Author Topic: Rogue: JS/TechBroloba.B  (Read 9026 times)

0 Members and 1 Guest are viewing this topic.

Offline pastywhitegurl

  • Hero Member
  • *****
  • Posts: 1028
  • advanced techno feeb
    • View Profile
Rogue: JS/TechBroloba.B
« on: November 14, 2016, 02:51:06 PM »
I picked up some malware on the evetrici.com site today.  WOT did not have it flagged as a dangerous site.  Rogue: JS/TechBroloba.B   is listed by MS as scareware, but a high level threat.  That seems a bit contradictory.  Is there something they are not telling me?

Windows Defender recognized and quarantined this file.  I then deleted it from quarantine as directed in the notes, but its still listed in my WD history.

I ran a MalwareBytes full scan that found nothing and a Windows Defender full scan is running right now.

Once the scan is complete, I would like make sure everything is ok, so I want to post my logs for review.  However, I'm not sure whether I should restart my computer or not first.   I didn't actually take any fix actions, as Defender just notified me that it was taking care of the threat, so I'm not sure what to do there.

Please advise how I should proceed?  I have a feeling this WD scan is going to take forever. It's been a half hour and its only at about 5%.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19231
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Rogue: JS/TechBroloba.B
« Reply #1 on: November 14, 2016, 03:14:54 PM »
Not all Internet sites have been reviewed by WOT, although that one now has your feedback. 

As described by Wikepedia:  "Scareware is a form of malicious software that uses social engineering to cause shock, anxiety, or the perception of a threat in order to manipulate users into buying unwanted software."  So whatever file you ran into was scareware but it is listed as "severe" because it is widespread rather than found on a relative small number of devices.

Yes, it would be best to restart your computer first.  Also, since I don't see it in your "specs", I suggest you consider adding Malwarebytes Anti-Exploit (free) to your arsenal.  You can download it from here:  https://www.malwarebytes.com/products/ (Uncheck any option for the Pro version).

(I have some yard work to do so may not be around until later but restart even if you give up on the Defender scan.)


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline pastywhitegurl

  • Hero Member
  • *****
  • Posts: 1028
  • advanced techno feeb
    • View Profile
Re: Rogue: JS/TechBroloba.B
« Reply #2 on: November 14, 2016, 03:30:59 PM »
Thanks so much for helping me with this, Corrine. This sort of stuff really is upsetting, and its so wonderful to know I can come here for help.

I didn't realize that MalwareBytes anti-exploit was free. I've downloaded the installer from your link. l should I install that before I restart the computer?  It seems to be a separate program from my MB Pro version.  I thought it was something I would have to buy and add to that.

Defender scan hasn't progressed much.  Would you recommend aborting it to continue on with the diagnostics?

Also, forgot to note that the malicious file was found in my Firefox profile.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19231
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Rogue: JS/TechBroloba.B
« Reply #3 on: November 14, 2016, 09:01:50 PM »
Told 'ya that I wouldn't be around for a while because of having to do yard work.  :)  Anyway, I gather that by now the Windows Defender scan either completed or you're about to cancel it.

As to Firefox, I suggest you clear cookies for the evetrici.com site. Just open Options, select Privacy and type the site name in the search box.  Delete each cookie for that site until they are all gone.  Also make sure you have Firefox set to clear cache before you close it. 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline pastywhitegurl

  • Hero Member
  • *****
  • Posts: 1028
  • advanced techno feeb
    • View Profile
Re: Rogue: JS/TechBroloba.B
« Reply #4 on: November 15, 2016, 12:21:39 AM »
Hope all the yardwork went well.  Since you were off, I let the Defender scan run. It took 5 hours to complete. Phew!  But the scan also found nothing.

I cleared all Firefox cookies for the site, cleared the cache, set FireFox to clear cache on closing,  and then closed the browser. I  made a restore point then installed MB anti-exploit free version.  I restarted.

When I opened Firefox, I got a windows notice that MB Anti-Exploit was protecting FireFox, and a notice that Windows Defender found some malware and is removing it.   I checked the Defender history, and only the instance from this morning was there, so I'm assuming the notice is from that and I can delete it from the notification panel?

Then I downloaded the scan programs and ran them.   It always makes me apprehensive to turn off all the security programs, but I did turn off the two MalwareBytes ones, WinPatrol, and Defender.  Here are the logs:  Hopefully I did them right.  I wasn't asked to give administrator permissions, so I'm wondering if  I messed up.

Result of Security Analysis by Rocket Grannie (x86) Updated: 13th November, 2016
Running from:C:\Users\Helena\Desktop (19:57:18 - 11/14/2016)
***---------------------------------------------------------***
Microsoft Windows 10 Pro X64
UAC is Enabled!
Internet Explorer 11
Default Browser: Microsoft Edge
***------------Antivirus - Antispyware - Firewall-----------***
Windows Defender's ProductState is indeterminate
Windows Defender's ProductState is indeterminate
Windows Firewall (Enabled)
*No other Firewall Installed*
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player Plugin (version 23.0.0.207)
Firefox (version 49)
Google Chrome (version 54)
Malwarebytes Anti-Exploit (version 1.8.1.2572)
Malwarebytes Anti-Malware (version 2.2.1.1043)
Opera (version 40)
Pale Moon (version 26)
SpywareBlaster (version 5.5)
WinPatrol (version 33.6)


***----------------Analysis Complete-------------------------***



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by Helena (administrator) on HELENA-PC (14-11-2016 19:45:35)
Running from C:\Users\Helena\Desktop
Loaded Profiles: Helena (Available Profiles: Helena & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchksrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel) C:\Program Files (x86)\Intel\AMT\LMS.exe
( ) C:\Windows\System32\lxbvcoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PaperPort 14\PDFProFiltSrvPP.exe
() C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(Intel) C:\Program Files (x86)\Intel\AMT\UNS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Xerox Corporation.) C:\Windows\System32\spool\drivers\x64\3\XrxFaxServer64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchk.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PaperPort 14\xdcla.exe
(Xerox Corporation.) C:\Windows\System32\spool\drivers\x64\3\XrxFaxTray64.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PaperPort 14\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\OmniPage 18\omnipage.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PDF Viewer 7\PdfPro7Hook.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [atchk] => C:\Program Files (x86)\Intel\AMT\atchk.exe [401408 2009-12-01] (Intel Corporation)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-15] (Microsoft Corporation)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
HKLM-x32\...\Run: [LWS] => C:\PROGRAM FILES (X86)\Logitech\LWS\WEBCAM SOFTWARE\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PaperPort 14\IndexSearch.exe [51616 2013-02-26] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PaperPort 14\pptd40nt.exe [39328 2013-02-26] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort14reminder] => "C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PaperPort 14\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\14\Config\Ereg\Ereg.ini"
HKLM-x32\...\Run: [ISUSPM] => "C:\ProgramData\FLEXnet\Connect\11\isuspm.exe" -scheduler
HKLM-x32\...\Run: [OmniPage Preload] => C:\Program Files (x86)\Xerox Scan To PC Desktop 12\OmniPage 18\OmniPage.exe [1460736 2013-03-01] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PDF Viewer 7\pdfpro7hook.exe [641424 2012-11-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2651088 2016-10-28] (Malwarebytes Corporation)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\Run: [cdloader] => C:\Users\Helena\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-05] (Ruiware)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27017856 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageRetriever.lnk [2016-04-06]
ShortcutTarget: ImageRetriever.lnk -> C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PaperPort 14\xdcla.exe (Nuance Communications, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Xerox MFP PC Fax.lnk [2016-04-06]
ShortcutTarget: Xerox MFP PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\XrxFaxTray64.exe (Xerox Corporation.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fee10231-d6e0-42e1-a19b-a0f5a78c86cc}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PDF Viewer 7\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default [2016-11-14]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\n27s1rnq.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\n27s1rnq.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\n27s1rnq.default -> hxxp://zionfirefriends.com/search/?c=5
FF Extension: (Disconnect) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\2.0@disconnect.me.xpi [2016-05-06]
FF Extension: (My Notepad) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\@MyNotepad.xpi [2016-01-19]
FF Extension: (Add to Search Bar) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2016-05-11]
FF Extension: (Bookmark Favicon Changer) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\bookmarkfaviconchanger@sonthakit.xpi [2016-01-30]
FF Extension: (Classic Theme Restorer) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2016-10-23]
FF Extension: (Clipple) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\clipple@mooz.github.com.xpi [2016-01-30]
FF Extension: (Copy Link Text) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\copylinktext@brett(2).zamir [2014-05-11] [not signed]
FF Extension: (Copy Link URL) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\copylinkurl@bluelightdev.com.xpi [2016-05-06]
FF Extension: (eSnipe.com SnipeIt!) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\esnipesnipeit@esnipe.com.xpi [2015-08-06]
FF Extension: (FavIconReloader) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\FavIconReloader@mozilla.org [2015-05-29]
FF Extension: (Firebug) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\firebug@software.joehewitt.com.xpi [2016-10-23]
FF Extension: (Firepicker) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\firepicker@thedarkone.xpi [2016-05-06]
FF Extension: (Greasefire) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\greasefire@skrul.com.xpi [2016-05-06]
FF Extension: (Googleâ„¢ Weather) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\jid0-lQyK6JstbAGdiq1fp28Cl@jetpack.xpi [2016-08-05]
FF Extension: (One Click Proxy) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\jid0-zXo3XFGyiDalgkeEO4UYJTUwo2I@jetpack.xpi [2015-08-28]
FF Extension: (Media Converter and Muxer) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\jid1-kps5PrGBNtzSLQ@jetpack.xpi [2016-10-23]
FF Extension: (Yahooâ„¢ Notifier Pro) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\jid1-sqmIFwWga4FYBa@jetpack.xpi [2016-07-28]
FF Extension: (Pinterest Guest) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\jid1-SWdspnBEetWxoA@jetpack.xpi [2016-07-28]
FF Extension: (Forecast Plus) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\jid1-w3xH9kJhd3KJUp@jetpack.xpi [2016-10-23]
FF Extension: (Lazarus: Form Recovery) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\lazarus@interclue.com.xpi [2016-05-06]
FF Extension: (list.it) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\listit@csail.mit.edu.xpi [2016-05-06]
FF Extension: (SmartVideo For YouTube) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\mytube@ashishmishra.in.xpi [2016-05-06]
FF Extension: (Old Default Image Style) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\olddefaultimagestyle@dagger2-addons.mozilla.org.xpi [2016-05-06]
FF Extension: (Open With) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\openwith@darktrojan(2).net [2014-05-11] [not signed]
FF Extension: (Priv3+) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\priv3plus@icsi.berkeley.edu.xpi [2016-02-13]
FF Extension: (Rainbow) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\rainbow@colors.org.xpi [2016-05-06]
FF Extension: (BBCopy) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\rirri.com@gmail.com.xpi [2016-05-06]
FF Extension: (Star-Button In Urlbar) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\Starbuttoninurlbar@ArisT2Noia4dev.xpi [2016-07-02]
FF Extension: (TabAlarm) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\tab@tim.er.xpi [2016-06-07]
FF Extension: (Vacuum Places Improved) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\VacuumPlacesImproved@lultimouomo-gmail.com.xpi [2016-05-06]
FF Extension: (YesScript) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\yesscript@userstyles.org.xpi [2016-08-05]
FF Extension: (YouTube to MP3) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\youtube2mp3@mondayx(2).de [2014-05-11] [not signed]
FF Extension: (Screengrab (fix version)) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2016-09-24]
FF Extension: (Delete Bookmark Icons) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{04514a2c-a3ab-4f47-8688-55f911b0fe75}.xpi [2016-02-13]
FF Extension: (FireShot) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}(2) [2014-05-11] [not signed]
FF Extension: (Image Zoom) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2016-05-06]
FF Extension: (Paste Quote) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{1C7CCF7A-ECB8-4CE5-B5D1-A4FA477A7242}.xpi [2016-05-06]
FF Extension: (LittleFox) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}(2) [2014-05-11] [not signed]
FF Extension: (Back to Top) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{3C9A65A6-9563-4485-BA4A-4BCD698BCFB4}.xpi [2016-05-06]
FF Extension: (Stylish) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2016-08-23]
FF Extension: (FEBE) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2016-04-09]
FF Extension: (Empty Cache Button) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2016-05-06]
FF Extension: (Animat) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{51fc7e08-5a74-458b-8b2e-bc32da06f0a1}.xpi [2016-05-06]
FF Extension: (Text Link) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi [2016-03-20]
FF Extension: (InFormEnter) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920} [2016-05-06]
FF Extension: (ChatZilla) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2015-08-11]
FF Extension: (ColorZilla) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2015-09-06]
FF Extension: (NoScript) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-08-23]
FF Extension: (MeasureIt) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2016-03-20]
FF Extension: (Forum Tags PLUS) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{7c402354-dd42-4ef3-8d2d-8aa1645b65a7}.xpi [2016-05-06]
FF Extension: (Pearl Crescent Page Saver Pro) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{7e5323bb-4c75-4c7e-8383-612a65a6d61e}.xpi [2014-07-06] [not signed]
FF Extension: (WOT) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-16]
FF Extension: (Youtube Converter MP3) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a5}.xpi [2016-01-22]
FF Extension: (ReminderFox) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}.xpi [2016-07-28]
FF Extension: (BBCodeXtra) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc}.xpi [2015-12-16]
FF Extension: (QuickJS) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{bb65e674-b194-4b6e-8033-5fa0afe3a198}.xpi [2016-05-06]
FF Extension: (QuickNote) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}.xpi [2016-05-06]
FF Extension: (Show my Password) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}.xpi [2016-05-06]
FF Extension: (Image Preview) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{D0A81AC1-3B12-4cec-AA8D-40EBDC4241EA}.xpi [2016-05-06]
FF Extension: (Adblock Plus) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2) [2014-05-11] [not signed]
FF Extension: (Adblock Plus) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-06]
FF Extension: (Tiny Menu) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}.xpi [2016-05-06]
FF Extension: (Greasemonkey) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-08-23]
FF Extension: (IE View Lite) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}(2) [2014-05-11] [not signed]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\cnet.xml [2009-11-14]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\mozilla-add-ons.xml [2008-09-06]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\technorati.xml [2008-09-11]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\webster.xml [2008-09-18]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\wordpresscom.xml [2016-03-16]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\youtube-video-search.xml [2015-02-26]
FF ProfilePath: C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default [2016-07-31]
FF DefaultSearchEngine: Moonchild Productions\Pale Moon\Profiles\owxwoiji.default -> Google
FF SelectedSearchEngine: Moonchild Productions\Pale Moon\Profiles\owxwoiji.default -> Google
FF Homepage: Moonchild Productions\Pale Moon\Profiles\owxwoiji.default -> hxxp://zionfirefriends.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll [No File]
FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll [2014-05-07] (Simon Bünzli)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PDF Viewer 7\bin\nppdf.dll [2011-07-15] (Zeon Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://if.invisionfree.com/search/?c=5","hxxp://www.drudgereport.com/","hxxps://us-mg6.mail.yahoo.com/neo/launch?.rand=e2tudim4rqkvc","hxxp://www.landzdown.com/index.php","hxxp://www.accuweather.com/en/us/kansas-city-mo/64106/hourly-weather-forecast/329441","hxxp://if.invisionfree.com/pages/ircchat/","hxxp://www.official-drivers.com/installer/?seed=lexmark&gclid=COTq45Duor4CFQcSMwodZQEANA","hxxp://hcgdietinfo.com/hcgdietforums/search.php?searchid=4234517"
CHR Profile: C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default [2016-11-07]
CHR Extension: (Google Docs) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-28]
CHR Extension: (Google Drive) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-31]
CHR Extension: (YouTube) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-31]
CHR Extension: (Google Search) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Google Docs Offline) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-16]
CHR Extension: (Gmail) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-14]
CHR Extension: (Chrome Media Router) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-31]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-05-11] (Macrovision Europe Ltd.) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
R2 lxbv_device; C:\WINDOWS\system32\lxbvcoms.exe [566704 2007-04-25] ( )
R2 lxbv_device; C:\WINDOWS\SysWOW64\lxbvcoms.exe [537520 2007-04-25] ( )
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155088 2016-10-28] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PaperPort 14\PDFProFiltSrvPP.exe [220488 2013-02-26] (Nuance Communications, Inc.)
R2 SamsungUPDUtilSvc; C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe [118576 2014-11-26] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 Xerox MFP Fax Server; C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxServer64.exe [501760 2014-04-21] (Xerox Corporation.) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77416 2016-10-28] ()
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-14] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-14 19:45 - 2016-11-14 19:46 - 00025703 _____ C:\Users\Helena\Desktop\FRST.txt
2016-11-14 19:45 - 2016-11-14 19:45 - 00000000 ____D C:\FRST
2016-11-14 19:37 - 2016-11-14 19:44 - 02411520 _____ (Farbar) C:\Users\Helena\Desktop\FRST64.exe
2016-11-14 19:27 - 2016-11-14 19:27 - 00000000 ____D C:\Users\Helena\AppData\LocalLow\Temp
2016-11-14 19:24 - 2016-11-14 19:33 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-11-14 19:24 - 2016-11-14 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-11-14 19:24 - 2016-11-14 19:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-11-14 11:27 - 2016-11-14 19:20 - 01885968 _____ (Malwarebytes ) C:\Users\Helena\Desktop\mbae-setup-1.09.1.1235.exe
2016-11-09 17:57 - 2016-11-09 17:57 - 00000273 _____ C:\Users\Helena\Documents\repwatch.xsw
2016-11-08 14:58 - 2016-11-02 06:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-08 14:58 - 2016-11-02 06:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-08 14:58 - 2016-11-02 05:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-08 14:58 - 2016-11-02 05:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-08 14:58 - 2016-11-02 05:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-08 14:58 - 2016-11-02 05:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-08 14:58 - 2016-11-02 05:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-08 14:58 - 2016-11-02 05:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-08 14:58 - 2016-11-02 05:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-08 14:58 - 2016-11-02 05:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-08 14:58 - 2016-11-02 05:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-08 14:58 - 2016-11-02 05:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-08 14:58 - 2016-11-02 05:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-08 14:58 - 2016-11-02 05:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-08 14:58 - 2016-11-02 05:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-08 14:58 - 2016-11-02 05:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-08 14:58 - 2016-11-02 05:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-08 14:58 - 2016-11-02 05:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-08 14:58 - 2016-11-02 05:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-08 14:58 - 2016-11-02 05:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-08 14:58 - 2016-11-02 05:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-08 14:58 - 2016-11-02 04:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-08 14:58 - 2016-11-02 04:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-08 14:58 - 2016-11-02 04:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-08 14:58 - 2016-11-02 04:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-08 14:58 - 2016-11-02 04:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-08 14:58 - 2016-11-02 04:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-08 14:58 - 2016-11-02 04:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-08 14:58 - 2016-11-02 04:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-08 14:58 - 2016-11-02 04:37 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2016-11-08 14:58 - 2016-11-02 04:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-08 14:58 - 2016-11-02 04:36 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2016-11-08 14:58 - 2016-11-02 04:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-08 14:58 - 2016-11-02 04:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-08 14:58 - 2016-11-02 04:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-08 14:58 - 2016-11-02 04:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-08 14:58 - 2016-11-02 04:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-08 14:58 - 2016-11-02 04:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-08 14:58 - 2016-11-02 04:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-08 14:58 - 2016-11-02 04:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-08 14:58 - 2016-11-02 04:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-08 14:58 - 2016-11-02 04:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-08 14:58 - 2016-11-02 04:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-08 14:58 - 2016-11-02 04:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-08 14:58 - 2016-11-02 04:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-08 14:58 - 2016-11-02 04:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-08 14:58 - 2016-11-02 04:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-08 14:58 - 2016-11-02 04:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-08 14:58 - 2016-11-02 04:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-08 14:58 - 2016-11-02 04:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-08 14:58 - 2016-11-02 04:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-08 14:58 - 2016-11-02 04:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-08 14:58 - 2016-11-02 04:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-08 14:58 - 2016-11-02 04:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-08 14:58 - 2016-11-02 04:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-08 14:58 - 2016-11-02 04:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-11-08 14:58 - 2016-11-02 04:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-08 14:58 - 2016-11-02 04:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-08 14:58 - 2016-11-02 04:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-08 14:58 - 2016-11-02 04:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-11-08 14:58 - 2016-11-02 04:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-08 14:58 - 2016-11-02 04:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-08 14:58 - 2016-11-02 04:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-08 14:58 - 2016-11-02 04:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-08 14:58 - 2016-11-02 04:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-08 14:58 - 2016-11-02 04:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-08 14:58 - 2016-11-02 04:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-08 14:58 - 2016-11-02 04:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-08 14:58 - 2016-11-02 04:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-08 14:58 - 2016-11-02 04:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-08 14:58 - 2016-11-02 04:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-08 14:58 - 2016-11-02 04:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-08 14:58 - 2016-11-02 04:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-08 14:58 - 2016-11-02 04:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-08 14:58 - 2016-11-02 04:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-08 14:58 - 2016-11-02 04:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-08 14:58 - 2016-11-02 02:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-08 14:57 - 2016-11-02 05:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-08 14:57 - 2016-11-02 05:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-08 14:57 - 2016-11-02 05:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-08 14:57 - 2016-11-02 05:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-08 14:57 - 2016-11-02 05:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-08 14:57 - 2016-11-02 05:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-08 14:57 - 2016-11-02 05:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-08 14:57 - 2016-11-02 05:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-08 14:57 - 2016-11-02 05:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-08 14:57 - 2016-11-02 05:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-08 14:57 - 2016-11-02 05:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-08 14:57 - 2016-11-02 04:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-08 14:57 - 2016-11-02 04:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-08 14:57 - 2016-11-02 04:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-08 14:57 - 2016-11-02 04:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-08 14:57 - 2016-11-02 04:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-08 14:57 - 2016-11-02 04:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-08 14:57 - 2016-11-02 04:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-08 14:57 - 2016-11-02 04:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-08 14:57 - 2016-11-02 04:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-08 14:57 - 2016-11-02 04:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-08 14:57 - 2016-11-02 04:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-08 14:57 - 2016-11-02 04:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-08 14:57 - 2016-11-02 04:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-08 14:57 - 2016-11-02 04:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-08 14:57 - 2016-11-02 04:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-08 14:57 - 2016-11-02 04:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-08 14:57 - 2016-11-02 04:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-08 14:57 - 2016-11-02 04:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-08 14:57 - 2016-11-02 04:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-08 14:57 - 2016-11-02 04:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-08 14:57 - 2016-11-02 04:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-08 14:57 - 2016-11-02 04:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-08 14:57 - 2016-11-02 04:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-08 14:57 - 2016-11-02 04:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-08 14:57 - 2016-11-02 04:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-08 14:57 - 2016-11-02 04:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-08 14:57 - 2016-11-02 04:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-08 14:57 - 2016-11-02 04:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-08 14:57 - 2016-11-02 04:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-08 14:57 - 2016-11-02 04:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-08 14:57 - 2016-11-02 04:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-08 14:57 - 2016-11-02 04:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-08 14:57 - 2016-11-02 04:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-08 14:57 - 2016-11-02 04:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-08 14:57 - 2016-11-02 04:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-08 14:57 - 2016-11-02 04:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-08 14:57 - 2016-11-02 04:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-08 14:57 - 2016-11-02 04:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-08 14:57 - 2016-11-02 04:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-08 14:57 - 2016-11-02 04:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-08 14:57 - 2016-11-02 04:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-08 14:57 - 2016-11-02 04:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-08 14:57 - 2016-11-02 04:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-08 14:57 - 2016-11-02 04:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-08 14:57 - 2016-11-02 04:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-08 14:57 - 2016-11-02 04:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-08 14:57 - 2016-11-02 04:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-08 14:57 - 2016-11-02 04:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-08 14:57 - 2016-11-02 04:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-08 14:57 - 2016-11-02 04:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-08 14:57 - 2016-11-02 04:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-08 14:57 - 2016-11-02 04:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-08 14:57 - 2016-11-02 04:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-08 14:57 - 2016-11-02 04:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-08 14:57 - 2016-11-02 04:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-08 14:57 - 2016-11-02 04:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-08 14:57 - 2016-11-02 04:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-08 14:57 - 2016-11-02 04:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-08 14:57 - 2016-11-02 04:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-08 14:57 - 2016-11-02 04:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-08 14:57 - 2016-11-02 04:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-08 14:57 - 2016-11-02 04:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-08 14:57 - 2016-11-02 04:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-08 14:57 - 2016-11-02 04:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-08 14:57 - 2016-11-02 04:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-08 14:57 - 2016-11-02 04:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-08 14:57 - 2016-11-02 04:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-08 14:57 - 2016-11-02 04:18 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2016-11-08 14:57 - 2016-11-02 04:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-08 14:57 - 2016-11-02 04:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-08 14:57 - 2016-11-02 04:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-08 14:57 - 2016-11-02 04:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-08 14:57 - 2016-11-02 04:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-08 14:57 - 2016-11-02 04:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-08 14:57 - 2016-11-02 04:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-08 14:57 - 2016-11-02 04:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-08 14:57 - 2016-11-02 04:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-08 14:57 - 2016-11-02 04:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-08 14:57 - 2016-11-02 04:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-08 14:57 - 2016-11-02 04:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-08 14:57 - 2016-11-02 04:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-08 14:57 - 2016-11-02 04:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-08 14:57 - 2016-11-02 04:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-08 14:57 - 2016-11-02 04:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-08 14:57 - 2016-11-02 04:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-08 14:57 - 2016-11-02 04:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-08 14:57 - 2016-11-02 04:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-08 14:57 - 2016-11-02 04:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-08 14:57 - 2016-08-01 22:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-11-08 14:56 - 2016-11-02 05:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-08 14:56 - 2016-11-02 05:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-08 14:56 - 2016-11-02 05:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-08 14:56 - 2016-11-02 05:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-08 14:56 - 2016-11-02 05:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-08 14:56 - 2016-11-02 05:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-08 14:56 - 2016-11-02 05:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-08 14:56 - 2016-11-02 05:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-08 14:56 - 2016-11-02 05:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-08 14:56 - 2016-11-02 05:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-08 14:56 - 2016-11-02 05:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-08 14:56 - 2016-11-02 05:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-08 14:56 - 2016-11-02 05:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-08 14:56 - 2016-11-02 05:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-08 14:56 - 2016-11-02 05:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-08 14:56 - 2016-11-02 05:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-08 14:56 - 2016-11-02 05:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-08 14:56 - 2016-11-02 05:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-08 14:56 - 2016-11-02 04:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-08 14:56 - 2016-11-02 04:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-08 14:56 - 2016-11-02 04:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-08 14:56 - 2016-11-02 04:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-08 14:56 - 2016-11-02 04:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-08 14:56 - 2016-11-02 04:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-08 14:56 - 2016-11-02 04:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-08 14:56 - 2016-11-02 04:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-08 14:56 - 2016-11-02 04:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-08 14:56 - 2016-11-02 04:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-08 14:56 - 2016-11-02 04:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-11-08 14:56 - 2016-11-02 04:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-08 14:56 - 2016-11-02 04:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-08 14:56 - 2016-11-02 04:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-08 14:56 - 2016-11-02 04:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-08 14:56 - 2016-11-02 04:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-08 14:56 - 2016-11-02 04:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-08 14:56 - 2016-11-02 04:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-08 14:56 - 2016-11-02 04:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-08 14:56 - 2016-11-02 04:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-08 14:56 - 2016-11-02 04:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-08 14:56 - 2016-11-02 04:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-08 14:56 - 2016-11-02 04:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-08 14:56 - 2016-11-02 04:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-08 14:56 - 2016-11-02 04:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-08 14:56 - 2016-11-02 04:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-08 14:56 - 2016-11-02 04:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-08 14:56 - 2016-11-02 04:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-08 14:56 - 2016-11-02 04:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-08 14:56 - 2016-11-02 04:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-08 14:56 - 2016-11-02 04:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-08 14:56 - 2016-11-02 04:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-08 14:56 - 2016-11-02 04:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-08 14:56 - 2016-11-02 04:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-08 14:56 - 2016-11-02 04:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-08 14:56 - 2016-11-02 04:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-08 14:56 - 2016-11-02 04:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-08 14:56 - 2016-11-02 04:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-08 14:56 - 2016-11-02 04:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-08 14:56 - 2016-11-02 04:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-08 14:56 - 2016-11-02 04:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-08 14:56 - 2016-11-02 04:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-08 14:56 - 2016-11-02 04:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-08 14:56 - 2016-11-02 04:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-08 14:56 - 2016-11-02 04:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-08 14:56 - 2016-11-02 04:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-08 14:56 - 2016-11-02 04:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-08 14:56 - 2016-11-02 04:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-08 14:56 - 2016-11-02 04:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-08 14:56 - 2016-11-02 04:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-08 14:56 - 2016-11-02 04:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-08 14:56 - 2016-11-02 04:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-08 14:56 - 2016-11-02 04:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-08 14:56 - 2016-11-02 04:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-08 14:56 - 2016-11-02 04:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-08 14:56 - 2016-11-02 04:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-08 14:56 - 2016-11-02 04:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-08 14:56 - 2016-11-02 04:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-08 14:56 - 2016-11-02 04:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-08 14:56 - 2016-11-02 04:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-08 14:56 - 2016-11-02 04:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-08 14:56 - 2016-11-02 03:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-08 14:56 - 2016-11-02 03:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-10-28 16:49 - 2016-10-28 16:49 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-10-27 12:17 - 2016-10-14 22:51 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-10-27 12:17 - 2016-10-14 22:51 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-10-27 12:17 - 2016-10-14 22:51 - 00595296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-10-27 12:17 - 2016-10-14 22:51 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-10-27 12:17 - 2016-10-14 22:51 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-10-27 12:17 - 2016-10-14 22:51 - 00078688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-10-27 12:17 - 2016-10-14 22:30 - 00341936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-10-27 12:16 - 2016-10-14 22:34 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-10-27 12:16 - 2016-10-14 22:33 - 00455040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2016-10-27 12:16 - 2016-10-14 22:20 - 02276736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-10-27 12:16 - 2016-10-14 22:19 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-10-27 12:16 - 2016-10-14 22:18 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-10-27 12:16 - 2016-10-14 22:18 - 01556712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-10-27 12:16 - 2016-10-14 22:18 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-10-27 12:16 - 2016-10-14 22:18 - 00749920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2016-10-27 12:16 - 2016-10-14 22:15 - 01853776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-10-27 12:16 - 2016-10-14 22:15 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-10-27 12:16 - 2016-10-14 22:15 - 01123368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-10-27 12:16 - 2016-10-14 22:15 - 00687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-10-27 12:16 - 2016-10-14 22:11 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-10-27 12:16 - 2016-10-14 22:10 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
2016-10-27 12:16 - 2016-10-14 22:06 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-10-27 12:16 - 2016-10-14 22:00 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-10-27 12:16 - 2016-10-14 22:00 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stdole2.tlb
2016-10-27 12:16 - 2016-10-14 21:59 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2016-10-27 12:16 - 2016-10-14 21:57 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2016-10-27 12:16 - 2016-10-14 21:57 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2016-10-27 12:16 - 2016-10-14 21:56 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2016-10-27 12:16 - 2016-10-14 21:56 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2016-10-27 12:16 - 2016-10-14 21:56 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-10-27 12:16 - 2016-10-14 21:55 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2016-10-27 12:16 - 2016-10-14 21:54 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2016-10-27 12:16 - 2016-10-14 21:54 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoplay.dll
2016-10-27 12:16 - 2016-10-14 21:54 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2016-10-27 12:16 - 2016-10-14 21:52 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2016-10-27 12:16 - 2016-10-14 21:51 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-10-27 12:16 - 2016-10-14 21:51 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-10-27 12:16 - 2016-10-14 21:50 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-10-27 12:16 - 2016-10-14 21:50 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-10-27 12:16 - 2016-10-14 21:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-10-27 12:16 - 2016-10-14 21:49 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-10-27 12:16 - 2016-10-14 21:49 - 00033280

Offline pastywhitegurl

  • Hero Member
  • *****
  • Posts: 1028
  • advanced techno feeb
    • View Profile
Re: Rogue: JS/TechBroloba.B
« Reply #5 on: November 15, 2016, 12:28:28 AM »
2016-10-27 12:16 - 2016-10-14 21:49 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-10-27 12:16 - 2016-10-14 21:49 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-10-27 12:16 - 2016-10-14 21:48 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2016-10-27 12:16 - 2016-10-14 21:47 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-10-27 12:16 - 2016-10-14 21:47 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2016-10-27 12:16 - 2016-10-14 21:46 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2016-10-27 12:16 - 2016-10-14 21:44 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-10-27 12:16 - 2016-10-14 21:44 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-10-27 12:16 - 2016-10-14 21:44 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-10-27 12:16 - 2016-10-14 21:43 - 02748928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-10-27 12:16 - 2016-10-14 21:42 - 06108672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-10-27 12:16 - 2016-10-14 21:42 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2016-10-27 12:16 - 2016-10-14 21:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.exe
2016-10-27 12:16 - 2016-10-14 21:41 - 05376000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-10-27 12:16 - 2016-10-14 21:41 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll
2016-10-27 12:16 - 2016-10-14 21:39 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2016-10-27 12:16 - 2016-10-14 21:39 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2016-10-27 12:16 - 2016-10-14 21:38 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-10-27 12:16 - 2016-10-14 21:38 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-10-27 12:16 - 2016-10-14 21:37 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2016-10-27 12:16 - 2016-10-14 21:37 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-10-27 12:16 - 2016-10-14 21:37 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-10-27 12:16 - 2016-10-14 21:36 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-10-27 12:16 - 2016-10-14 21:36 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-10-27 12:16 - 2016-10-14 21:36 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmifw.dll
2016-10-27 12:16 - 2016-10-14 21:35 - 02708992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-10-27 12:16 - 2016-10-14 21:35 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-10-27 12:16 - 2016-10-14 21:35 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-10-27 12:12 - 2016-10-14 22:51 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-10-27 12:12 - 2016-10-14 22:26 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-10-27 12:12 - 2016-10-14 22:21 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-10-27 12:12 - 2016-10-14 22:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-10-27 12:12 - 2016-10-14 21:53 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-10-27 12:12 - 2016-10-14 21:49 - 01913344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-10-27 12:12 - 2016-10-14 21:48 - 01554944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-10-27 12:12 - 2016-10-14 21:46 - 03287552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-10-27 12:12 - 2016-10-14 21:39 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-10-27 12:12 - 2016-10-14 21:39 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-10-27 12:12 - 2016-10-14 21:37 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-10-27 12:12 - 2016-10-14 21:36 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-10-27 12:12 - 2016-10-14 21:35 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-10-27 12:12 - 2016-10-14 21:35 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-10-27 12:11 - 2016-10-14 22:41 - 05622088 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-10-27 12:11 - 2016-10-14 22:38 - 00409952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2016-10-27 12:11 - 2016-10-14 22:31 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-10-27 12:11 - 2016-10-14 22:31 - 00658272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-10-27 12:11 - 2016-10-14 22:31 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-10-27 12:11 - 2016-10-14 22:30 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-10-27 12:11 - 2016-10-14 22:26 - 01990648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-10-27 12:11 - 2016-10-14 22:26 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-10-27 12:11 - 2016-10-14 22:26 - 01472536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-10-27 12:11 - 2016-10-14 22:26 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-10-27 12:11 - 2016-10-14 22:26 - 00691080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-10-27 12:11 - 2016-10-14 22:25 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-10-27 12:11 - 2016-10-14 22:25 - 00742704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-10-27 12:11 - 2016-10-14 22:22 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-10-27 12:11 - 2016-10-14 22:21 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-10-27 12:11 - 2016-10-14 22:21 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-10-27 12:11 - 2016-10-14 22:21 - 00292872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2016-10-27 12:11 - 2016-10-14 22:00 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2016-10-27 12:11 - 2016-10-14 21:59 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2016-10-27 12:11 - 2016-10-14 21:59 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\stdole2.tlb
2016-10-27 12:11 - 2016-10-14 21:57 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2016-10-27 12:11 - 2016-10-14 21:57 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-10-27 12:11 - 2016-10-14 21:56 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-10-27 12:11 - 2016-10-14 21:56 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-10-27 12:11 - 2016-10-14 21:56 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-10-27 12:11 - 2016-10-14 21:55 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2016-10-27 12:11 - 2016-10-14 21:55 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2016-10-27 12:11 - 2016-10-14 21:54 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskbarcpl.dll
2016-10-27 12:11 - 2016-10-14 21:54 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-10-27 12:11 - 2016-10-14 21:53 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-10-27 12:11 - 2016-10-14 21:52 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-10-27 12:11 - 2016-10-14 21:52 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-10-27 12:11 - 2016-10-14 21:50 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-10-27 12:11 - 2016-10-14 21:50 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-10-27 12:11 - 2016-10-14 21:50 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-10-27 12:11 - 2016-10-14 21:50 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-10-27 12:11 - 2016-10-14 21:49 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-10-27 12:11 - 2016-10-14 21:49 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-10-27 12:11 - 2016-10-14 21:49 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-10-27 12:11 - 2016-10-14 21:47 - 07792640 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-10-27 12:11 - 2016-10-14 21:47 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2016-10-27 12:11 - 2016-10-14 21:47 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-10-27 12:11 - 2016-10-14 21:46 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-10-27 12:11 - 2016-10-14 21:45 - 01790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-10-27 12:11 - 2016-10-14 21:45 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2016-10-27 12:11 - 2016-10-14 21:44 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.exe
2016-10-27 12:11 - 2016-10-14 21:43 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-10-27 12:11 - 2016-10-14 21:43 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
2016-10-27 12:11 - 2016-10-14 21:42 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-10-27 12:11 - 2016-10-14 21:42 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2016-10-27 12:11 - 2016-10-14 21:41 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-10-27 12:11 - 2016-10-14 21:41 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-10-27 12:11 - 2016-10-14 21:41 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-10-27 12:11 - 2016-10-14 21:39 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-10-27 12:11 - 2016-10-14 21:38 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-10-27 12:11 - 2016-10-14 21:37 - 01980416 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-10-27 12:11 - 2016-10-14 21:37 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-10-27 12:11 - 2016-10-14 21:37 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmifw.dll
2016-10-27 12:11 - 2016-10-14 21:36 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-10-27 12:11 - 2016-10-14 21:36 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-10-27 12:11 - 2016-10-14 21:36 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2016-10-27 12:11 - 2016-10-14 21:35 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-10-27 12:11 - 2016-10-14 21:35 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-10-27 12:11 - 2016-10-14 21:34 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-10-27 12:11 - 2016-08-26 23:12 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-10-27 12:11 - 2016-08-05 22:17 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-10-27 12:10 - 2016-10-14 22:51 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-10-27 12:10 - 2016-10-14 22:51 - 00283488 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-10-27 12:10 - 2016-10-14 22:51 - 00232800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-10-27 12:10 - 2016-10-14 22:48 - 00498952 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2016-10-27 12:10 - 2016-10-14 22:43 - 01356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-10-27 12:10 - 2016-10-14 22:38 - 00500064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2016-10-27 12:10 - 2016-10-14 22:37 - 00063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-10-27 12:10 - 2016-10-14 22:31 - 02827864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-10-27 12:10 - 2016-10-14 22:30 - 01851696 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-10-27 12:10 - 2016-10-14 22:30 - 00557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-10-27 12:10 - 2016-10-14 22:29 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-10-27 12:10 - 2016-10-14 22:29 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-10-27 12:10 - 2016-10-14 22:29 - 00908640 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2016-10-27 12:10 - 2016-10-14 22:29 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-10-27 12:10 - 2016-10-14 22:29 - 00079200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2016-10-27 12:10 - 2016-10-14 22:26 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2016-10-27 12:10 - 2016-10-14 22:05 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-10-27 12:10 - 2016-10-14 22:01 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-10-27 12:10 - 2016-10-14 21:59 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-10-27 12:10 - 2016-10-14 21:58 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-10-27 12:10 - 2016-10-14 21:56 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2016-10-27 12:10 - 2016-10-14 21:56 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2016-10-27 12:10 - 2016-10-14 21:56 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2016-10-27 12:10 - 2016-10-14 21:56 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-10-27 12:10 - 2016-10-14 21:56 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2016-10-27 12:10 - 2016-10-14 21:55 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2016-10-27 12:10 - 2016-10-14 21:55 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-10-27 12:10 - 2016-10-14 21:55 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-10-27 12:10 - 2016-10-14 21:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2016-10-27 12:10 - 2016-10-14 21:54 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-10-27 12:10 - 2016-10-14 21:54 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairingFolder.dll
2016-10-27 12:10 - 2016-10-14 21:52 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-10-27 12:10 - 2016-10-14 21:52 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-10-27 12:10 - 2016-10-14 21:52 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoplay.dll
2016-10-27 12:10 - 2016-10-14 21:51 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2016-10-27 12:10 - 2016-10-14 21:50 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-10-27 12:10 - 2016-10-14 21:48 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-10-27 12:10 - 2016-10-14 21:45 - 00406016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-10-27 12:10 - 2016-10-14 21:43 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\energy.dll
2016-10-27 12:10 - 2016-10-14 21:39 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2016-10-27 12:10 - 2016-10-14 21:39 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2016-10-27 12:10 - 2016-10-14 21:39 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2016-10-27 12:10 - 2016-10-14 21:36 - 02290176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-10-27 12:10 - 2016-10-14 21:36 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2016-10-27 12:10 - 2016-10-14 21:35 - 03054080 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-10-27 12:10 - 2016-10-14 21:34 - 02476544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-10-27 12:10 - 2016-10-14 21:34 - 01840640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-10-27 12:10 - 2016-10-14 21:32 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-10-27 12:10 - 2016-10-14 21:31 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2016-10-27 12:10 - 2016-09-10 07:21 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2016-10-26 09:24 - 2016-10-26 09:24 - 06647224 _____ (Tim Kosse) C:\Users\Helena\Downloads\FileZilla_3.22.1_win64-setup.exe
2016-10-17 14:09 - 2016-10-17 14:09 - 00218814 _____ C:\Users\Helena\Documents\Sample_Ballot_nov16.pdf
2016-10-17 13:08 - 2016-10-17 13:08 - 00001410 _____ C:\Users\Helena\Documents\VoterGuide2016.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-14 19:36 - 2016-09-15 11:04 - 01103184 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-14 19:32 - 2014-05-10 18:51 - 00000000 ____D C:\Users\Helena\AppData\Roaming\Skype
2016-11-14 19:31 - 2014-05-10 16:20 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-14 19:30 - 2016-09-15 11:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-14 19:30 - 2016-09-15 11:05 - 00000000 ____D C:\Users\Helena
2016-11-14 19:29 - 2016-07-16 00:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2016-11-14 19:15 - 2015-12-07 11:14 - 00000000 ____D C:\Users\Helena\Documents\THM
2016-11-14 18:47 - 2016-09-15 10:59 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-11-14 15:07 - 2015-08-08 21:50 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-14 15:07 - 2014-05-10 18:30 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-14 09:44 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-13 08:56 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-13 08:05 - 2015-08-09 20:39 - 00000000 ____D C:\Users\Helena\Documents\BackupsWin10
2016-11-11 19:47 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-11 13:54 - 2016-02-01 17:44 - 00003581 _____ C:\Users\Helena\Desktop\TodaysNotes.txt
2016-11-10 13:59 - 2016-09-15 11:25 - 00003958 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1421088487
2016-11-10 13:59 - 2015-01-12 12:48 - 00001127 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-11-10 13:59 - 2015-01-12 12:48 - 00000000 ____D C:\Program Files (x86)\Opera
2016-11-09 18:00 - 2015-08-07 22:01 - 00001086 _____ C:\Users\Helena\Desktop\magicJack.lnk
2016-11-09 18:00 - 2015-08-07 22:01 - 00001072 _____ C:\Users\Helena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2016-11-09 18:00 - 2015-08-07 22:01 - 00000000 ____D C:\Users\Helena\AppData\Roaming\mjusbsp
2016-11-09 17:56 - 2015-08-08 21:56 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-09 17:51 - 2016-07-16 05:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-09 17:40 - 2016-09-15 10:59 - 02213608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-09 17:40 - 2014-06-12 23:02 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-11-09 17:38 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-09 17:38 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-09 17:38 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-09 17:37 - 2016-07-16 05:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-09 17:37 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-09 17:37 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-09 17:30 - 2015-09-14 17:16 - 00000000 ____D C:\Users\Helena\Documents\Doctor
2016-11-09 16:50 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-09 16:35 - 2014-05-10 14:21 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-09 16:27 - 2014-05-10 14:21 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-08 04:51 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-11-08 04:51 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-11-06 19:03 - 2015-04-01 11:39 - 00000000 ____D C:\Users\Helena\AppData\Local\CrashDumps
2016-11-06 09:45 - 2016-01-25 10:51 - 00000840 _____ C:\Users\Helena\Desktop\SpamrJS.txt
2016-11-04 12:26 - 2014-05-10 18:29 - 00000000 ____D C:\Users\Helena\AppData\Local\Google
2016-10-29 08:11 - 2014-05-10 18:50 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-29 08:11 - 2014-05-10 18:50 - 00000000 ____D C:\ProgramData\Skype
2016-10-28 17:56 - 2016-07-16 05:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-28 17:56 - 2016-07-16 05:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-28 16:49 - 2016-09-15 11:05 - 00000000 ____D C:\Users\DefaultAppPool
2016-10-28 15:48 - 2010-11-20 21:27 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-10-27 22:06 - 2015-01-02 19:59 - 00000000 ____D C:\Users\Helena\Documents\Dance
2016-10-27 15:52 - 2014-05-11 16:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-27 15:49 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-10-27 15:49 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-10-27 15:48 - 2016-07-16 05:47 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-10-27 15:31 - 2015-07-30 16:18 - 00040924 __RSH C:\ProgramData\ntuser.pol
2016-10-27 15:31 - 2014-05-14 16:57 - 00000000 ____D C:\ProgramData\TEMP
2016-10-27 15:31 - 2014-05-14 16:57 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2016-10-26 21:24 - 2015-03-26 11:28 - 00000600 _____ C:\Users\Helena\AppData\Local\PUTTY.RND
2016-10-26 21:24 - 2014-05-12 10:35 - 00000000 ____D C:\Users\Helena\AppData\Roaming\FileZilla
2016-10-23 12:25 - 2014-05-11 09:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-22 18:07 - 2014-05-12 17:35 - 00000000 ____D C:\Users\Helena\Documents\ScriptFiles
2016-10-22 09:44 - 2014-05-12 08:41 - 00000000 ____D C:\Users\Helena\Documents\HCG
2016-10-15 22:12 - 2014-05-13 11:06 - 00000000 ____D C:\Users\Helena\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories =======

2015-03-26 11:28 - 2016-10-26 21:24 - 0000600 _____ () C:\Users\Helena\AppData\Local\PUTTY.RND
2016-10-05 17:33 - 2016-10-05 17:33 - 0001515 _____ () C:\Users\Helena\AppData\Local\recently-used.xbel
2014-05-25 17:06 - 2014-05-25 21:11 - 0007597 _____ () C:\Users\Helena\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Helena\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-11 18:43

==================== End of FRST.txt ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by Helena (14-11-2016 19:47:09)
Running from C:\Users\Helena\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-15 17:29:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-831887293-3776352801-720962199-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-831887293-3776352801-720962199-503 - Limited - Disabled)
Guest (S-1-5-21-831887293-3776352801-720962199-501 - Limited - Disabled)
Helena (S-1-5-21-831887293-3776352801-720962199-1001 - Administrator - Enabled) => C:\Users\Helena
HomeGroupUser$ (S-1-5-21-831887293-3776352801-720962199-1008 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9045 - )
CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileZilla Client 3.21.0 (HKLM-x32\...\FileZilla Client) (Version: 3.21.0 - Tim Kosse)
Finale NotePad 2012 (HKLM-x32\...\Finale NotePad 2012) (Version: 2012..r1.5 - MakeMusic)
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 5.20 - Philipp Winterberg)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Image Retriever (HKLM-x32\...\{5F0EECDE-4C30-48A0-AEFD-9F3E06811465}) (Version: 11.0 - Nuance Communications, Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Lexmark 2200 Series (HKLM\...\Lexmark 2200 Series) (Version:  - Lexmark International, Inc.)
LibreOffice 5.1.5.2 (HKLM\...\{DDDB2EB8-D3A0-484A-BB24-9611754D29C4}) (Version: 5.1.5.2 - The Document Foundation)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
magicJack (HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Malwarebytes Anti-Exploit version 1.9.1.1235 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.9.1.1235 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
OmniPage (HKLM-x32\...\{0FEAC8E3-FBBD-4C01-BB2F-3EA7AD374757}) (Version: 18.1.0001 - Nuance Communications, Inc.)
Opera Stable 41.0.2353.56 (HKLM-x32\...\Opera 41.0.2353.56) (Version: 41.0.2353.56 - Opera Software)
Pale Moon 26.2.2 (x86 en-US) (HKLM-x32\...\Pale Moon 26.2.2 (x86 en-US)) (Version: 26.2.2 - Moonchild Productions)
PaperPort (HKLM-x32\...\{760F8DD0-D8A0-44A4-9F15-58051A68D633}) (Version: 14.2.0001 - Nuance Communications, Inc.)
PaperPort Image Printer (HKLM\...\{CA925CBC-6B0D-40E1-BE59-193DA7DAE920}) (Version: 14.00.0001 - Nuance Communications, Inc.)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PDF Viewer (HKLM-x32\...\{5A90D3BD-E31D-40B4-8005-6D6B6C6B300E}) (Version: 7.20.3219 - Nuance Communications, Inc.)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.06.00 - Samsung Electronics Co., Ltd.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Skypeâ„¢ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
SNS Upload for Easy Document Creator (HKLM-x32\...\{1423B8CC-EE7F-4B57-A67C-35BAE3F177F0}) (Version: 1.0.0 - Xerox Corporartion)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.5491 - Analog Devices)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
View User's Guide (HKLM-x32\...\Xerox View User Guide ) (Version: 3.60.45.0 - )
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
Xerox Easy Document Creator (HKLM-x32\...\Xerox Easy Document Creator) (Version: 1.05.93 (4/11/2014) - Xerox Corporation)
Xerox Easy Printer Manager (HKLM-x32\...\Xerox Easy Printer Manager) (Version: 1.03.97.00(4/21/2014) - Xerox Corporation.)
Xerox Easy Wireless Setup (HKLM-x32\...\Xerox Easy Wireless Setup) (Version: 3.70.18.0 - Xerox Corporation)
Xerox MFP PC Fax (HKLM-x32\...\Xerox MFP PC Fax) (Version: 1.10.22 (4/21/2014) - Xerox Corporation)
Xerox Scan Process Machine (x32 Version: 1.01.13.02 - Xerox Corporation) Hidden
Xerox WorkCentre 3215 (HKLM-x32\...\Xerox WorkCentre 3215) (Version: 1.01 (5/20/2014) - Xerox Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-831887293-3776352801-720962199-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-831887293-3776352801-720962199-1001_Classes\CLSID\{3D3B1846-CC43-42AE-BFF9-D914083C2BA3}\InprocServer32 -> C:\Program Files (x86)\SumatraPDF\PdfPreview.dll ()
CustomCLSID: HKU\S-1-5-21-831887293-3776352801-720962199-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Helena\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1A327E14-3348-4D82-BA9F-3D9156844511} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1F5FF165-2F20-44BA-A566-AE70B1099F0C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {26EA4B1A-5F1F-46D0-ADB9-64874994F0DB} - System32\Tasks\{26FF5CE4-1B64-467B-A8F9-E1AFBECA0043} => Firefox.exe hxxp://ui.skype.com/ui/0/7.2.0.103/en/abandoninstall?page=tsBing
Task: {2A914597-8D60-4C8A-845F-7C6B9698411F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2D14430F-8DB9-4A17-9A63-376EE205AC65} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {2E8E42A5-F56B-4DE6-A637-EE8D789B1E85} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2F2C7ACA-653A-4FDE-A4CE-64EA6782585A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3BE1F1BC-5BE6-4B1A-9974-AA07DE8A3B5C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {403DA6FD-63E7-4F7E-9F2A-0D545410941E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4A2D6DA0-C4C3-4A29-B406-D1B7B2F023FE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated)
Task: {4E4B3A1F-D3EF-4B93-8C97-DD8311791331} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {5018044F-1249-422F-B10A-B9DD873E0960} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {52AAFEA1-9569-4FAA-BFF8-247BB70FDFA3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5691B2A8-0468-4C5C-87DD-CFA539E133B3} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5C49D707-0536-4429-927F-D2E3D2E3BC61} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-11-09] (Microsoft Corporation)
Task: {664C72E0-6F6F-4434-8666-078F779767E0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6E227D86-F9B2-46DD-80F4-7FDD3F52F855} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {79269E68-B26F-4D8B-8166-7BF427E3FB12} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7BEFDAC2-DF77-4486-AE5E-9638D19CB8A4} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {7C8CB8C9-96A6-441F-8406-88CA84AE83D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {8F4859CD-A309-4B7C-9F48-45A6291CB2F1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {95FDAEA4-23C5-4AAB-B63B-E1EDB5EDAABA} - System32\Tasks\Opera scheduled Autoupdate 1421088487 => C:\Program Files (x86)\Opera\launcher.exe [2016-11-07] (Opera Software)
Task: {A306B988-0803-47CB-A79A-492090766EF2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A51DE8EF-2078-40EB-BA7D-EC285D170034} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B687CEBE-FA8A-4F43-8016-F92A8D5862E7} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B736A8E9-DC93-4966-AA4D-361D92FCD3D3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B8766A92-DE8B-462F-BB51-DB4FFFF2E74E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {BBFBE970-925D-4581-A00D-EE4177311E62} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {BCD07FC1-F311-442F-8093-A5A7B42733F2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {BE3C0C64-EAB0-4DB2-ACD8-3D3FCB3E6C18} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C659F16F-A4C3-45C9-B031-2805B488C642} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CCD1F11C-B071-4FCF-8347-FFDE2827B4DB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D1A48D50-B86C-4E1B-8681-E1D5AFE251B2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D3BB3CF2-C59B-49F6-8422-5FB23EC4C4E3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D3DD5E21-E529-4A67-860E-FA96754EE492} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D9C1DFA0-E865-487F-8C6D-63AB6EC1DF12} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E0612474-1111-4866-BE32-277060951C9F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {EEDE1370-0002-495D-A32F-C4061417EDF6} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F1113B51-1D61-4A41-B21F-92142178CB98} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F3384579-64DC-40C1-B982-CFAA66121805} - System32\Tasks\{388ED8BB-DE22-4551-8878-F11FF5D89FEE} => pcalua.exe -a C:\Users\Helena\AppData\Local\Temp\Shockwave_Installer_FF.exe -d "C:\Program Files (x86)\Mozilla Firefox" <==== ATTENTION
Task: {F4433939-EA79-44A2-B68E-86991B328547} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {F943D144-419E-4482-B61E-002605CE1FEA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FF951149-F1E6-4A15-A0E4-7AD3B71A8257} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 05:42 - 2016-07-16 05:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-29 16:12 - 2016-09-15 11:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2014-05-14 15:57 - 2011-04-10 23:26 - 00034304 _____ () C:\WINDOWS\System32\spe__l.dll
2006-12-04 00:26 - 2006-12-04 00:26 - 00022016 _____ () C:\WINDOWS\System32\sugo3l6.dll
2016-04-06 17:00 - 2013-12-10 05:11 - 00034304 _____ () C:\WINDOWS\System32\sxa6mlm.dll
2016-01-03 20:23 - 2014-04-16 02:22 - 00029184 _____ () C:\WINDOWS\System32\usp02l.dll
2016-01-03 20:27 - 2014-11-26 05:07 - 00118576 _____ () C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe
2016-04-06 15:32 - 2013-02-22 12:29 - 00365568 _____ () C:\WINDOWS\system32\SaMinDrv.dll
2014-05-15 19:02 - 2014-05-15 19:02 - 00091136 _____ () C:\WINDOWS\system32\ssdevm64.dll
2016-09-29 16:12 - 2016-09-15 11:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-16 11:37 - 2016-09-16 11:37 - 01864384 _____ () C:\Users\Helena\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-09-15 13:53 - 2016-09-15 13:53 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-08 14:57 - 2016-11-02 04:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-08 14:57 - 2016-11-02 04:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-08 14:57 - 2016-11-02 04:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-08 14:57 - 2016-11-02 04:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-08 14:57 - 2016-11-02 04:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-08 14:57 - 2016-11-02 04:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-08 14:57 - 2016-11-02 04:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-03-09 08:58 - 2012-03-09 08:58 - 00462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 08:58 - 2012-03-09 08:58 - 00057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2016-11-04 21:29 - 2016-11-04 21:29 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-11-04 21:29 - 2016-11-04 21:29 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-11-04 21:29 - 2016-11-04 21:29 - 41608704 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2012-03-09 08:58 - 2012-03-09 08:58 - 00056696 _____ () C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrvPS.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [252]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-831887293-3776352801-720962199-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{92754EFD-8A92-46B5-8D3B-18728758B5B8}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe
FirewallRules: [{5F6DB663-0F9D-4EBD-965C-8CD99F2FB227}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe
FirewallRules: [{49E21789-99A7-4F11-AA7F-902C401DE6CA}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe
FirewallRules: [{E223B679-9DDF-49AD-A1E0-CF2683EC0C07}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe
FirewallRules: [{04F201AE-4DF3-409D-9ABB-57C2AE92B6BB}] => (Allow) C:\Program Files (x86)\Xerox\Easy Document Creator\EDC.exe
FirewallRules: [{58E8E43C-3E07-4AA5-8463-B6DC3EC1251F}] => (Allow) C:\Program Files (x86)\Xerox\Easy Document Creator\EDC.exe
FirewallRules: [{AF3FD539-0C98-407C-8E64-4D2470D3C642}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{63FF7ED6-45DF-4FE2-92E9-FE88DA8C4D85}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{325F527D-106B-45B9-94BF-B2BEDE48E772}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe
FirewallRules: [{FC6ED370-2564-4DA1-969A-62828079D9F8}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe
FirewallRules: [{062919F5-8F2C-496A-89B5-11DDD1147074}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe
FirewallRules: [{33DD97EF-6A44-4205-99A3-371D0665ACFC}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe
FirewallRules: [{344089DB-4519-432A-9CDB-FC6C5473BE44}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe
FirewallRules: [{9D92BF02-4743-4266-80A1-9428548084FB}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe
FirewallRules: [{D3023B7A-56DD-46F9-B919-EDADA94759A0}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe
FirewallRules: [{86FF4CF8-51A0-4803-8853-751A89DF3B23}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe
FirewallRules: [{36E93662-45C6-4463-979B-627008168B24}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe
FirewallRules: [{97781A04-8AC0-48C4-87A4-05B66E37453B}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe
FirewallRules: [{C982AB76-982C-4F99-83E2-B5402F8296B4}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{CC31AB0D-BFD9-4242-B9ED-6F56C324851D}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{BCDE1B16-8B65-48D7-99AE-27DC5D4F2226}] => (Allow) C:\Windows\twain_32\Xerox\WC3215\ScanCDLM\ScanCDLM.exe
FirewallRules: [{C6440625-AF29-4CAC-9A7B-120BA1331F83}] => (Allow) C:\Windows\twain_32\Xerox\WC3215\ScanCDLM\ScanCDLM.exe
FirewallRules: [{79AD34C0-4270-4780-9B42-33C6CBD00962}] => (Allow) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\OmniPage 18\Ereg\Ereg.exe
FirewallRules: [{54575F65-E526-489C-9952-E03369823C15}] => (Allow) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\OmniPage 18\Ereg\Ereg.exe
FirewallRules: [{DD8E5967-8B47-44AB-9D20-23D6CEA8DC05}] => (Allow) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\OmniPage 18\OmniPage18.exe
FirewallRules: [{2D49D126-F83E-45FB-90B1-DC424D46040A}] => (Allow) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\OmniPage 18\OmniPage18.exe
FirewallRules: [UDP Query User{79274DEA-4344-49BA-8447-DB3B44C2F54B}C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [TCP Query User{35B14486-AA8A-4F27-8D68-1C86ABCD48A8}C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [{6512DF6B-F01F-4965-966F-5C4C5DEB93EC}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
FirewallRules: [{C1E18C13-5610-4FA2-89ED-612D6B2751ED}] => (Allow) C:\Windows\System32\lxbvcoms.exe
FirewallRules: [{9DDE1097-BE1F-46D8-8E56-B60B562F6543}] => (Allow) C:\Windows\System32\lxbvcoms.exe
FirewallRules: [UDP Query User{EB7C78DD-60AE-43FB-93BE-9D3E3D020F77}C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [TCP Query User{20DC34DB-A30B-4DBF-831B-A54379AAE580}C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [UDP Query User{DED88290-5AF3-4A5E-BE81-5E1E0A966201}C:\program files\pale moon\palemoon.exe] => (Allow) C:\program files\pale moon\palemoon.exe
FirewallRules: [TCP Query User{35287505-472A-4C0A-A78A-04626C58EC0A}C:\program files\pale moon\palemoon.exe] => (Allow) C:\program files\pale moon\palemoon.exe
FirewallRules: [{20F4B574-F3CA-4515-89E5-A825B42C24BC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BEEB081D-8416-421B-9299-152874C3DE33}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{774F924B-F8EE-42C4-99DE-DE4467682134}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxbvpswx.exe
FirewallRules: [{9F9CEA1B-2A67-4102-8221-8A71F04EC115}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxbvpswx.exe
FirewallRules: [{20D52E51-1A40-48EF-A190-605002395C88}] => (Allow) C:\Windows\System32\lxbvcoms.exe
FirewallRules: [{C960470E-1338-4F34-B0C5-51DF60DFCC0B}] => (Allow) C:\Windows\System32\lxbvcoms.exe
FirewallRules: [{41A76461-A847-4ED3-ADDF-2B14667B1B14}] => (Allow) C:\Windows\SysWOW64\lxbvcoms.exe
FirewallRules: [{51F55BA3-98FB-47DE-A789-E7D769386793}] => (Allow) C:\Windows\SysWOW64\lxbvcoms.exe
FirewallRules: [UDP Query User{F5976D48-B0AD-4171-8854-3F83EAFCF912}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{9A151D56-8271-4E2A-828C-193DE19CAEE4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{153A47F5-FC9D-4AE8-AB23-F5647C4B7125}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [TCP Query User{D1CC3547-BB26-47A2-B6F2-B04CA515DAC5}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{DF1720A9-63DB-4188-BD7D-1B35A9CC68FB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{C13A1328-23FF-47A6-9A2A-C5B9CFF77D87}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{DEDCAF4E-2043-4198-B1E2-F4C327C093E4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D5AB136F-A188-4D45-B211-E8699A1257E6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7DBA3833-7704-41D7-BF87-0B1555D2427D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D3B03BF7-A420-4045-96A8-F9E72281B4A9}] => (Allow) C:\Windows\System32\lxbvcoms.exe
FirewallRules: [{620EA53E-5F9B-46A0-AE0C-B833A7B6B783}] => (Allow) C:\Windows\System32\lxbvcoms.exe
FirewallRules: [{E8B4DE4F-7066-4F9A-BE6D-E56032C79AFF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

24-10-2016 15:16:05 Scheduled Checkpoint
09-11-2016 16:21:16 Windows Update
14-11-2016 19:19:53 removed threat. then installed mbam anti-exploit

==================== Faulty Device Manager Devices =============

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/14/2016 07:20:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (11/10/2016 11:06:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (11/09/2016 06:04:59 PM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: Helena-PC)
Description: 7.488: EFS service failed to provision a user for EDP. Error code: 0x80070005.

Error: (11/09/2016 04:22:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (11/07/2016 11:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (11/06/2016 07:00:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Photoshop.exe, version: 10.0.0.0, time stamp: 0x4601eae8
Faulting module name: ntdll.dll, version: 10.0.14393.351, time stamp: 0x5801a3a8
Exception code: 0xc0000005
Fault offset: 0x00026d99
Faulting process id: 0xea0
Faulting application start time: 0x01d237a5298d6a05
Faulting application path: C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Photoshop.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 793342f4-ef04-4027-8961-f4dcaceee80b
Faulting package full name:
Faulting package-relative application ID:

Error: (11/03/2016 02:56:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 49.0.2.6136, time stamp: 0x5807c043
Faulting module name: mozglue.dll, version: 49.0.2.6136, time stamp: 0x5807b9a7
Exception code: 0x80000003
Fault offset: 0x0000e83e
Faulting process id: 0xf04
Faulting application start time: 0x01d2360b7fef8ea8
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Report Id: c33fef53-65fa-4daa-a39f-894d84df73cb
Faulting package full name:
Faulting package-relative application ID:

Error: (11/01/2016 05:25:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Helena-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/31/2016 10:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (10/27/2016 04:12:23 PM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: Helena-PC)
Description: 7.488: EFS service failed to provision a user for EDP. Error code: 0x80070005.


System errors:
=============
Error: (11/14/2016 07:30:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/14/2016 07:30:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/13/2016 01:10:53 PM) (Source: DCOM) (EventID: 10016) (User: Helena-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Helena-PC\Helena SID (S-1-5-21-831887293-3776352801-720962199-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (11/13/2016 01:10:53 PM) (Source: DCOM) (EventID: 10016) (User: Helena-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Helena-PC\Helena SID (S-1-5-21-831887293-3776352801-720962199-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (11/13/2016 01:10:53 PM) (Source: DCOM) (EventID: 10016) (User: Helena-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Helena-PC\Helena SID (S-1-5-21-831887293-3776352801-720962199-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (11/13/2016 01:10:52 PM) (Source: DCOM) (EventID: 10016) (User: Helena-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Helena-PC\Helena SID (S-1-5-21-831887293-3776352801-720962199-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (11/13/2016 01:10:52 PM) (Source: DCOM) (EventID: 10016) (User: Helena-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Helena-PC\Helena SID (S-1-5-21-831887293-3776352801-720962199-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (11/13/2016 01:10:52 PM) (Source: DCOM) (EventID: 10016) (User: Helena-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Helena-PC\Helena SID (S-1-5-21-831887293-3776352801-720962199-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (11/13/2016 01:10:52 PM) (Source: DCOM) (EventID: 10016) (User: Helena-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Helena-PC\Helena SID (S-1-5-21-831887293-3776352801-720962199-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (11/12/2016 01:11:06 PM) (Source: DCOM) (EventID: 10016) (User: Helena-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Helena-PC\Helena SID (S-1-5-21-831887293-3776352801-720962199-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 43%
Total physical RAM: 3956.61 MB
Available physical RAM: 2230.85 MB
Total Virtual: 7924.61 MB
Available Virtual: 5954.37 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:927.32 GB) (Free:865.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C07CF236)
Partition 1: (Active) - (Size=3.8 GB) - (Type=27)
Partition 2: (Not Active) - (Size=927.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================



Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19231
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Rogue: JS/TechBroloba.B
« Reply #6 on: November 15, 2016, 01:26:22 PM »
Nothing earth-shattering there.  In fact, mainly just a bit of cleanup of the left-over GWX files from the upgrade to Windows 10 and one temp file.

Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Open Notepad (Start =>All Programs => Accessories => Notepad).
  • Copy/Paste the entire contents of the code box below into Notepad.
Code: [Select]
start
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Task: {2E8E42A5-F56B-4DE6-A637-EE8D789B1E85} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2F2C7ACA-653A-4FDE-A4CE-64EA6782585A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {4E4B3A1F-D3EF-4B93-8C97-DD8311791331} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {5018044F-1249-422F-B10A-B9DD873E0960} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {664C72E0-6F6F-4434-8666-078F779767E0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8F4859CD-A309-4B7C-9F48-45A6291CB2F1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A306B988-0803-47CB-A79A-492090766EF2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B736A8E9-DC93-4966-AA4D-361D92FCD3D3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B8766A92-DE8B-462F-BB51-DB4FFFF2E74E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CCD1F11C-B071-4FCF-8347-FFDE2827B4DB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D1A48D50-B86C-4E1B-8681-E1D5AFE251B2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
C:\Users\Helena\AppData\Local\Temp\Shockwave_Installer_FF.exe -d "C:\Program Files (x86)\Mozilla Firefox" <==== ATTENTION
Task: {FF951149-F1E6-4A15-A0E4-7AD3B71A8257} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
EmptyTemp:
end
  • Click Format and ensure Wordwrap is unchecked.
  • Important:  Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST.exe | FRST64.exe
    • Please post the log in your next reply.

FYI:  Firefox version 50 has been released and includes security updates (although the information about the security updates hasn't been posted at the time of this reply).

Going back outside to do some more yard work (lots of fall cleanup!)  Please let me know if you get any additional messages from Windows Defender.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline pastywhitegurl

  • Hero Member
  • *****
  • Posts: 1028
  • advanced techno feeb
    • View Profile
Re: Rogue: JS/TechBroloba.B
« Reply #7 on: November 15, 2016, 03:16:17 PM »
Have run the fix as directed. Logs follow.  So far I'm noticing that my login-cookies are gone on sites I visit, but otherwise things seem fine.

I was a little concerned that the tool took a relatively very long time removing the temporary files for:
C:\Users\Helena\AppData\Local\MOZILLA\FIREFOX\PROFILES

since that is the directory where the malware was found by Defender.  I was sitting there wondering if it was going to hang up there.   Does that mean anything that it took so long?

I'll update FireFox as soon as I get the notice through the internal updater.


=====================

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by Helena (15-11-2016 10:49:02) Run:1
Running from C:\Users\Helena\Desktop
Loaded Profiles: Helena (Available Profiles: Helena & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Task: {2E8E42A5-F56B-4DE6-A637-EE8D789B1E85} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2F2C7ACA-653A-4FDE-A4CE-64EA6782585A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {4E4B3A1F-D3EF-4B93-8C97-DD8311791331} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {5018044F-1249-422F-B10A-B9DD873E0960} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {664C72E0-6F6F-4434-8666-078F779767E0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8F4859CD-A309-4B7C-9F48-45A6291CB2F1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A306B988-0803-47CB-A79A-492090766EF2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B736A8E9-DC93-4966-AA4D-361D92FCD3D3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B8766A92-DE8B-462F-BB51-DB4FFFF2E74E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CCD1F11C-B071-4FCF-8347-FFDE2827B4DB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D1A48D50-B86C-4E1B-8681-E1D5AFE251B2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
C:\Users\Helena\AppData\Local\Temp\Shockwave_Installer_FF.exe -d "C:\Program Files (x86)\Mozilla Firefox" <==== ATTENTION
Task: {FF951149-F1E6-4A15-A0E4-7AD3B71A8257} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
EmptyTemp:
end

*****************

Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E8E42A5-F56B-4DE6-A637-EE8D789B1E85}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E8E42A5-F56B-4DE6-A637-EE8D789B1E85}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2F2C7ACA-653A-4FDE-A4CE-64EA6782585A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F2C7ACA-653A-4FDE-A4CE-64EA6782585A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E4B3A1F-D3EF-4B93-8C97-DD8311791331}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E4B3A1F-D3EF-4B93-8C97-DD8311791331}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5018044F-1249-422F-B10A-B9DD873E0960}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5018044F-1249-422F-B10A-B9DD873E0960}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{664C72E0-6F6F-4434-8666-078F779767E0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{664C72E0-6F6F-4434-8666-078F779767E0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8F4859CD-A309-4B7C-9F48-45A6291CB2F1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F4859CD-A309-4B7C-9F48-45A6291CB2F1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A306B988-0803-47CB-A79A-492090766EF2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A306B988-0803-47CB-A79A-492090766EF2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B736A8E9-DC93-4966-AA4D-361D92FCD3D3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B736A8E9-DC93-4966-AA4D-361D92FCD3D3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8766A92-DE8B-462F-BB51-DB4FFFF2E74E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8766A92-DE8B-462F-BB51-DB4FFFF2E74E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCD1F11C-B071-4FCF-8347-FFDE2827B4DB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCD1F11C-B071-4FCF-8347-FFDE2827B4DB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1A48D50-B86C-4E1B-8681-E1D5AFE251B2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1A48D50-B86C-4E1B-8681-E1D5AFE251B2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"C:\Users\Helena\AppData\Local\Temp\Shockwave_Installer_FF.exe -d C:\Program Files (x86)\Mozilla Firefox" <==== ATTENTION" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF951149-F1E6-4A15-A0E4-7AD3B71A8257}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF951149-F1E6-4A15-A0E4-7AD3B71A8257}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 156883292 B
Java, Flash, Steam htmlcache => 14638 B
Windows/system/drivers => 6242785 B
Edge => 12797340 B
Chrome => 487873085 B
Firefox => 113605919 B
Opera => 141678003 B

Temp, IE cache, history, cookies, recent:
Default => 49852 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 18042 B
NetworkService => 649218 B
Helena => 285805617 B
DefaultAppPool => 43694 B

RecycleBin => 255096629 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:55:36 ====

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19231
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Rogue: JS/TechBroloba.B
« Reply #8 on: November 15, 2016, 04:14:23 PM »
The Shockwave.exe file connected to FF was in Temp and I don't see that you have Shockwave player installed.  Note from the log:  EmptyTemp: => 1.4 GB temporary data Removed.

Let's run AdwCleaner and JRT, just for that "extra check".

Please download AdwCleaner by Xplode and save to your Desktop.
  • Right-click on AdwCleaner.exe and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin.  Please be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Please download Junkware Removal Tool to your desktop.
  • Disable your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it.  If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

(Lunch break over, going back outside to do more work!  Yes, I have a large yard with LOTS of trees.  :) )


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline pastywhitegurl

  • Hero Member
  • *****
  • Posts: 1028
  • advanced techno feeb
    • View Profile
Re: Rogue: JS/TechBroloba.B
« Reply #9 on: November 15, 2016, 04:49:40 PM »
Yeah, that amount of space the temporary files were taking up was massive.  Wow.


PROBLEM:
I'm not able to download the AdwCleaner from your link.  I got this message:

Firefox can’t find the server at general-changelog-team.fr.   I'll need another way to download it.  Should it have been sending me to a french site to download? That seems odd.


I did successfully download JRT.

Question: I noticed in the scan logs that there is stuff on the computer from a failed installation of WinRansomware.  I had purchased the license for it, and it would not install.  After a brief consult with Brett and reading through more posts on the forum, I didn't proceed with more attempts because so many other Windows 10 people were having issues, and  it seemed too complicated to sort out.

Offline Pete!

  • Hero Member
  • *****
  • Posts: 5166
    • View Profile
Re: Rogue: JS/TechBroloba.B
« Reply #10 on: November 15, 2016, 05:59:19 PM »
I got the same error with Corrine's link.
In case she's busy outside and can't respond...
AdwCleaner is also available via BleepingComputer.
http://www.bleepingcomputer.com/download/adwcleaner/dl/125/

Offline pastywhitegurl

  • Hero Member
  • *****
  • Posts: 1028
  • advanced techno feeb
    • View Profile
Re: Rogue: JS/TechBroloba.B
« Reply #11 on: November 15, 2016, 06:43:19 PM »
Thank you Pete.    I ran the AdwCleaner and got a log. (the computer restarted)  I ran the JRT.exe and a black screen started the scan and was working through the items but after it got to "browsers", it disappeared from desk top and no log appeared.  An explorer search for the log file name returned nothing.  I turned my security programs back on and will await further instructions on whether to run it again.



Here is the log from the AdwCleaner:

# AdwCleaner v6.030 - Logfile created 15/11/2016 at 14:19:16
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-15.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : Helena - HELENA-PC
# Running from : C:\Users\Helena\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-831887293-3776352801-720962199-1001\Software\DriverTuner
[-] Key deleted: HKU\S-1-5-21-831887293-3776352801-720962199-1001\Software\DriverTuner_Init
  • Key deleted on reboot: HKCU\Software\DriverTuner
  • Key deleted on reboot: HKCU\Software\DriverTuner_Init
  • Key deleted on reboot: [x64] HKCU\Software\DriverTuner
  • Key deleted on reboot: [x64] HKCU\Software\DriverTuner_Init


***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "extensions.aniweather.timeShifted" -  1519192
[-] [C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1463 Bytes] - [15/11/2016 14:19:16]
C:\AdwCleaner\AdwCleaner[S0].txt - [1714 Bytes] - [15/11/2016 14:11:01]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1609 Bytes] ##########


Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19231
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Rogue: JS/TechBroloba.B
« Reply #12 on: November 15, 2016, 11:13:05 PM »
Oops!  I updated my instructions for both AdwCleaner and JRT to provide the new links at Malwarebytes.  (Yes, after the acquisition by Malwarebytes, the original developers are, at least for the unforeseeable future, still maintaining both tools separately.)

You don't need to turn off your security programs to run AdwCleaner or JRT.  Since AdwCleaner picked up the DriverTuner registry items, I think you're in good shape.  Had you downloaded/run DriveTuner in the past?  The reason I ask is I'd suggest you check the OEM website for driver updates rather than using 3rd party software.

So, what say you?  Ready to clean up the tools we used?  If so, please do the following:

Please download Delfix from here.

Ensure the following boxes are checked:
  • Remove disinfection tools
  • Create registry backup
  • Purge system restore

  • Click Run
The program will run for a few moments and then notepad will open with a log.   Please paste the log in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline pastywhitegurl

  • Hero Member
  • *****
  • Posts: 1028
  • advanced techno feeb
    • View Profile
Re: Rogue: JS/TechBroloba.B
« Reply #13 on: November 15, 2016, 11:22:06 PM »
I think that when I was trying to get my old Lexmark scanner to run on Windows 10  that I downloaded some drivers for that. But I thought it was from Lexmark?  Its been a while, so not remembering clearly. I don't recall downloading any other drivers.  But it is possible that Dean did when he was trying to help me.

The JRT instructions said to disable my security software. Maybe that needs to be updated.  So you are saying I don't need to try to run JRT again.  If that's so, then I'm ready for cleanup it you think I am. :)

Unfortunately I'm gettting another download error trying to get the Delfix program:

Firefox can’t find the server at general-changelog-team.fr.

I downloaded Delfix from BleepingComputer.  http://www.bleepingcomputer.com/download/delfix/

the file is named:
delfix_1.010

I will not run it until I know its the right one.





Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19231
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Rogue: JS/TechBroloba.B
« Reply #14 on: November 15, 2016, 11:26:07 PM »
Darn!  The people who maintained Delfix are the same ones as AdwCleaner and now part of Malwarebytes.  I'll do some checking.  Otherwise, we'll do a "manual cleanup".  :)


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.