Jump to content

Manual Scans Hang


itsdot

Recommended Posts

My scans hang up at C:WINDOWS/SYSWOW64/wbem/, first at wsdapi.mof and now at xsl-mappings.xml. Both with rootkits enabled. The scan will run without rootkits enabled. I have been working with bleepingcomputer tech on other issues and they recommended I come to you with this. I have done a MBAM Clean and reinstall after the first hangup and it hung up a second time. I ran CHKDSK as recommended in Malwarebytes Help forum, it found nothing. (have tried the recommendations of running in safe mode (it will complete the scan) and then trying to run 'regular' (won't complete). Ran CHKDSK, which literally took hours; found no issues reported. Tried to run scan, still hangs up (always at C:\WINDOWS/SYSWOW64/wbem/, but always at a different file...first at wsdapi.mof then xsl-mappings.xml, then wscmisetup.mof, then wscenter.mof. Ran/running(?) defrag bat file. How do I know when it is done? It sat for several minutes then popped up and said 0% fragmented space but says this is a pre-defragmentation report.) While waiting for reply from forum staff/experts, decided to run scan again and it was already running on a scheduled run-that one completed. Ron told me to start a new topic here; while doing so, I decided to run another manual scan. Ughhh-it hangs at C:\WINDOWS\SYSWOW\Wbem\wscmisetup.mof. Couple of things: 1. is it hanging only on manual scans and is this significant? 2. Reports show directories as C:\Windows\sysWOW64\ and scans show them as C:\WINDOWS\SYSWOW64-any significance?

 
Link to post
Share on other sites

  • Root Admin

Hi there. Let me have you start out by running this scanner please.

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

  • Root Admin

Let's go ahead and scan for and remove any type of infection related items and then look at the new FRST logs to see what we have left going on. Combofix only found some minor issues at this point.

 

 

 

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.


  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.


  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

 

 

Link to post
Share on other sites

On the Malwarebytes scan, it ran for the first time, manually all the way through. Major concern though...it was scanning 944k items previously and on this scan (and the two previous, didn't notice) it scanned 430k...

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/23/2015
Scan Time: 3:02 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.11.23.08
Rootkit Database: v2015.11.23.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dot
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 430900
Time Elapsed: 21 min, 28 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

...and last but not least, here is step 8 - Farbar Recovery Scan Tool report:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-11-2015
Ran by Dot (administrator) on DOT-PC (23-11-2015 22:08:29)
Running from C:\Users\Dot\Desktop
Loaded Profiles: Dot & QBDataServiceUser25 (Available Profiles: Dot & QBDataServiceUser22 & QBDataServiceUser25)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Memeo) C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Monotype Inc.) C:\Program Files\Monotype\SkyFonts\SkyFonts.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Monotype Inc.) C:\Program Files\Monotype\SkyFonts\Monotype.SkyFonts.Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Monotype Inc.) C:\Program Files\Monotype\SkyFonts\SkyFonts.Monitor.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\QBDBMgrN.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-11] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-03-17] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-4154183769-122929292-2090752055-1002\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-4154183769-122929292-2090752055-1002\...\Run: [Monotype SkyFonts System Extension] => C:\Program Files\Monotype\SkyFonts\SkyFonts.exe [2403792 2015-10-27] (Monotype Inc.)
HKU\S-1-5-21-4154183769-122929292-2090752055-1002\...\Run: [Monotype SkyFonts Rack Up] => C:\Program Files\Monotype\SkyFonts\SFC.exe [24016 2015-10-27] (Monotype Imaging)
HKU\S-1-5-21-4154183769-122929292-2090752055-1002\...\Run: [GoogleChromeAutoLaunch_0BBCD82A44F2A3C2BB7EBD870E321555] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-11-06] (Google Inc.)
HKU\S-1-5-21-4154183769-122929292-2090752055-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Monotype SkyFonts System Extension] => C:\Program Files\Monotype\SkyFonts\SkyFonts.exe [2403792 2015-10-27] (Monotype Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-07-29]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-07-29]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{DF35EC01-C6E8-4697-8369-41264D2ABBD6}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4154183769-122929292-2090752055-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4154183769-122929292-2090752055-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-02] (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-02] (Oracle Corporation)
DPF: HKLM-x32 {00130000-B1BA-11CE-ABC6-F5B2E79D9E3F} hxxp://aceonline.asicentral.com/ace/ltocx13n.cab
Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\HelpAsyncPluggableProtocol.dll [2015-10-15] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-06] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.searchqu.com/406
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\PepperFlash\19.0.0.226\pepflashplayer.dll ()
CHR Profile: C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-06]
CHR Extension: (Google Docs) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-06]
CHR Extension: (Google Drive) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-11-19]
CHR Extension: (YouTube) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (AddThis - Share & Bookmark (new)) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde [2015-10-16]
CHR Extension: (Google Search) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-06]
CHR Extension: (Google Docs Offline) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Love Smoke) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgibfhhccaknggplelmbaepoikkcnllb [2015-10-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Read Your AOL Mail) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\phgdojkomekmnemlclopfjlmbamhnafp [2015-10-16]
CHR Extension: (Gmail) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-11] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MemeoBackgroundService; C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe [25824 2009-11-12] (Memeo)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-11] (NVIDIA Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-10-15] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2015-03-17] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2015-03-17] (Intuit Inc.) [File not signed]
R3 QuickBooksDB25; C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\QBDBMgrN.exe [827392 2015-03-17] (Intuit, Inc.) [File not signed]
R2 SkyFontsService; C:\Program Files\Monotype\SkyFonts\Monotype.SkyFonts.Service.exe [44496 2015-10-27] (Monotype Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-02] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-23] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
S3 PciIsaSerial; C:\Windows\system32\drivers\PciIsaSerial.sys [68608 2008-12-19] (Windows ® Codename Longhorn DDK provider)
R3 PciPPorts; C:\Windows\system32\drivers\PciPPorts.sys [96768 2009-07-23] ()
R3 PciSPorts; C:\Windows\system32\drivers\PciSPorts.sys [122880 2008-12-19] ()
R3 VUSB3HUB; C:\Windows\system32\drivers\ViaHub3.sys [231112 2013-01-02] (VIA Technologies, Inc.)
S3 VUSBSTOR; C:\Windows\System32\Drivers\vusbstor.sys [86064 2013-01-17] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\system32\drivers\xhcdrv.sys [301256 2013-01-02] (VIA Technologies, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-23 22:03 - 2015-11-23 22:03 - 00001118 _____ C:\Users\Dot\Desktop\ESETScanResult.txt
2015-11-23 15:41 - 2015-11-23 15:41 - 02870984 _____ (ESET) C:\Users\Dot\Downloads\esetsmartinstaller_enu.exe
2015-11-23 15:41 - 2015-11-23 15:41 - 00000000 ____D C:\Program Files (x86)\ESET
2015-11-23 14:48 - 2015-11-23 14:48 - 01733632 _____ C:\Users\Dot\Desktop\AdwCleaner.exe
2015-11-23 14:43 - 2015-11-23 14:43 - 00000772 _____ C:\Users\Dot\Desktop\JRT.txt
2015-11-23 14:39 - 2015-11-23 14:39 - 01599080 _____ (Malwarebytes) C:\Users\Dot\Desktop\JRT.exe
2015-11-22 00:27 - 2015-11-22 00:27 - 00028531 _____ C:\ComboFix.txt
2015-11-21 23:06 - 2015-11-22 00:27 - 00000000 ____D C:\Qoobox
2015-11-21 23:06 - 2011-06-26 00:45 - 00256000 _____ C:\Windows\PEV.exe
2015-11-21 23:06 - 2010-11-07 11:20 - 00208896 _____ C:\Windows\MBR.exe
2015-11-21 23:06 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-11-21 23:06 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-11-21 23:06 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-11-21 23:06 - 2000-08-30 18:00 - 00098816 _____ C:\Windows\sed.exe
2015-11-21 23:06 - 2000-08-30 18:00 - 00080412 _____ C:\Windows\grep.exe
2015-11-21 23:06 - 2000-08-30 18:00 - 00068096 _____ C:\Windows\zip.exe
2015-11-21 23:05 - 2015-11-22 00:25 - 00000000 ____D C:\Windows\erdnt
2015-11-21 22:52 - 2015-11-21 22:53 - 05639131 ____R (Swearware) C:\Users\Dot\Desktop\ComboFix.exe
2015-11-21 09:32 - 2015-11-21 09:32 - 00192045 _____ C:\Users\Dot\Downloads\dorria-designs-357.zip
2015-11-20 10:50 - 2015-11-20 10:50 - 01182143 _____ C:\Users\Dot\Downloads\CHRISTMAS-COCKTAILS.zip
2015-11-18 09:33 - 2015-11-18 09:33 - 00041917 _____ C:\Users\Dot\Desktop\CheckResults.txt
2015-11-18 09:33 - 2015-11-18 09:33 - 00001247 _____ C:\Users\Dot\Desktop\mbam-check-2.1.1.1001 - Shortcut.lnk
2015-11-18 09:32 - 2015-11-18 09:32 - 01682416 _____ (Malwarebytes Corporation) C:\Users\Dot\Downloads\mbam-check-2.1.1.1001.exe
2015-11-18 09:01 - 2015-11-23 22:08 - 00000000 ____D C:\Users\Dot\Desktop\FRST-OlderVersion
2015-11-17 23:22 - 2015-11-17 23:22 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-11-17 17:38 - 2015-11-17 23:02 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForDot.job
2015-11-17 17:38 - 2015-11-17 21:37 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForDot
2015-11-16 09:31 - 2015-11-16 09:31 - 00000000 ____D C:\Users\Dot\AppData\Roaming\Hewlett-Packard
2015-11-16 09:28 - 2015-11-16 09:28 - 00002227 _____ C:\Users\Dot\Desktop\HP Support Assistant.lnk
2015-11-16 09:28 - 2015-11-16 09:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-11-16 09:27 - 2015-11-16 10:18 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-16 09:27 - 2015-11-16 09:27 - 00000000 ____D C:\System.sav
2015-11-16 09:25 - 2015-11-16 09:25 - 00000000 ____D C:\Users\Dot\AppData\Roaming\hpqLog
2015-11-16 09:23 - 2015-11-16 10:23 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2015-11-16 09:18 - 2015-11-16 09:18 - 00003118 _____ C:\Windows\System32\Tasks\{6247BA63-0D11-4187-AB0D-98B3B4D700A5}
2015-11-16 09:16 - 2015-11-16 09:17 - 03795680 _____ (Oleg N. Scherbakov) C:\Users\Dot\Downloads\HPSupportSolutionsFramework-12.0.30.219.exe
2015-11-16 08:01 - 2015-11-23 17:13 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-16 08:01 - 2015-11-16 08:01 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-16 08:01 - 2015-11-16 08:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-16 08:00 - 2015-11-16 08:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-16 08:00 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-16 08:00 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-16 08:00 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-16 07:59 - 2015-11-16 08:00 - 00001554 _____ C:\Users\Dot\Desktop\mbam-setup-2.2.0.1024 - Shortcut.lnk
2015-11-16 07:58 - 2015-11-16 07:58 - 22908888 _____ (Malwarebytes ) C:\Users\Dot\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-15 19:50 - 2015-11-15 19:50 - 22908888 _____ (Malwarebytes ) C:\Users\Dot\Desktop\mbam-setup-2.2.0.1024 (3).exe
2015-11-15 09:11 - 2015-11-15 09:11 - 00001353 _____ C:\Users\Dot\Desktop\fixlist.txt
2015-11-14 23:24 - 2015-11-23 14:52 - 00000000 ____D C:\AdwCleaner
2015-11-14 23:24 - 2015-11-14 23:23 - 01732096 _____ C:\Users\Dot\Desktop\adwcleaner_5.021.exe
2015-11-14 23:23 - 2015-11-14 23:23 - 01732096 _____ C:\Users\Dot\Downloads\adwcleaner_5.021.exe
2015-11-14 23:07 - 2015-11-20 06:03 - 00046283 _____ C:\Users\Dot\Desktop\Addition.txt
2015-11-14 23:05 - 2015-11-23 22:08 - 00017404 _____ C:\Users\Dot\Desktop\FRST.txt
2015-11-14 23:04 - 2015-11-23 22:08 - 00000000 ____D C:\FRST
2015-11-14 17:59 - 2015-11-14 17:59 - 01624774 _____ C:\Users\Dot\Downloads\htd_paris.zip
2015-11-14 08:34 - 2015-11-23 22:08 - 02348544 _____ (Farbar) C:\Users\Dot\Desktop\FRST64.exe
2015-11-14 08:33 - 2015-11-14 08:33 - 02198528 _____ (Farbar) C:\Users\Dot\Downloads\FRST64.exe
2015-11-14 08:02 - 2015-11-14 08:02 - 00002782 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-11-14 08:02 - 2015-11-14 08:02 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-11-14 08:02 - 2015-11-14 08:02 - 00000796 _____ C:\Users\Public\Desktop\Speccy.lnk
2015-11-14 08:02 - 2015-11-14 08:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2015-11-14 08:02 - 2015-11-14 08:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-11-14 08:02 - 2015-11-14 08:02 - 00000000 ____D C:\Program Files\Speccy
2015-11-14 08:02 - 2015-11-14 08:02 - 00000000 ____D C:\Program Files\CCleaner
2015-11-14 08:00 - 2015-11-14 08:01 - 05127432 _____ (Piriform Ltd) C:\Users\Dot\Downloads\spsetup128.exe
2015-11-14 07:36 - 2015-11-14 07:36 - 00001125 _____ C:\Users\Dot\Desktop\DriveImage XML.lnk
2015-11-14 07:35 - 2015-11-14 07:35 - 00001107 _____ C:\Users\Public\Desktop\DriveImage XML.lnk
2015-11-14 07:35 - 2015-11-14 07:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2015-11-14 07:35 - 2015-11-14 07:35 - 00000000 ____D C:\Program Files (x86)\Runtime Software
2015-11-14 07:33 - 2015-11-14 07:33 - 02026456 _____ C:\Users\Dot\Desktop\dixmlsetup.exe
2015-11-14 07:21 - 2015-11-03 12:01 - 03214848 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-11 02:31 - 2015-10-12 22:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-11 02:30 - 2015-10-19 19:17 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 02:30 - 2015-10-19 19:17 - 00706496 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-11-11 02:30 - 2015-10-19 19:17 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-11 02:30 - 2015-10-19 19:17 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-11 02:30 - 2015-10-19 19:14 - 01729984 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-11 02:30 - 2015-10-19 19:14 - 00631384 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-11-11 02:30 - 2015-10-19 19:12 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-11 02:30 - 2015-10-19 19:12 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-11 02:30 - 2015-10-19 19:12 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-11 02:30 - 2015-10-19 19:12 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 01166336 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-11 02:30 - 2015-10-19 19:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-11 02:30 - 2015-10-19 19:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-11 02:30 - 2015-10-19 19:10 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-11 02:30 - 2015-10-19 19:10 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-11-11 02:30 - 2015-10-19 19:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-11 02:30 - 2015-10-19 19:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-11 02:30 - 2015-10-19 19:10 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-11-11 02:30 - 2015-10-19 19:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:54 - 03996608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-11 02:30 - 2015-10-19 18:54 - 03940800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-11 02:30 - 2015-10-19 18:50 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-11 02:30 - 2015-10-19 18:46 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-11 02:30 - 2015-10-19 18:46 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-11 02:30 - 2015-10-19 18:45 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-11 02:30 - 2015-10-19 18:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-11 02:30 - 2015-10-19 18:45 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-11 02:30 - 2015-10-19 18:45 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-11 02:30 - 2015-10-19 18:45 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:05 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-11-11 02:30 - 2015-10-19 17:48 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-11 02:30 - 2015-10-19 17:47 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-11 02:30 - 2015-10-19 17:47 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-11 02:30 - 2015-10-19 17:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-11 02:30 - 2015-10-19 17:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 17:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 17:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 17:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 02:30 - 2015-09-23 07:18 - 00459344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-11 02:30 - 2015-09-23 07:18 - 00298192 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-11 02:30 - 2015-09-23 07:08 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-11 02:29 - 2015-10-19 19:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-11 02:29 - 2015-10-19 19:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-11 02:29 - 2015-10-19 19:01 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-11 02:29 - 2015-10-19 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 02:29 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 02:29 - 2015-10-19 18:41 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-11 02:29 - 2015-10-19 18:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-11 02:29 - 2015-10-19 18:37 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-11 02:29 - 2015-10-19 18:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 02:29 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 02:29 - 2015-10-19 17:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-11 02:27 - 2015-11-03 16:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-11 02:27 - 2015-11-03 15:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-11 02:27 - 2015-10-30 17:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-11 02:27 - 2015-10-30 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-11 02:27 - 2015-10-30 17:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 02:27 - 2015-10-30 17:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-11 02:27 - 2015-10-30 17:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-11 02:27 - 2015-10-30 17:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-11 02:27 - 2015-10-30 17:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-11 02:27 - 2015-10-30 17:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-11 02:27 - 2015-10-30 17:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-11 02:27 - 2015-10-30 17:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-11 02:27 - 2015-10-30 17:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-11 02:27 - 2015-10-30 17:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-11 02:27 - 2015-10-30 17:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-11 02:27 - 2015-10-30 17:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-11 02:27 - 2015-10-30 17:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 02:27 - 2015-10-30 17:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-11 02:27 - 2015-10-30 17:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-11 02:27 - 2015-10-30 17:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-11 02:27 - 2015-10-30 16:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-11 02:27 - 2015-10-30 16:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-11 02:27 - 2015-10-30 16:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-11 02:27 - 2015-10-30 16:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-11 02:27 - 2015-10-30 16:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-11 02:27 - 2015-10-30 16:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-11 02:27 - 2015-10-30 16:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-11 02:27 - 2015-10-30 16:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-11 02:27 - 2015-10-30 16:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-11 02:27 - 2015-10-30 16:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-11 02:27 - 2015-10-30 16:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-11 02:27 - 2015-10-30 16:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-11 02:27 - 2015-10-30 16:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-11 02:27 - 2015-10-30 16:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-11 02:27 - 2015-10-30 16:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-11 02:27 - 2015-10-30 16:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-11 02:27 - 2015-10-30 16:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-11 02:27 - 2015-10-30 16:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-11 02:27 - 2015-10-30 16:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-11 02:27 - 2015-10-30 16:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-11 02:27 - 2015-10-30 16:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-11 02:27 - 2015-10-30 16:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-11 02:27 - 2015-10-30 16:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-11 02:27 - 2015-10-30 16:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-11 02:27 - 2015-10-30 16:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-11 02:27 - 2015-10-30 16:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-11 02:27 - 2015-10-30 16:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 02:27 - 2015-10-30 16:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-11 02:27 - 2015-10-30 16:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-11 02:27 - 2015-10-30 16:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-11 02:27 - 2015-10-30 16:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-11 02:27 - 2015-10-30 16:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-11 02:27 - 2015-10-30 16:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-11 02:27 - 2015-10-30 16:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-11 02:27 - 2015-10-30 16:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-11 02:27 - 2015-10-30 16:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-11 02:27 - 2015-10-30 16:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-11 02:27 - 2015-10-30 16:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-11 02:27 - 2015-10-30 16:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 02:27 - 2015-10-30 15:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-11 02:27 - 2015-10-30 15:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-11 02:27 - 2015-10-30 15:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-11 02:27 - 2015-10-30 15:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-11 02:27 - 2015-10-20 12:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-11 02:27 - 2015-10-20 12:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-11 02:27 - 2015-10-20 12:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-11 02:27 - 2015-10-20 12:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-11 02:27 - 2015-10-20 12:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-11 02:27 - 2015-10-20 12:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-11 02:27 - 2015-10-20 12:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-11 02:27 - 2015-10-20 12:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-11 02:27 - 2015-10-20 12:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-11 02:27 - 2015-10-20 12:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-11 02:27 - 2015-10-20 12:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-11 02:27 - 2015-10-20 11:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-11 02:27 - 2015-10-20 11:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-11 02:27 - 2015-10-20 11:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-11 02:27 - 2015-10-20 11:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-11 02:27 - 2015-10-20 11:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-11 02:26 - 2015-10-30 17:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 02:26 - 2015-10-29 11:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-11 02:26 - 2015-10-29 11:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-11 02:26 - 2015-10-29 11:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-11 02:26 - 2015-10-29 11:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-11 02:26 - 2015-10-29 11:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-11 02:26 - 2015-10-29 11:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-11 02:26 - 2015-10-29 11:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-11 02:26 - 2015-10-13 18:50 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 02:26 - 2015-10-13 10:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 02:05 - 2015-10-01 12:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-11 02:05 - 2015-10-01 12:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-11 02:05 - 2015-10-01 11:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-10 13:32 - 2015-11-10 13:32 - 00440829 _____ C:\Users\Dot\Downloads\BJD_SC1.zip
2015-11-10 13:32 - 2015-11-10 13:32 - 00439048 _____ C:\Users\Dot\Downloads\BJD_SB3-1.zip
2015-11-03 09:45 - 2015-11-03 09:45 - 00000000 ____D C:\Users\Dot\AppData\Local\Monotype_Inc
2015-11-02 12:37 - 2015-11-23 14:59 - 00000000 ____D C:\Users\Dot\AppData\Local\CrashDumps
2015-11-01 11:25 - 2015-11-01 11:25 - 05749660 _____ C:\Users\Dot\Downloads\61049-900.zip
2015-10-30 03:42 - 2015-11-16 15:42 - 00000000 ____D C:\$WINDOWS.~BT
2015-10-28 09:36 - 2015-10-28 09:36 - 00040494 _____ C:\Users\Dot\Downloads\--SV-DFS01-ClubRunnerdata-PublicAccounts-2386-ExportMember-590912_ExportMember.csv
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-23 21:34 - 2015-10-22 13:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-23 21:21 - 2009-07-13 22:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-23 21:21 - 2009-07-13 22:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-23 21:20 - 2015-02-28 09:09 - 01548309 _____ C:\Windows\WindowsUpdate.log
2015-11-23 15:01 - 2009-07-13 23:13 - 00785858 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-23 14:55 - 2015-10-07 16:34 - 00000000 ____D C:\Users\Dot\AppData\Roaming\Monotype
2015-11-23 14:55 - 2015-07-27 12:53 - 00000000 ____D C:\Users\QBDataServiceUser25
2015-11-23 14:54 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-23 14:53 - 2014-07-21 16:47 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-23 14:53 - 2009-07-13 22:51 - 00066339 _____ C:\Windows\setupact.log
2015-11-22 00:27 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Default
2015-11-22 00:22 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini
2015-11-22 00:21 - 2010-11-20 21:47 - 00063706 _____ C:\Windows\PFRO.log
2015-11-22 00:20 - 2009-07-13 20:34 - 94371840 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-11-22 00:20 - 2009-07-13 20:34 - 37748736 _____ C:\Windows\system32\config\COMPONENTS.bak
2015-11-22 00:20 - 2009-07-13 20:34 - 17563648 _____ C:\Windows\system32\config\SYSTEM.bak
2015-11-22 00:20 - 2009-07-13 20:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2015-11-22 00:20 - 2009-07-13 20:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2015-11-22 00:20 - 2009-07-13 20:34 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak
2015-11-17 17:38 - 2015-04-13 08:14 - 00000000 ____D C:\Users\Dot\AppData\Local\Hewlett-Packard
2015-11-16 16:03 - 2014-06-10 12:03 - 00000000 ____D C:\Windows\Panther
2015-11-16 09:28 - 2014-06-10 12:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-16 09:27 - 2015-03-17 15:48 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-11-16 08:00 - 2015-10-17 16:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-15 09:13 - 2015-07-27 15:30 - 00000000 ____D C:\Users\Dot\AppData\LocalLow\Temp
2015-11-15 03:19 - 2009-07-13 22:45 - 05114032 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-11 04:52 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2015-11-11 03:56 - 2014-06-10 12:33 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 03:38 - 2014-06-10 12:33 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-11 03:37 - 2015-03-06 14:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 03:16 - 2014-06-10 13:03 - 00777980 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-11 03:08 - 2011-04-12 02:28 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-10 17:34 - 2015-10-22 13:21 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-10 17:34 - 2015-10-17 16:00 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-10 17:34 - 2015-10-17 16:00 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-10 16:21 - 2015-03-06 14:03 - 00138568 _____ C:\Users\Dot\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-10 16:16 - 2014-07-21 17:10 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-10 16:15 - 2014-07-21 17:10 - 00000000 ____D C:\ProgramData\Adobe
2015-11-10 16:04 - 2015-03-06 14:35 - 00000000 ____D C:\Program Files\Adobe
2015-11-10 07:25 - 2015-10-19 11:54 - 00000000 ____D C:\EEK
2015-11-10 07:20 - 2015-08-17 12:43 - 00001377 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-11-10 07:20 - 2014-07-21 16:46 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-11-05 00:06 - 2015-07-27 14:32 - 00000000 ____D C:\Users\Dot\Documents\QB
2015-11-05 00:06 - 2015-03-17 19:23 - 00000000 ____D C:\ESPOnline
2015-11-03 10:33 - 2015-07-27 12:53 - 00038901 _____ C:\Users\Dot\AppData\Roaming\QBFileDrTool.log
2015-11-03 09:44 - 2015-10-07 16:35 - 00001880 _____ C:\Users\Public\Desktop\SkyFonts.lnk
2015-11-02 13:00 - 2015-03-06 16:24 - 00000111 _____ C:\Windows\QBChanUtil_Trigger.ini
 
==================== Files in the root of some directories =======
 
2015-04-28 17:41 - 2015-05-26 08:34 - 0000132 _____ () C:\Users\Dot\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-07-27 15:03 - 2015-07-29 14:50 - 0031669 _____ () C:\Users\Dot\AppData\Roaming\FileDrTool.log
2015-07-27 12:53 - 2015-11-03 10:33 - 0038901 _____ () C:\Users\Dot\AppData\Roaming\QBFileDrTool.log
2015-05-13 15:55 - 2015-06-27 11:55 - 0001456 _____ () C:\Users\Dot\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-03-17 15:47 - 2015-03-17 15:47 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some files in TEMP:
====================
C:\Users\Dot\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-21 12:02
 
==================== End of FRST.txt ============================

Addition_23-11-2015_22-09-30.txt

Link to post
Share on other sites

  • Root Admin

Please run MSCONFIG and set it back to NORMAL and restart the computer.

 

Please read the following article concerning the use of MSCONFIG
Msconfig Is Not A Startup Manager
 

 

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Next:
 
Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 
 

 

Next,

 

Please run a Full Disk Check on your system drive.  If needed here are some links on how to run a Disk Check.

On Windows 7 the disk check log is in the Event Logs under Application with a heading source of  Wininit

How to Run Disk Check in Windows 7

How to Run Check Disk at Startup in Vista or Windows 7


How to Read the Event Viewer Log for Check Disk (chkdsk) in Vista, Windows 7, and Windows 8
 

Then copy/paste back the results of the Disk Check on your next reply.

 

Basically from an elevated Admin command prompt you can type the following.

 

CHKDSK   C:  /R

 

Then press the Y key to say yes to allow it to run after a restart. The disk check should take a least 10 minutes to run but could take hours to run depending on hardware speeds.

 

 

Next,

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

 

Thanks

 

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Yes, it happens with MSCONFIG from time to time as there are sometimes elements that it cannot revert back to Normal easily on it's own and yet another reason I recommend not using it in that manner.

Can you please post the CHKDSK Disk Check log

Then run the following

Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
Thanks
Link to post
Share on other sites

What should I do about the MSCONFIG-NORMAL/STARTUP? Sorry that I missed the instruction about posting the CHKDSK log. It is attached. Security Check log post follows. I am not sure why, but your posts to me are not coming through for until hours after you post them. I checked back multiple times yesterday and last night. This is not the first occurrence...

CHKDSKResults.txt

Link to post
Share on other sites

  • Root Admin

Not sure what's up with timing as they post immediately once I post. I'm not seeing the Security Check log yet, can you post that please. For the MSCONFIG please run it again, set it to NORMAL and immediately reboot. See if that get it to go back to Normal or not.

 

The Disk Check log looks good. At this time I'm assuming that the MBAM scan is no longer freezing, is that correct?

Link to post
Share on other sites

 Results of screen317's Security Check version 1.009  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Microsoft Security Essentials   

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:````````` 

 Adobe Flash Player 19.0.0.245  

 Google Chrome (46.0.2490.80) 

 Google Chrome (46.0.2490.86) 

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 0% 

````````````````````End of Log`````````````````````` 

 

Going back to if MSCONFIG will stay or revert back to STARTUP. Don't know about MBAM scan, will have to run to see.

Link to post
Share on other sites

  • Root Admin

Yes, that's what MSCONFIG should look like. Please go ahead and do a System Scan with MBAM and post back the results.

 

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

 

Link to post
Share on other sites

scan ran with no issues. one odd thing to note; it was previously running from the taskbar and setup to run automatically. It had 'disappeared' from there and was no longer setup to run every 23 hours. Would one of the other programs you had me run have done that?

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/28/2015
Scan Time: 6:46 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.11.28.02
Rootkit Database: v2015.11.26.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dot
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 424364
Time Elapsed: 15 min, 12 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

  • Root Admin

No it should have had no effect but let me have you do a clean removal and reinstall. Then setup your schedules to run when you want for both updates and scans.

Please uninstall your current version of MBAM and reinstall the latest version using this method. MBAM Clean Removal Process 2x

Let me know how that goes.

Thanks

Link to post
Share on other sites

Done; the clean removal actually left two earlier versions of the install/setup on my desktop. I moved them to the recycle bin and ran the clean removal again then reinstalled.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/28/2015
Scan Time: 10:57 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.11.28.07
Rootkit Database: v2015.11.26.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dot
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 444925
Time Elapsed: 25 min, 12 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

  • Root Admin

Yes the clean up tool is not designed to seek out and remove installer files as there is no way to know where a user may have put them. It's only designed to remove the actual files of an installation.

At this point unless there is some other issue you should be all set now.

At this time there are no more signs of an infection on your system and the MBAM program does not appear to be hanging anymore.

However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.

They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.

bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot
Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

If there are any other left over Folders, Files, Logs then you can delete them on your own.

Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.

How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP

As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers

How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.

Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.

If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.