Jump to content

elharris6_9

Members
  • Posts

    18
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you so much! Once I'm getting a paycheck again, I'll definitely make a donation. This forum is always so helpful. Take care!
  2. We might as well do it, whenever you're ready. I'd hate to take up too much more of your time.
  3. Awesome! Thank you! And, my system still seems to be working pretty well.
  4. Okay, will do. Hey, I wanted to ask you something. A couple of people have recommended that I download some sort of adblocker for Chrome. Would that be something I should look into, to avoid this sort of thing later on, or is it not a safe download?
  5. I can't find the post log, but it did say the threats were dealt with And, my web pages don't seem to be automatically skipping to ads, so, I think it's better.
  6. Looks like the name change did the trick! Here's the Fixlog Fix result of Farbar Recovery Scan Tool (x64) Version: 03-11-2016 Ran by Tryjoniche (04-11-2016 03:56:20) Run:1 Running from C:\Users\Tryjoniche\Desktop Loaded Profiles: Tryjoniche (Available Profiles: Tryjoniche) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: C:\Users\Tryjoniche\AppData\Roaming\Microsoft\E582.tmp C:\Users\Tryjoniche\AppData\Local\Temp\jre-8u101-windows-au.exe CMD: ipconfig /flushdns EmptyTemp: end ***************** Restore point was successfully created. Processes closed successfully. C:\Users\Tryjoniche\AppData\Roaming\Microsoft\E582.tmp => moved successfully "C:\Users\Tryjoniche\AppData\Local\Temp\jre-8u101-windows-au.exe" => not found. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4600694 B Java, Flash, Steam htmlcache => 595 B Windows/system/drivers => 2165460380 B Edge => 0 B Chrome => 49116894 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 33058 B Public => 0 B ProgramData => 0 B systemprofile => 42337004 B systemprofile32 => 89848 B LocalService => 132244 B NetworkService => 8771332 B Tryjoniche => 10029037 B RecycleBin => 0 B EmptyTemp: => 2.1 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 03:56:56 ====
  7. Okay. Let me download it again and try that In the meantime, here are the logs for the other scans. The log for Sophos is pre-cleanup, so, I don't know if you wanted the post-cleanup log, as well. # AdwCleaner v6.030 - Logfile created 04/11/2016 at 01:49:30 # Updated on 19/10/2016 by Malwarebytes # Database : 2016-11-04.1 [Server] # Operating System : Windows 7 Home Premium Service Pack 1 (X64) # Username : Tryjoniche - ZHOLTZ # Running from : C:\Users\Tryjoniche\Downloads\AdwCleaner.exe # Mode: Clean # Support : hxxps://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1 [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1 [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} [-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}] [-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\Software\AskToolbar [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-802337065-3261608455-526446052-1000\Software\SweetIM [#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\Software\AskToolbar [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-802337065-3261608455-526446052-1000\Software\SweetIM [-] Key deleted: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9 ***** [ Web browsers ] ***** [-] [C:\Users\Tryjoniche\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com [-] [C:\Users\Tryjoniche\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [6840 Bytes] - [04/11/2016 01:49:30] C:\AdwCleaner\AdwCleaner[S0].txt - [6791 Bytes] - [04/11/2016 01:46:14] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [6986 Bytes] ########## ============================================== 2016-11-04 09:04:34.680 Sophos Virus Removal Tool version 2.5.6 2016-11-04 09:04:34.680 Copyright (c) 2009-2016 Sophos Limited. All rights reserved. 2016-11-04 09:04:34.680 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2016-11-04 09:04:34.680 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64 2016-11-04 09:04:34.680 Checking for updates... 2016-11-04 09:04:35.055 Update progress: proxy server not available 2016-11-04 09:04:46.240 Option all = no 2016-11-04 09:04:46.240 Option recurse = yes 2016-11-04 09:04:46.240 Option archive = no 2016-11-04 09:04:46.240 Option service = yes 2016-11-04 09:04:46.240 Option confirm = yes 2016-11-04 09:04:46.240 Option sxl = yes 2016-11-04 09:04:46.256 Option max-data-age = 35 2016-11-04 09:04:46.256 Option vdl-logging = yes 2016-11-04 09:04:46.256 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2016-11-04 09:04:46.256 Machine ID: b66925af24354177aab4833e1724a91b 2016-11-04 09:04:46.256 Component SVRTcli.exe version 2.5.6 2016-11-04 09:04:46.256 Component control.dll version 2.5.6 2016-11-04 09:04:46.256 Component SVRTservice.exe version 2.5.6 2016-11-04 09:04:46.256 Component engine\osdp.dll version 1.44.1.2270 2016-11-04 09:04:46.256 Component engine\veex.dll version 3.67.0.2270 2016-11-04 09:04:46.256 Component engine\savi.dll version 9.0.5.2270 2016-11-04 09:04:46.256 Component rkdisk.dll version 1.5.31.1 2016-11-04 09:04:46.256 Version info: Product version 2.5.6 2016-11-04 09:04:46.256 Version info: Detection engine 3.67.0 2016-11-04 09:04:46.256 Version info: Detection data 5.32 2016-11-04 09:04:46.256 Version info: Build date 10/4/2016 2016-11-04 09:04:46.256 Version info: Data files added 294 2016-11-04 09:04:46.256 Version info: Last successful update (not yet updated) 2016-11-04 09:04:55.413 Downloading updates... 2016-11-04 09:04:55.413 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1 2016-11-04 09:04:55.413 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2016-11-04 09:04:55.413 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2016-11-04 09:04:55.413 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=] 2016-11-04 09:04:55.413 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path= 2016-11-04 09:04:55.413 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path= 2016-11-04 09:04:55.413 Update progress: [I49502] sdds.data0910.xml: found supplement IDE533 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=] 2016-11-04 09:04:55.413 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE533 LATEST path= 2016-11-04 09:04:55.413 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE533 LATEST path= 2016-11-04 09:04:55.413 Update progress: [I49502] sdds.data0910.xml: found supplement IDE534 LATEST path= baseVersion= [included from product IDE533 LATEST path=] 2016-11-04 09:04:55.413 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE534 LATEST path= 2016-11-04 09:04:55.413 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE534 LATEST path= 2016-11-04 09:04:55.413 Update progress: [I49502] sdds.data0910.xml: found supplement IDE535 LATEST path= baseVersion= [included from product IDE534 LATEST path=] 2016-11-04 09:04:55.413 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE535 LATEST path= 2016-11-04 09:04:55.413 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE535 LATEST path= 2016-11-04 09:04:55.413 Update progress: [I49502] sdds.data0910.xml: found supplement IDE536 LATEST path= baseVersion= [included from product IDE535 LATEST path=] 2016-11-04 09:04:55.413 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE536 LATEST path= 2016-11-04 09:04:55.413 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE536 LATEST path= 2016-11-04 09:04:55.413 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2016-11-04 09:04:55.662 Update progress: [I19463] Syncing product SAVIW32 LATEST path= 2016-11-04 09:04:55.662 Update progress: [I19463] Product download size 151003858 bytes 2016-11-04 09:05:02.526 Update progress: [I19463] Syncing product IDE533 LATEST path= 2016-11-04 09:05:02.526 Update progress: [I19463] Product download size 2192549 bytes 2016-11-04 09:05:04.102 Update progress: [I19463] Syncing product IDE534 LATEST path= 2016-11-04 09:05:04.102 Update progress: [I19463] Product download size 2006903 bytes 2016-11-04 09:05:05.381 Update progress: [I19463] Syncing product IDE535 LATEST path= 2016-11-04 09:05:05.381 Update progress: [I19463] Product download size 65959 bytes 2016-11-04 09:05:05.412 Update progress: [I19463] Syncing product IDE536 LATEST path= 2016-11-04 09:05:05.849 Installing updates... 2016-11-04 09:05:06.660 Error level 1 2016-11-04 09:05:46.331 Update successful 2016-11-04 09:06:00.730 Option all = no 2016-11-04 09:06:00.730 Option recurse = yes 2016-11-04 09:06:00.730 Option archive = no 2016-11-04 09:06:00.730 Option service = yes 2016-11-04 09:06:00.730 Option confirm = yes 2016-11-04 09:06:00.730 Option sxl = yes 2016-11-04 09:06:00.730 Option max-data-age = 35 2016-11-04 09:06:00.730 Option vdl-logging = yes 2016-11-04 09:06:00.761 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2016-11-04 09:06:00.761 Machine ID: b66925af24354177aab4833e1724a91b 2016-11-04 09:06:00.761 Component SVRTcli.exe version 2.5.6 2016-11-04 09:06:00.761 Component control.dll version 2.5.6 2016-11-04 09:06:00.761 Component SVRTservice.exe version 2.5.6 2016-11-04 09:06:00.761 Component engine\osdp.dll version 1.44.1.2270 2016-11-04 09:06:00.761 Component engine\veex.dll version 3.67.0.2270 2016-11-04 09:06:00.761 Component engine\savi.dll version 9.0.5.2270 2016-11-04 09:06:00.761 Component rkdisk.dll version 1.5.31.1 2016-11-04 09:06:00.761 Version info: Product version 2.5.6 2016-11-04 09:06:00.761 Version info: Detection engine 3.67.0 2016-11-04 09:06:00.761 Version info: Detection data 5.32 2016-11-04 09:06:00.761 Version info: Build date 10/4/2016 2016-11-04 09:06:00.761 Version info: Data files added 294 2016-11-04 09:06:00.761 Version info: Last successful update 11/4/2016 2:05:46 AM 2016-11-04 09:06:18.218 Error level 1 2016-11-04 09:06:18.218 Scan completed. 2016-11-04 09:06:18.218 ------------------------------------------------------------ 2016-11-04 09:06:38.739 Sophos Virus Removal Tool version 2.5.6 2016-11-04 09:06:38.739 Copyright (c) 2009-2016 Sophos Limited. All rights reserved. 2016-11-04 09:06:38.739 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2016-11-04 09:06:38.739 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64 2016-11-04 09:06:38.739 Checking for updates... 2016-11-04 09:06:39.020 Update progress: proxy server not available 2016-11-04 09:06:41.453 Downloading updates... 2016-11-04 09:06:41.453 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1 2016-11-04 09:06:41.453 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2016-11-04 09:06:41.453 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2016-11-04 09:06:41.453 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=] 2016-11-04 09:06:41.453 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path= 2016-11-04 09:06:41.453 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path= 2016-11-04 09:06:41.453 Update progress: [I49502] sdds.data0910.xml: found supplement IDE533 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=] 2016-11-04 09:06:41.453 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE533 LATEST path= 2016-11-04 09:06:41.453 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE533 LATEST path= 2016-11-04 09:06:41.453 Update progress: [I49502] sdds.data0910.xml: found supplement IDE534 LATEST path= baseVersion= [included from product IDE533 LATEST path=] 2016-11-04 09:06:41.453 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE534 LATEST path= 2016-11-04 09:06:41.453 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE534 LATEST path= 2016-11-04 09:06:41.453 Update progress: [I49502] sdds.data0910.xml: found supplement IDE535 LATEST path= baseVersion= [included from product IDE534 LATEST path=] 2016-11-04 09:06:41.453 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE535 LATEST path= 2016-11-04 09:06:41.453 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE535 LATEST path= 2016-11-04 09:06:41.453 Update progress: [I49502] sdds.data0910.xml: found supplement IDE536 LATEST path= baseVersion= [included from product IDE535 LATEST path=] 2016-11-04 09:06:41.453 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE536 LATEST path= 2016-11-04 09:06:41.453 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE536 LATEST path= 2016-11-04 09:06:41.453 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2016-11-04 09:06:41.485 Update progress: [I19463] Syncing product SAVIW32 LATEST path= 2016-11-04 09:06:41.500 Update progress: [I19463] Syncing product IDE533 LATEST path= 2016-11-04 09:06:41.516 Update progress: [I19463] Syncing product IDE534 LATEST path= 2016-11-04 09:06:41.531 Update progress: [I19463] Syncing product IDE535 LATEST path= 2016-11-04 09:06:41.531 Update progress: [I19463] Syncing product IDE536 LATEST path= 2016-11-04 09:06:41.609 Installing updates... 2016-11-04 09:06:50.236 Option all = no 2016-11-04 09:06:51.047 Option recurse = yes 2016-11-04 09:06:51.047 Option archive = no 2016-11-04 09:06:51.047 Option service = yes 2016-11-04 09:06:51.047 Option confirm = yes 2016-11-04 09:06:51.047 Option sxl = yes 2016-11-04 09:06:51.047 Option max-data-age = 35 2016-11-04 09:06:51.047 Option vdl-logging = yes 2016-11-04 09:06:51.047 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2016-11-04 09:06:51.047 Machine ID: b66925af24354177aab4833e1724a91b 2016-11-04 09:06:51.047 Component SVRTcli.exe version 2.5.6 2016-11-04 09:06:51.047 Component control.dll version 2.5.6 2016-11-04 09:06:51.047 Component SVRTservice.exe version 2.5.6 2016-11-04 09:06:51.047 Component engine\osdp.dll version 1.44.1.2270 2016-11-04 09:06:51.047 Component engine\veex.dll version 3.67.0.2270 2016-11-04 09:06:51.047 Component engine\savi.dll version 9.0.5.2270 2016-11-04 09:06:51.047 Component rkdisk.dll version 1.5.31.1 2016-11-04 09:06:51.047 Version info: Product version 2.5.6 2016-11-04 09:06:51.047 Version info: Detection engine 3.67.0 2016-11-04 09:06:51.047 Version info: Detection data 5.32 2016-11-04 09:06:51.047 Version info: Build date 10/4/2016 2016-11-04 09:06:51.047 Version info: Data files added 294 2016-11-04 09:06:51.047 Version info: Last successful update 11/4/2016 2:05:46 AM 2016-11-04 09:06:51.047 Error level 1 2016-11-04 09:06:51.359 Update successful 2016-11-04 09:07:02.576 Option all = no 2016-11-04 09:07:02.576 Option recurse = yes 2016-11-04 09:07:02.576 Option archive = no 2016-11-04 09:07:02.576 Option service = yes 2016-11-04 09:07:02.576 Option confirm = yes 2016-11-04 09:07:02.576 Option sxl = yes 2016-11-04 09:07:02.591 Option max-data-age = 35 2016-11-04 09:07:02.591 Option vdl-logging = yes 2016-11-04 09:07:02.591 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2016-11-04 09:07:02.591 Machine ID: b66925af24354177aab4833e1724a91b 2016-11-04 09:07:02.591 Component SVRTcli.exe version 2.5.6 2016-11-04 09:07:02.591 Component control.dll version 2.5.6 2016-11-04 09:07:02.591 Component SVRTservice.exe version 2.5.6 2016-11-04 09:07:02.591 Component engine\osdp.dll version 1.44.1.2270 2016-11-04 09:07:02.591 Component engine\veex.dll version 3.67.0.2270 2016-11-04 09:07:02.591 Component engine\savi.dll version 9.0.5.2270 2016-11-04 09:07:02.591 Component rkdisk.dll version 1.5.31.1 2016-11-04 09:07:02.591 Version info: Product version 2.5.6 2016-11-04 09:07:02.607 Version info: Detection engine 3.67.0 2016-11-04 09:07:02.607 Version info: Detection data 5.32 2016-11-04 09:07:02.607 Version info: Build date 10/4/2016 2016-11-04 09:07:02.607 Version info: Data files added 294 2016-11-04 09:07:02.607 Version info: Last successful update 11/4/2016 2:06:51 AM 2016-11-04 09:51:26.668 Could not open C:\hiberfil.sys 2016-11-04 09:51:34.031 Could not open C:\pagefile.sys 2016-11-04 09:58:31.176 >>> Virus 'Mal/FakeAvCn-B' found in file C:\ProgramData\oJjBbOo08200\oJjBbOo08200 2016-11-04 09:59:00.754 Could not open C:\System Volume Information\{0aa61276-9089-11e6-9c29-002564e8f65b}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-11-04 09:59:00.754 Could not open C:\System Volume Information\{0aa6144d-9089-11e6-9c29-002564e8f65b}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-11-04 09:59:00.754 Could not open C:\System Volume Information\{0aa61660-9089-11e6-9c29-002564e8f65b}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-11-04 09:59:00.754 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-11-04 09:59:00.754 Could not open C:\System Volume Information\{c19bdb70-a26b-11e6-bba6-002564e8f65b}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-11-04 09:59:00.754 Could not open C:\System Volume Information\{d9cbeeda-a1f9-11e6-9b52-002564e8f65b}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-11-04 10:07:50.655 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb 2016-11-04 10:07:50.655 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb 2016-11-04 10:07:59.142 Could not open C:\Windows\System32\config\RegBack\DEFAULT 2016-11-04 10:07:59.142 Could not open C:\Windows\System32\config\RegBack\SAM 2016-11-04 10:07:59.157 Could not open C:\Windows\System32\config\RegBack\SECURITY 2016-11-04 10:07:59.157 Could not open C:\Windows\System32\config\RegBack\SOFTWARE 2016-11-04 10:07:59.157 Could not open C:\Windows\System32\config\RegBack\SYSTEM 2016-11-04 10:41:48.425 Could not open LOGICAL:0003:00000000 2016-11-04 10:41:48.440 Could not open D:\ 2016-11-04 10:41:48.440 Could not open LOGICAL:0004:00000000 2016-11-04 10:41:48.440 Could not open E:\ 2016-11-04 10:41:48.440 Could not open LOGICAL:0005:00000000 2016-11-04 10:41:48.456 Could not open F:\ 2016-11-04 10:41:48.456 Could not open LOGICAL:0006:00000000 2016-11-04 10:41:48.456 Could not open G:\ 2016-11-04 10:41:48.456 Could not open LOGICAL:0007:00000000 2016-11-04 10:41:48.471 Could not open H:\ 2016-11-04 10:41:48.549 Could not open PHYSICAL:0081:0000:0000:0001 2016-11-04 10:41:48.549 Could not open PHYSICAL:0082:0000:0000:0001 2016-11-04 10:41:48.549 Could not open PHYSICAL:0083:0000:0000:0001 2016-11-04 10:41:48.549 Could not open PHYSICAL:0084:0000:0000:0001 2016-11-04 10:41:48.565 The following items will be cleaned up: 2016-11-04 10:41:48.565 Mal/FakeAvCn-B
  8. Okay. When I run the cleaner, it just cleans up leftover files, right? It's not going to delete the checked programs?
  9. Well, the FRST icon is still on the desktop, and I tried to start it up, but it says it doesn't exist. I tried to delete it, but, again, it says it doesn't exist. Should I try downloading it again, or will that confuse things?
  10. Okay, that folder is gone, now, but the updated FRST is still there. Should I try to run FRST again?
  11. It's still doing the same thing. I'm seeing this new folder has cropped up, named FRST Older Version. If I got rid of it, do you think that might solve the problem? It looks like it just contains another FRST program.
  12. Something weird is going on with FRST. Anytime I try to do anything with it, it keeps flashing an update download message at me, but it just keeps doing it over and over, and doesn't stop long enough for me to do anything with it. Should I delete it, and re-download it?
  13. 0.o That's kinda strange, considering I'd only downloaded it today, but okay. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2016 Ran by Tryjoniche (administrator) on ZHOLTZ (03-11-2016 05:19:11) Running from C:\Users\Tryjoniche\Desktop Loaded Profiles: Tryjoniche (Available Profiles: Tryjoniche) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Creative Technology Ltd.) C:\Windows\V0500Mon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\VizzedRgrServiceLoader.exe () C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre1.8.0_101\bin\jusched.exe" HKLM-x32\...\Run: [V0500Mon.exe] => C:\Windows\V0500Mon.exe [32768 2007-11-02] (Creative Technology Ltd.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [jswtrayutil] => "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe" HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation) HKLM-x32\...\Run: [VizzedRgrPluginServiceLoader] => C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\VizzedRgrServiceLoader.exe [40448 2015-11-27] () Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-802337065-3261608455-526446052-1000\...\Run: [Facebook Update] => C:\Users\Tryjoniche\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-15] (Facebook Inc.) HKU\S-1-5-21-802337065-3261608455-526446052-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-11-09] (Google Inc.) HKU\S-1-5-21-802337065-3261608455-526446052-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1 HKU\S-1-5-21-802337065-3261608455-526446052-1000\...\MountPoints2: {56c4a255-3305-11e6-9ce0-002564e8f65b} - I:\LG_PC_Programs.exe HKU\S-1-5-21-802337065-3261608455-526446052-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> none Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk [2013-11-05] ShortcutTarget: NETGEAR WNA1100 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk.disabled [2010-09-19] ShortcutTarget: NETGEAR WNA1100 Smart Wizard.lnk.disabled -> C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe () Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-01-20] ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-01-20] ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Tryjoniche\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2013-02-11] ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\Tryjoniche\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk.disabled [2010-02-06] ShortcutTarget: Dell Dock.lnk.disabled -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 97.64.201.122 97.64.155.75 Tcpip\..\Interfaces\{2C6590FA-C0F1-4486-BB39-C641DA1E24B7}: [DhcpNameServer] 192.168.1.1 97.64.201.122 97.64.155.75 Internet Explorer: ================== HKU\S-1-5-21-802337065-3261608455-526446052-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/USCON/1 HKU\S-1-5-21-802337065-3261608455-526446052-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1 SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {DA1AE18D-C5B7-4D8F-8F40-3083B6BAA47C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKLM-x32 -> {1B947B24-649B-4F60-8B1D-82100836EFCB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKU\.DEFAULT -> {1B947B24-649B-4F60-8B1D-82100836EFCB} URL = SearchScopes: HKU\S-1-5-21-802337065-3261608455-526446052-1000 -> {1B947B24-649B-4F60-8B1D-82100836EFCB} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-05] (Google Inc.) BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-14] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-05] (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-14] (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-05] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-05] (Google Inc.) Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-05] (Google Inc.) Toolbar: HKU\S-1-5-21-802337065-3261608455-526446052-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKU\S-1-5-21-802337065-3261608455-526446052-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-05] (Google Inc.) DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll [2009-07-14] (Cisco Systems, Inc.) Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll [2009-07-14] (Cisco Systems, Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies) FireFox: ======== FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru => not found FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-14] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-14] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File] FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Windows\SysWOW64\npdeployJava1.dll [2016-08-14] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-14] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-14] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @vizzed.com/VizzedRGR -> C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll [2015-11-27] (Vizzed.com) FF Plugin HKU\S-1-5-21-802337065-3261608455-526446052-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Tryjoniche\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-802337065-3261608455-526446052-1000: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Tryjoniche\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll [2010-08-04] (Yahoo! Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Tryjoniche\AppData\Local\Google\Chrome\User Data\Default [2016-11-03] CHR Extension: (Chrome Web Store Payments) - C:\Users\Tryjoniche\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Chrome Media Router) - C:\Users\Tryjoniche\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\ab.crx <not found> ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-11] (Adobe Systems) [File not signed] R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-07-16] (Macrovision Europe Ltd.) [File not signed] R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-09-28] (SurfRight B.V.) S3 jswpsapi; C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe [954368 2009-11-05] (Atheros Communications, Inc.) [File not signed] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [278528 2009-11-27] () [File not signed] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation) S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [18768 2016-08-14] () [File not signed] S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed] S3 V0500Dev; C:\Windows\System32\DRIVERS\V0500Vid.sys [292064 2007-10-31] (Creative Technology Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-11-03 05:19 - 2016-11-03 05:19 - 00016177 _____ C:\Users\Tryjoniche\Desktop\FRST.txt 2016-11-03 05:08 - 2016-11-03 05:08 - 02408960 _____ (Farbar) C:\Users\Tryjoniche\Desktop\FRST64.exe 2016-11-03 02:44 - 2016-11-03 02:44 - 00001601 _____ C:\Users\Tryjoniche\Desktop\MWB Scan Log.txt 2016-11-03 01:33 - 2016-11-03 01:33 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Tryjoniche\Desktop\iExplore.exe 2016-11-03 01:27 - 2016-11-03 01:35 - 00002050 _____ C:\Users\Tryjoniche\Desktop\Rkill.txt 2016-10-11 22:23 - 2016-09-30 08:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-10-11 22:23 - 2016-09-30 00:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-10-11 22:23 - 2016-09-29 23:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-10-11 22:23 - 2016-09-29 23:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-10-11 22:23 - 2016-09-29 23:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-10-11 22:23 - 2016-09-29 22:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-10-11 22:23 - 2016-09-29 22:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-10-11 22:23 - 2016-09-29 22:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-10-11 22:23 - 2016-09-29 22:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-10-11 22:23 - 2016-09-29 22:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-10-11 22:23 - 2016-09-29 22:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-10-11 22:23 - 2016-09-29 22:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-10-11 22:23 - 2016-09-29 22:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-10-11 22:23 - 2016-09-29 22:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-10-11 22:23 - 2016-09-29 21:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-10-11 22:23 - 2016-09-29 21:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-10-11 22:23 - 2016-09-12 14:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-10-11 22:23 - 2016-09-12 14:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-10-11 22:23 - 2016-09-12 14:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-10-11 22:23 - 2016-09-12 11:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2016-10-11 22:23 - 2016-09-10 09:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll 2016-10-11 22:23 - 2016-09-10 08:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll 2016-10-11 22:23 - 2016-09-09 08:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-10-11 22:23 - 2016-09-09 08:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-10-11 22:23 - 2016-09-09 08:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-10-11 22:23 - 2016-09-09 08:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-10-11 22:23 - 2016-09-09 08:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2016-10-11 22:23 - 2016-09-09 08:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2016-10-11 22:23 - 2016-09-09 08:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-10-11 22:23 - 2016-08-12 10:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2016-10-11 22:23 - 2016-08-12 09:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2016-10-11 22:23 - 2016-08-12 09:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2016-10-11 22:23 - 2016-08-06 08:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2016-10-11 22:23 - 2016-08-06 08:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2016-10-11 22:23 - 2016-08-06 08:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2016-10-11 22:23 - 2016-08-06 08:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2016-10-11 22:23 - 2016-08-06 08:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2016-10-11 22:23 - 2016-08-06 08:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2016-10-11 22:23 - 2016-08-06 08:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2016-10-11 22:23 - 2016-06-14 10:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2016-10-11 22:23 - 2016-06-14 10:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2016-10-11 22:23 - 2016-06-14 10:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2016-10-11 22:23 - 2016-06-14 10:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2016-10-11 22:23 - 2016-06-14 10:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2016-10-11 22:23 - 2016-06-14 10:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2016-10-11 22:23 - 2016-06-14 10:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2016-10-11 22:23 - 2016-06-14 10:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2016-10-11 22:23 - 2016-06-14 10:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2016-10-11 22:23 - 2016-06-14 10:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2016-10-11 22:23 - 2016-06-14 10:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2016-10-11 22:23 - 2016-06-14 10:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2016-10-11 22:23 - 2016-06-14 10:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2016-10-11 22:23 - 2016-06-14 08:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2016-10-11 22:23 - 2016-06-14 08:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2016-10-11 22:23 - 2016-06-14 08:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2016-10-11 22:23 - 2016-06-14 08:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2016-10-11 22:23 - 2016-06-14 08:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2016-10-11 22:23 - 2016-06-14 08:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2016-10-11 22:23 - 2016-06-14 08:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2016-10-11 22:23 - 2016-06-14 08:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2016-10-11 22:23 - 2016-06-14 08:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2016-10-11 22:22 - 2016-09-30 13:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-10-11 22:22 - 2016-09-30 12:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-10-11 22:22 - 2016-09-30 08:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-10-11 22:22 - 2016-09-30 08:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-10-11 22:22 - 2016-09-29 23:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-10-11 22:22 - 2016-09-29 23:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-10-11 22:22 - 2016-09-29 23:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-10-11 22:22 - 2016-09-29 23:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-10-11 22:22 - 2016-09-29 23:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-10-11 22:22 - 2016-09-29 23:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-10-11 22:22 - 2016-09-29 23:18 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-10-11 22:22 - 2016-09-29 23:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-10-11 22:22 - 2016-09-29 23:14 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-10-11 22:22 - 2016-09-29 23:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-10-11 22:22 - 2016-09-29 23:13 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-10-11 22:22 - 2016-09-29 23:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-10-11 22:22 - 2016-09-29 23:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-10-11 22:22 - 2016-09-29 23:05 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-10-11 22:22 - 2016-09-29 23:02 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-10-11 22:22 - 2016-09-29 22:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-10-11 22:22 - 2016-09-29 22:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-10-11 22:22 - 2016-09-29 22:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-10-11 22:22 - 2016-09-29 22:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-10-11 22:22 - 2016-09-29 22:50 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-10-11 22:22 - 2016-09-29 22:47 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-10-11 22:22 - 2016-09-29 22:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-10-11 22:22 - 2016-09-29 22:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-10-11 22:22 - 2016-09-29 22:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-10-11 22:22 - 2016-09-29 22:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-10-11 22:22 - 2016-09-29 22:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-10-11 22:22 - 2016-09-29 22:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-10-11 22:22 - 2016-09-29 22:35 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-10-11 22:22 - 2016-09-29 22:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-10-11 22:22 - 2016-09-29 22:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-10-11 22:22 - 2016-09-29 22:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-10-11 22:22 - 2016-09-29 22:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-10-11 22:22 - 2016-09-29 22:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-10-11 22:22 - 2016-09-29 22:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-10-11 22:22 - 2016-09-29 22:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-10-11 22:22 - 2016-09-29 22:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-10-11 22:22 - 2016-09-29 22:31 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-10-11 22:22 - 2016-09-29 22:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-10-11 22:22 - 2016-09-29 22:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-10-11 22:22 - 2016-09-29 22:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-10-11 22:22 - 2016-09-29 22:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-10-11 22:22 - 2016-09-29 22:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-10-11 22:22 - 2016-09-29 22:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-10-11 22:22 - 2016-09-29 22:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-10-11 22:22 - 2016-09-29 22:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-10-11 22:22 - 2016-09-29 22:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-10-11 22:22 - 2016-09-29 22:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-10-11 22:22 - 2016-09-29 21:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-10-11 22:22 - 2016-09-29 21:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-10-11 22:22 - 2016-09-15 08:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-10-11 22:22 - 2016-09-15 08:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll 2016-10-11 22:22 - 2016-09-15 08:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-10-11 22:22 - 2016-09-15 08:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll 2016-10-11 22:22 - 2016-09-12 14:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-10-11 22:22 - 2016-09-12 14:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-10-11 22:22 - 2016-09-12 14:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-10-11 22:22 - 2016-09-12 14:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-10-11 22:22 - 2016-09-12 14:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-10-11 22:22 - 2016-09-12 14:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-10-11 22:22 - 2016-09-12 14:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-10-11 22:22 - 2016-09-12 14:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-10-11 22:22 - 2016-09-12 14:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-10-11 22:22 - 2016-09-12 14:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-10-11 22:22 - 2016-09-12 14:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-10-11 22:22 - 2016-09-12 14:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-10-11 22:22 - 2016-09-12 14:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-10-11 22:22 - 2016-09-12 14:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll 2016-10-11 22:22 - 2016-09-12 14:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-10-11 22:22 - 2016-09-12 14:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-10-11 22:22 - 2016-09-12 14:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-10-11 22:22 - 2016-09-12 14:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-10-11 22:22 - 2016-09-12 14:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-10-11 22:22 - 2016-09-12 14:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-10-11 22:22 - 2016-09-12 13:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-10-11 22:22 - 2016-09-12 13:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-10-11 22:22 - 2016-09-12 13:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-10-11 22:22 - 2016-09-12 13:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-10-11 22:22 - 2016-09-12 13:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-10-11 22:22 - 2016-09-12 13:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-10-11 22:22 - 2016-09-12 13:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-10-11 22:22 - 2016-09-12 13:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-10-11 22:22 - 2016-09-12 13:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-10-11 22:22 - 2016-09-12 13:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-10-11 22:22 - 2016-09-12 13:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-10-11 22:22 - 2016-09-12 13:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll 2016-10-11 22:22 - 2016-09-12 13:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-10-11 22:22 - 2016-09-12 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-10-11 22:22 - 2016-09-12 13:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-10-11 22:22 - 2016-09-12 13:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-10-11 22:22 - 2016-09-12 13:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-10-11 22:22 - 2016-09-12 13:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-10-11 22:22 - 2016-09-12 13:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-10-11 22:22 - 2016-09-12 13:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-10-11 22:22 - 2016-09-12 13:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-10-11 22:22 - 2016-09-12 13:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-10-11 22:22 - 2016-09-12 13:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-10-11 22:22 - 2016-09-12 13:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-10-11 22:22 - 2016-09-12 12:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2016-10-11 22:22 - 2016-09-12 11:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2016-10-11 22:22 - 2016-09-09 11:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-10-11 22:22 - 2016-09-09 11:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-10-11 22:22 - 2016-09-09 11:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 11:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-10-11 22:22 - 2016-09-09 11:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-10-11 22:22 - 2016-09-09 11:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-10-11 22:22 - 2016-09-09 11:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-10-11 22:22 - 2016-09-09 11:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-10-11 22:22 - 2016-09-09 10:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-10-11 22:22 - 2016-09-09 10:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2016-10-11 22:22 - 2016-09-09 10:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-10-11 22:22 - 2016-09-09 10:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 10:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 10:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2016-10-11 22:22 - 2016-09-09 10:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-10-11 22:22 - 2016-09-09 10:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-10-11 22:22 - 2016-09-09 10:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-10-11 22:22 - 2016-09-09 10:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-10-11 22:22 - 2016-09-09 10:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-10-11 22:22 - 2016-09-09 10:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-10-11 22:22 - 2016-09-09 10:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-10-11 22:22 - 2016-09-09 10:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-10-11 22:22 - 2016-09-09 10:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-10-11 22:22 - 2016-09-09 10:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 10:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-10-11 22:22 - 2016-09-09 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-10-11 22:22 - 2016-09-08 13:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2016-10-11 22:22 - 2016-09-08 13:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2016-10-11 22:22 - 2016-09-08 13:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2016-10-11 22:22 - 2016-09-08 13:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2016-10-11 22:22 - 2016-09-08 07:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2016-10-11 22:22 - 2016-09-08 07:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys 2016-10-11 22:22 - 2016-08-12 10:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2016-10-11 22:22 - 2016-08-12 10:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2016-10-11 22:22 - 2016-08-12 10:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2016-10-11 22:22 - 2016-08-12 10:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2016-10-11 22:22 - 2016-08-12 09:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2016-10-11 22:22 - 2016-08-12 09:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2016-10-11 22:22 - 2016-08-12 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2016-10-11 22:22 - 2016-08-12 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2016-10-11 22:22 - 2016-08-06 08:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2016-10-11 22:22 - 2016-08-06 08:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll 2016-10-11 22:22 - 2016-08-06 08:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll 2016-10-11 22:22 - 2016-08-06 08:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2016-10-11 22:22 - 2016-08-06 08:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll 2016-10-11 22:22 - 2016-08-06 08:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe 2016-10-11 22:22 - 2016-08-06 07:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2016-10-11 22:22 - 2016-08-06 07:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe 2016-10-11 22:22 - 2016-08-06 07:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll 2016-10-11 22:22 - 2016-06-14 10:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2016-10-11 22:22 - 2016-06-14 10:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2016-10-11 22:22 - 2016-06-14 10:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2016-10-11 22:22 - 2016-06-14 10:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2016-10-11 22:22 - 2016-06-14 10:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2016-10-11 22:22 - 2016-06-14 10:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2016-10-11 22:22 - 2016-06-14 10:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2016-10-11 22:22 - 2016-06-14 10:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2016-10-11 22:22 - 2016-06-14 10:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2016-10-11 22:22 - 2016-06-14 10:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2016-10-11 22:22 - 2016-06-14 10:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2016-10-11 22:22 - 2016-06-14 10:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2016-10-11 22:22 - 2016-06-14 10:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2016-10-11 22:22 - 2016-06-14 10:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2016-10-11 22:22 - 2016-06-14 10:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2016-10-11 22:22 - 2016-06-14 10:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2016-10-11 22:22 - 2016-06-14 10:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2016-10-11 22:22 - 2016-06-14 08:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2016-10-11 22:22 - 2016-06-14 08:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2016-10-11 22:22 - 2016-06-14 08:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2016-10-11 22:22 - 2016-06-14 08:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2016-10-11 22:22 - 2016-06-14 08:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2016-10-11 22:22 - 2016-06-14 08:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2016-10-11 22:22 - 2016-06-14 08:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2016-10-11 22:22 - 2016-06-14 08:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2016-10-11 22:22 - 2016-06-14 08:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2016-10-11 22:22 - 2016-06-14 08:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2016-10-11 22:22 - 2016-06-14 08:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2016-10-11 22:22 - 2016-06-14 08:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2016-10-11 22:22 - 2016-06-14 08:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2016-10-11 22:22 - 2016-06-14 08:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2016-10-11 22:22 - 2016-06-14 08:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2016-10-11 22:22 - 2016-06-14 08:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2016-10-11 22:22 - 2016-06-14 08:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2016-10-11 22:22 - 2016-06-14 08:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2016-10-11 22:22 - 2016-06-14 08:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2016-10-11 22:22 - 2016-06-14 08:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2016-10-11 22:21 - 2016-08-16 13:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2016-10-11 22:21 - 2016-08-16 13:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2016-10-11 22:21 - 2016-08-16 13:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2016-10-11 22:21 - 2016-08-16 13:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2016-10-11 22:21 - 2016-08-16 13:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2016-10-11 22:21 - 2016-08-16 13:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2016-10-11 22:21 - 2016-08-16 13:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2016-10-11 22:20 - 2016-08-29 08:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2016-10-11 22:20 - 2016-08-29 08:31 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2016-10-11 22:20 - 2016-08-29 08:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2016-10-11 22:20 - 2016-08-29 08:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2016-10-11 22:20 - 2016-08-29 08:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2016-10-11 22:20 - 2016-08-29 08:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2016-10-11 22:20 - 2016-08-29 08:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2016-10-11 22:20 - 2016-08-29 07:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe 2016-10-11 22:20 - 2016-07-22 07:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2016-10-11 22:20 - 2016-07-22 07:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-11-03 05:19 - 2014-01-28 03:01 - 00000000 ____D C:\FRST 2016-11-03 04:56 - 2012-12-04 14:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-11-03 04:43 - 2010-11-09 23:09 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-11-03 03:36 - 2009-07-13 21:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-11-03 03:36 - 2009-07-13 21:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-11-03 03:33 - 2014-07-20 04:05 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-11-03 02:49 - 2010-01-20 15:41 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2016-11-03 02:39 - 2010-11-09 23:09 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-11-03 02:39 - 2010-02-06 21:44 - 00000000 ____D C:\Users\Tryjoniche\AppData\Local\SoftThinks 2016-11-03 02:38 - 2014-07-20 04:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-11-03 02:38 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\addins 2016-11-03 02:38 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-11-03 02:28 - 2011-10-02 19:18 - 00000948 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-802337065-3261608455-526446052-1000UA.job 2016-11-03 01:40 - 2014-07-20 04:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-11-03 01:40 - 2013-02-11 14:31 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-11-03 01:17 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2016-11-02 20:28 - 2011-10-02 19:18 - 00000926 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-802337065-3261608455-526446052-1000Core.job 2016-11-02 15:07 - 2010-11-09 23:09 - 00000000 ____D C:\Users\Tryjoniche\AppData\Local\Google 2016-11-02 02:42 - 2013-01-04 18:34 - 00000000 ____D C:\Users\Tryjoniche\AppData\Roaming\Skype 2016-11-02 02:38 - 2010-02-20 19:54 - 00000000 ____D C:\Users\Tryjoniche\Documents\Forgotten Comics Media 2016-10-27 20:48 - 2011-10-14 20:16 - 00000000 ____D C:\Users\Tryjoniche\AppData\Roaming\Audacity 2016-10-27 18:22 - 2010-09-19 11:26 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2016-10-26 16:56 - 2012-12-04 14:42 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-10-26 16:56 - 2012-08-30 17:02 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-10-26 16:56 - 2012-08-30 17:02 - 00000000 ____D C:\Windows\system32\Macromed 2016-10-26 16:56 - 2011-06-08 15:12 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-10-26 16:56 - 2010-01-20 15:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-10-25 04:45 - 2012-12-04 14:42 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-10-25 04:45 - 2012-12-04 14:42 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-10-12 14:51 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache 2016-10-12 07:41 - 2009-07-13 22:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI 2016-10-12 07:41 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf 2016-10-12 07:38 - 2015-09-17 18:34 - 00438048 _____ C:\Windows\system32\FNTCACHE.DAT 2016-10-12 07:35 - 2013-03-13 02:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-10-12 07:35 - 2013-03-13 02:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-10-12 07:33 - 2014-12-10 03:21 - 00000000 ____D C:\Windows\system32\appraiser 2016-10-12 07:33 - 2014-04-30 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel 2016-10-12 07:33 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism 2016-10-12 07:33 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Dism 2016-10-12 03:12 - 2013-08-08 02:03 - 00000000 ____D C:\Windows\system32\MRT 2016-10-12 03:05 - 2013-03-13 02:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-10-12 03:05 - 2010-09-19 11:51 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-10-08 15:40 - 2010-02-06 22:02 - 00038426 _____ C:\Users\Tryjoniche\AppData\Roaming\wklnhst.dat ==================== Files in the root of some directories ======= 2010-02-06 22:02 - 2016-10-08 15:40 - 0038426 _____ () C:\Users\Tryjoniche\AppData\Roaming\wklnhst.dat 2016-01-30 01:12 - 2016-01-30 01:12 - 0000000 _____ () C:\Users\Tryjoniche\AppData\Roaming\Microsoft\E582.tmp 2010-08-31 10:12 - 2013-09-15 18:44 - 0020992 _____ () C:\Users\Tryjoniche\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-05-21 23:03 - 2012-05-21 23:03 - 0017408 _____ () C:\Users\Tryjoniche\AppData\Local\WebpageIcons.db 2011-12-13 13:57 - 2011-12-13 13:57 - 0000000 _____ () C:\Users\Tryjoniche\AppData\Local\{F049AC4A-780D-4D2C-8F9B-26E2086FDB40} Some files in TEMP: ==================== C:\Users\Tryjoniche\AppData\Local\Temp\jre-8u101-windows-au.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-10-25 08:13 ==================== End of FRST.txt ============================ --------------- Farbar Recovery Scan Tool (x64) Version: 30-10-2016 Ran by Tryjoniche (03-11-2016 05:21:14) Running from C:\Users\Tryjoniche\Desktop Boot Mode: Normal ================== Search Files: "rpcss.dll" ============= C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.23342_none_c857da9c6db78539\rpcss.dll [2016-04-13 06:49][2016-01-30 12:08] 0512000 ____A (Microsoft Corporation) 701F356A52EAD0E7F675157B518C8650 [File is digitally signed] C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.19143_none_c7cf3c355499019f\rpcss.dll [2016-04-13 06:49][2016-02-02 11:57] 0511488 ____A (Microsoft Corporation) 622C96AFB07BB82C8650B47172137AC4 [File is digitally signed] C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll [2011-04-05 16:46][2010-11-20 06:27] 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123 [File is digitally signed] C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll [2009-07-13 17:00][2009-07-13 18:41] 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027 [File is digitally signed] C:\Windows\System32\rpcss.dll [2016-04-13 06:49][2016-02-02 11:57] 0511488 ____A (Microsoft Corporation) 622C96AFB07BB82C8650B47172137AC4 [File is digitally signed] ====== End of Search ====== Addition.txt
  14. Oh, sorry, I just read that you wanted me to post the MWB log in the message box, instead of attaching it? --------- Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/3/2016 Scan Time: 2:10 AM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.11.03.07 Rootkit Database: v2016.10.31.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Tryjoniche Scan Type: Threat Scan Result: Completed Objects Scanned: 343876 Time Elapsed: 24 min, 58 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 2 PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0981FFD5-26A4-4E7D-AF5B-3F2F3A02F81D}, Delete-on-Reboot, [30b3506b049689ad032aba3a54af30d0], PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Scheduled Update for Ask Toolbar, Delete-on-Reboot, [8a59e8d321791c1a50a0dc0b788b36ca], Registry Values: 1 PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0981FFD5-26A4-4E7D-AF5B-3F2F3A02F81D}|Path, \Scheduled Update for Ask Toolbar, Delete-on-Reboot, [30b3506b049689ad032aba3a54af30d0] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  15. Just wanted to make sure. Okay, I ran all the scans. Here are the log files. Addition.txt FRST.txt MWB Scan Log.txt Rkill.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.