - [28/10/2016 19:13:58]
C:\AdwCleaner\AdwCleaner[R6].txt - [1292 Bytes] - [28/10/2016 20:45:36]
C:\AdwCleaner\AdwCleaner[R7].txt - [1353 Bytes] - [28/10/2016 22:18:20]
C:\AdwCleaner\AdwCleaner[S0].txt - [1365 Bytes] - [04/04/2014 10:38:40]
C:\AdwCleaner\AdwCleaner[S1].txt - [1301 Bytes] - [01/06/2014 15:01:04]
C:\AdwCleaner\AdwCleaner[S2].txt - [2033 Bytes] - [26/10/2014 15:46:51]
C:\AdwCleaner\AdwCleaner[S3].txt - [6763 Bytes] - [04/11/2016 18:50:17]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [6969 Bytes] ##########
 

 

Everything went smooth, again thank you very much for your time and assistance. Much appreciated. 

Edited by Destiny000, 04 November 2016 - 07:02 PM.

  • 0

#4
dbreeze
Posted 05 November 2016 - 01:39 AM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

How is the system running now?


  • 0

#5
Destiny000
Posted 05 November 2016 - 12:09 PM

Destiny000

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

Microsoft Security Essentials is still acting strange i think, it takes forever to detect an update, then forever to download (our connection is fine) and then it sits at installing for even longer. It is similar to what it did before where it would sit forever, it did say that it finished the update though.It took around 20 minutes or longer. This seems strange as I do not remember it being this slow. 

 

 

I will edit this post in a bit after I do another restart of the computer and run windows update again, then at that time I'll let you know.

 

Edit: Microsoft explorer is acting strange. When you go to open it, it takes a while to load giving me the 'not responding' notice at the top and then crashes and closes without any kind of notice that it done so aside from it not being open anymore. Then the next multiple attempts at opening, closing it and opening repeatedly all work. 0.o

 

Windows update seems fine now although there apparently isn't any new updates to really test that against.

 

What kind of infection was it exactly? My grandfather had just paid for a subscription via credit card for malwarebytes premium prior to him complaining about updates, then me running scans, then contacting you. So could the card be jeopardized?

 

I am also running malewarebytes anti exploit on here, as well as on my own laptop. On mine, whenever i open a browser it lets me know my browser is protected by anti exploit. However on his laptop it never does this. Both are the free versions. Is this normal?


Edited by Destiny000, 05 November 2016 - 12:29 PM.

  • 0

#6
dbreeze
Posted 05 November 2016 - 01:40 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

To repair Microsoft Security Essentials it is best to fully uninstall it and then reinstall the application.

 

Download the uninstall tool from here and run it.  After the system is restarted at the end of the removal process (please do this manually if the tool does not do it automatically), please download a fresh copy of MSE from here and install it.

 

The system had a DNS / Browser Hijacker on it but this could have come from a drive by download or a rogue email (some of which are activated by just looking at them).

 

As to the Malwarebytes issue, it may be best to ask that at the Malwarebytes forum ( forums.malwarebytes.org ).


  • 0

#7
Destiny000
Posted 05 November 2016 - 02:39 PM

Destiny000

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

Your link for the uninstall just redirects without a download to here: https://support.micr...n-us/kb/2970908

 

Also, the infection type, should i be worried about my router or if it hasn't had any lag or issues should it be fine? My grandfathers laptop was out of country with him for a while so i cannot guarantee when or where he got it.

 

Thank you for very for volunteering your time to help me. I very much appreciate it. Thank you very much!!!! Blessings!


Edited by Destiny000, 05 November 2016 - 02:50 PM.

  • 0

#8
dbreeze
Posted 05 November 2016 - 06:51 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Sorry about that; it appears our friends at Microsoft have pulled most of the FixIt tools.  The Uninstall from the standard Add / Remove Programs ( or Programs and Features ) section of the Control Panel should be fine to start with.


  • 0

#9
Destiny000
Posted 06 November 2016 - 11:40 AM

Destiny000

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

Thank you very much for your help. ^^ Much appreciated. Things are looking good. :)


  • 0

#10
dbreeze
Posted 06 November 2016 - 11:37 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Let's clean the tools and I have some tips for helping to keep the system running clean.
 

All right!! :D Your logs are clean and you're good to go now!! :thumbsup: We've got some final steps left to do to clean up our tools and get your system in good running condition and then you are on your way. I must say though, even though we met through less than ideal circumstances, it has been really great to work with you. :) Just run through the steps from the Cleanup of Tools to the Program Update Checker. That's it. Thanks. :cool:


Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.
If you did not do so at the end of its scan, please uninstall ESET Online Scanner at this time.  You can use the Control Panel 'Add / Remove Programs' or 'Programs and Features' utility to uninstall it.

  • Download Delfix from here or here
    to your desktop and double click it to start the program
  • Ensure Remove disinfection tools is ticked
    Also tick:
  • Activate UAC
  • Create registry backup
  • Purge system restore
  • Reset system settings
  • DelFixSelectall_zps0f04cec4.png
  • Click Run
  • The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.


Keep Windows Updated
Microsoft issues updates to Windows to close vulnerabilities as they are discovered. Staying updated helps protect your system from current exploits.

  • Click Start and then click Control Panel.
  • Click on the View by: in the upper right corner and select Large Icons (you can change this back later if you like).
  • Scroll down and click on Windows Update.
  • Click on Change settings.
  • Under Important Updates, click on Install updates automatically (recommended).
  • Select (click on) the other options on this page.
  • Select a day and time to have windows install the updates.
  • Click on Ok to change the settings.
  • If you want to change the view of the Control Panel display, click on the View by: in the upper right hand corner and select an option you prefer.

Keep other Important Programs Updated
Along with keeping Windows updated, it is a good idea to keep important programs updated. Java and Adobe Reader both need to be kept updated to the latest versions; malware writers utilize exploits in the unpatched versions to their advantages.

Java
Most security experts and the US CERT (part of the US Homeland Security) now recommend that users uninstall Java from their systems; if you don't have any programs that need Java on your system, you are safe to do this. You can read some of the articles on this here and here. I strongly suggest you uninstall Java unless you need it run certain software; in that case I would recommend that you disable or unplug Java from your web browsers and only enable it when you need it.

To disable / unplug Java in your browsers:

To uninstall Java (on Win7):

  • Click Start and then click Control Panel.
  • If you need to, click View by: and select either Large Icons or Small Icons.
  • Click on Programs and Features.
  • Scroll down until you find Java and click on it to select that program.
  • (Older versions of Java may appear in the program list as J2SE, Java 2, Java SE or Java Runtime Environment.)
  • Click Uninstall.
  • If more than one version of Java shows in your program list, you should repeat the selection and uninstall until all of them are removed.

To check for the latest version of Java and installation steps:

  • Go to java.com and click on Do I have Java?.
  • On the next page, click on Verify Java Version.
  • If you get a security pop up entitled "Do you want to run this application?" with the Name: Java Detection and Publisher: Oracle America, Inc., click Run.
  • Follow the recommendations (if any) on the results screen.
  • If there is a new version (or none at all on your system), there will be a button on the page showing Agree and Start Free Download. Click on it to update or install Java.
  • The site will start a download of jxpiinstall.exe. Save the file to your desktop.
  • When the download is finished, close your browser.
  • Right click on the jxpiinstall.exe and select Run as Administrator.
  • On the opening window, check Change destination folder and then click Install>.
  • The program will now download the rest of the files needed to install Java.
  • On the Destination Folder window, click Next>.
  • On the next window, the install will present you the option of adding additional software (this is known as Foistware).
  • Uncheck the Set and keep Ask as my default search provider.
  • Uncheck the Install the Ask Toolbar.
  • Click Next> to finish the install.
  • When the installation is finished, you will be taken to a web page that will check to see if Java is working properly.

Adobe Reader
Adobe Reader is the second most targeted (by malware) common software. If all you ever do with Adobe Reader is view PDF files, then please consider replacing it with a lighter, free PDF reader that is not exploitable. One that we recommend is Sumatra PDF.

To update Adobe Reader:

  • Launch your Adobe Reader.
  • Click Help and then click on About Adobe Reader from the menu list.
  • If the version is 11.0.04 then you are up to date. If it is less than this and you are keeping Adobe Reader, you should update to the latest version.
  • The best place to get Adobe Reader is from Adobe (click on Adobe to go there now).
  • Click on Download in the menu bar on top of the Adobe web page.
  • Click on Adobe Reader in the list on the right hand side of the page.
  • On the next page, click on the check mark (to turn it off) beside the option to include the McAfee scanner in the download and install. Make sure the check is NOT marked (this is another example of Foistware).
  • Click the Install Now button and follow the directions on next page.
  • If you are prompted to Save the installer file, choose to save it to your desktop. Once it is saved, right click on the file and select Run as Administrator.
  • When the installation is finished, you can delete the installer file on your desktop.

Consider a program that will check for out-of-date programs on your system
Some programs don't have update checks built in or make you run the application to start the check for updates process. An easier way to stay on top of the current versions of your installed programs is to use a version checking program like Heimdal Free from Heimdal Security (you can get the software from here and read more about it on the same page).


You are now done! :yeah:

Now some information on programs to help keep you safe:

First, an Antivirus program. You NEED one; free is just as good as paid-for as long as you keep them updated. ONLY use one at a time as having more than that will cause system problems. Here are some free ones to check out:
Microsoft Security Essentials
Avast! Free Antivirus

Next, a firewall is a must have now-a-days. The built in firewall in Windows 7 is fine (just make sure it is turned on (Start > Control Panel > Windows Firewall)).

=== options ====
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing.  By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system.  You can read the details about this program here.

Also, consider adding MalwareBytes Antimalware to your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won't have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and AdBlockPlus add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:
 How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online
 

I'll leave this topic open for a few days so that if you have any questions you can come back here. Surf safe, my friend!!


  • 0

#11
dbreeze
Posted 21 November 2016 - 01:17 AM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP