1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved Frabar Scans

Discussion in 'Virus & Other Malware Removal' started by debodun, Jan 8, 2017.

Thread Status:
Not open for further replies.
Advertisement
  1. debodun

    debodun Thread Starter

    Joined:
    Jun 12, 2004
    Messages:
    589
    I have a system using Windows 7 64-bit for an OS. The last few days I have been getting an error popup when trying to download MSE def updates (code 0x800704e8). I tried to find info on this and some help sites indicate it could be a virus and give complicated instructions on how to remove it. Not sure of what to delete or leave alone or even if I have an infection, I'd like someone to review my Frabar scans and advise. Thanks in advance.


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017
    Ran by Owner (administrator) on OWNER-PC (08-01-2017 14:53:34)
    Running from C:\Users\Owner\Desktop
    Loaded Profiles: Owner (Available Profiles: Owner)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
    Tcpip\..\Interfaces\{E05E619F-5932-445D-9D21-1FC2630E6BEE}: [DhcpNameServer] 209.18.47.61 209.18.47.62

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

    FireFox:
    ========
    FF DefaultProfile: 8wi3sbs5.default-1412761564967
    FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8wi3sbs5.default-1412761564967 [2017-01-08]
    FF Homepage: Mozilla\Firefox\Profiles\8wi3sbs5.default-1412761564967 -> hxxps://www.google.com/ncr
    FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-11-07] [not signed]
    FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-11-07] [not signed]
    FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-11-07] [not signed]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-14] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-14] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-04-04] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
    R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
    S0 PxHlpa64; C:\Windows\SysWOW64\Drivers\PxHlpa64.sys [26720 2004-09-23] (Sonic Solutions) [File not signed]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-01-08 14:53 - 2017-01-08 14:54 - 00006190 _____ C:\Users\Owner\Desktop\FRST.txt
    2017-01-08 14:52 - 2017-01-08 14:52 - 02419200 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
    2017-01-08 13:42 - 2017-01-08 13:43 - 138361112 _____ (Microsoft Corporation) C:\Users\Owner\Desktop\mpam-feX64.exe
    2017-01-04 15:00 - 2017-01-04 15:00 - 00111041 _____ C:\Users\Owner\Documents\ME TV.pdf
    2017-01-02 14:16 - 2017-01-02 14:16 - 00014268 _____ C:\Users\Owner\Documents\Budget 2016.ods
    2016-12-19 12:57 - 2017-01-08 10:04 - 00001232 _____ C:\Windows\setupact.log
    2016-12-19 12:57 - 2016-12-19 12:57 - 00000000 _____ C:\Windows\setuperr.log
    2016-12-16 14:40 - 2016-12-16 14:40 - 00011444 _____ C:\Users\Owner\Documents\resolutions.odt
    2016-12-14 12:12 - 2016-11-21 13:16 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2016-12-14 12:12 - 2016-11-21 13:16 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2016-12-14 12:12 - 2016-11-21 13:12 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-12-14 12:12 - 2016-11-21 13:12 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2016-12-14 12:12 - 2016-11-21 13:12 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2016-12-14 12:12 - 2016-11-21 13:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2016-12-14 12:12 - 2016-11-21 13:12 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2016-12-14 12:12 - 2016-11-21 13:12 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2016-12-14 12:12 - 2016-11-21 13:12 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2016-12-14 12:12 - 2016-11-21 13:12 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2016-12-14 12:12 - 2016-11-21 13:12 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2016-12-14 12:12 - 2016-11-21 13:12 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2016-12-14 12:12 - 2016-11-21 13:12 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2016-12-14 12:12 - 2016-11-21 13:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2016-12-14 12:12 - 2016-11-21 13:12 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2016-12-14 12:12 - 2016-11-21 13:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
    2016-12-14 12:12 - 2016-11-21 13:12 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2016-12-14 12:12 - 2016-11-21 13:12 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2016-12-14 12:12 - 2016-11-21 13:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2016-12-14 12:12 - 2016-11-21 13:12 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2016-12-14 12:12 - 2016-11-21 13:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2016-12-14 12:12 - 2016-11-21 13:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2016-12-14 12:12 - 2016-11-20 11:20 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2016-12-14 12:12 - 2016-11-20 11:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2016-12-14 12:12 - 2016-11-20 11:20 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2016-12-14 12:12 - 2016-11-20 11:20 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2016-12-14 12:12 - 2016-11-20 11:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2016-12-14 12:12 - 2016-11-20 11:19 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2016-12-14 12:12 - 2016-11-20 11:19 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2016-12-14 12:12 - 2016-11-20 11:19 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2016-12-14 12:12 - 2016-11-20 11:19 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2016-12-14 12:12 - 2016-11-20 11:19 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2016-12-14 12:12 - 2016-11-20 11:19 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2016-12-14 12:12 - 2016-11-20 11:19 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2016-12-14 12:12 - 2016-11-20 11:19 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2016-12-14 12:12 - 2016-11-20 11:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
    2016-12-14 12:12 - 2016-11-20 11:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2016-12-14 12:12 - 2016-11-20 11:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2016-12-14 12:12 - 2016-11-20 11:19 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2016-12-14 12:12 - 2016-11-20 11:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2016-12-14 12:12 - 2016-11-20 10:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2016-12-14 12:12 - 2016-11-20 10:57 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2016-12-14 12:12 - 2016-11-20 10:57 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-12-14 12:12 - 2016-11-20 10:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2016-12-14 12:12 - 2016-11-20 10:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2016-12-14 12:12 - 2016-11-20 10:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2016-12-14 12:12 - 2016-11-20 09:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2016-12-14 12:12 - 2016-11-17 11:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
    2016-12-14 12:12 - 2016-11-14 18:27 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2016-12-14 12:12 - 2016-11-14 17:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2016-12-14 12:12 - 2016-11-12 14:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2016-12-14 12:12 - 2016-11-12 14:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2016-12-14 12:12 - 2016-11-12 14:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2016-12-14 12:12 - 2016-11-12 14:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2016-12-14 12:12 - 2016-11-12 14:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2016-12-14 12:12 - 2016-11-12 14:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-12-14 12:12 - 2016-11-12 14:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2016-12-14 12:12 - 2016-11-12 14:21 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-12-14 12:12 - 2016-11-12 14:15 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2016-12-14 12:12 - 2016-11-12 14:14 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2016-12-14 12:12 - 2016-11-12 14:09 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2016-12-14 12:12 - 2016-11-12 14:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-12-14 12:12 - 2016-11-12 14:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2016-12-14 12:12 - 2016-11-12 14:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2016-12-14 12:12 - 2016-11-12 14:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-12-14 12:12 - 2016-11-12 14:07 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2016-12-14 12:12 - 2016-11-12 13:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2016-12-14 12:12 - 2016-11-12 13:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-12-14 12:12 - 2016-11-12 13:52 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2016-12-14 12:12 - 2016-11-12 13:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2016-12-14 12:12 - 2016-11-12 13:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2016-12-14 12:12 - 2016-11-12 13:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2016-12-14 12:12 - 2016-11-12 13:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2016-12-14 12:12 - 2016-11-12 13:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2016-12-14 12:12 - 2016-11-12 13:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2016-12-14 12:12 - 2016-11-12 13:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2016-12-14 12:12 - 2016-11-12 13:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2016-12-14 12:12 - 2016-11-12 13:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2016-12-14 12:12 - 2016-11-12 13:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2016-12-14 12:12 - 2016-11-12 13:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2016-12-14 12:12 - 2016-11-12 13:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2016-12-14 12:12 - 2016-11-12 13:20 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2016-12-14 12:12 - 2016-11-12 13:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2016-12-14 12:12 - 2016-11-12 13:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2016-12-14 12:12 - 2016-11-12 13:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2016-12-14 12:12 - 2016-11-12 13:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2016-12-14 12:12 - 2016-11-12 13:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2016-12-14 12:12 - 2016-11-12 13:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2016-12-14 12:12 - 2016-11-12 13:14 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2016-12-14 12:12 - 2016-11-12 13:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2016-12-14 12:12 - 2016-11-12 13:11 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2016-12-14 12:12 - 2016-11-12 13:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-12-14 12:12 - 2016-11-12 13:08 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2016-12-14 12:12 - 2016-11-12 13:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2016-12-14 12:12 - 2016-11-12 13:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2016-12-14 12:12 - 2016-11-12 12:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2016-12-14 12:12 - 2016-11-12 12:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2016-12-14 12:12 - 2016-11-12 12:52 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2016-12-14 12:12 - 2016-11-12 12:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2016-12-14 12:12 - 2016-11-12 12:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2016-12-14 12:12 - 2016-11-12 12:47 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2016-12-14 12:12 - 2016-11-12 12:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-12-14 12:12 - 2016-11-12 12:40 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2016-12-14 12:12 - 2016-11-12 12:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2016-12-14 12:12 - 2016-11-12 12:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2016-12-14 12:12 - 2016-11-12 12:36 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2016-12-14 12:12 - 2016-11-12 12:36 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2016-12-14 12:12 - 2016-11-12 12:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-12-14 12:12 - 2016-11-12 12:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2016-12-14 12:12 - 2016-11-12 12:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-12-14 12:12 - 2016-11-12 12:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2016-12-14 12:12 - 2016-11-12 12:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2016-12-14 12:12 - 2016-11-12 12:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2016-12-14 12:12 - 2016-11-12 12:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2016-12-14 12:12 - 2016-11-10 11:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
    2016-12-14 12:12 - 2016-11-10 11:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
    2016-12-14 12:12 - 2016-11-09 11:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2016-12-14 12:12 - 2016-11-09 11:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2016-12-14 12:12 - 2016-11-09 11:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2016-12-14 12:12 - 2016-11-09 11:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2016-12-14 12:12 - 2016-11-09 11:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2016-12-14 12:12 - 2016-11-09 11:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
    2016-12-14 12:12 - 2016-11-09 11:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2016-12-14 12:12 - 2016-11-09 11:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2016-12-14 12:12 - 2016-11-09 11:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2016-12-14 12:12 - 2016-11-09 11:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2016-12-14 12:12 - 2016-11-09 11:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
    2016-12-14 12:12 - 2016-11-09 11:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2016-12-14 12:12 - 2016-11-09 11:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
    2016-12-14 12:12 - 2016-11-09 10:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
    2016-12-14 12:12 - 2016-11-06 11:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2016-12-14 12:12 - 2016-11-06 11:16 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2016-12-14 12:12 - 2016-11-06 11:01 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-12-14 12:12 - 2016-10-27 10:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2016-12-14 12:12 - 2016-10-27 10:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2016-12-14 12:12 - 2016-10-11 10:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2016-12-14 12:12 - 2016-10-11 10:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2016-12-14 12:12 - 2016-10-11 10:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2016-12-14 12:12 - 2016-10-11 10:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2016-12-14 12:12 - 2016-10-11 10:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2016-12-14 12:12 - 2016-10-11 10:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2016-12-14 12:12 - 2016-10-11 10:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2016-12-14 12:12 - 2016-10-11 10:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2016-12-14 12:12 - 2016-10-11 10:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
    2016-12-14 12:12 - 2016-10-11 10:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2016-12-14 12:12 - 2016-10-11 10:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2016-12-14 12:12 - 2016-10-11 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2016-12-14 12:12 - 2016-10-11 10:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2016-12-14 12:12 - 2016-10-11 10:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2016-12-14 12:12 - 2016-10-11 10:21 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 10:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2016-12-14 12:12 - 2016-10-11 10:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2016-12-14 12:12 - 2016-10-11 10:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2016-12-14 12:12 - 2016-10-11 09:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2016-12-14 12:12 - 2016-10-11 09:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2016-12-14 12:12 - 2016-10-11 09:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
    2016-12-14 12:12 - 2016-10-11 09:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2016-12-14 12:12 - 2016-10-11 09:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2016-12-14 12:12 - 2016-10-11 09:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2016-12-14 12:12 - 2016-10-11 09:51 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2016-12-14 12:12 - 2016-10-11 09:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2016-12-14 12:12 - 2016-10-11 09:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 09:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 09:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 09:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2016-12-14 12:12 - 2016-10-11 08:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
    2016-12-14 12:12 - 2016-10-11 08:17 - 00419648 _____ C:\Windows\system32\locale.nls
    2016-12-14 12:12 - 2016-10-08 08:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2016-12-14 12:12 - 2016-10-04 10:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2016-12-14 12:12 - 2016-10-04 10:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2016-12-14 12:12 - 2016-10-04 10:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2016-12-14 12:12 - 2016-10-04 10:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2016-12-14 12:12 - 2016-10-04 10:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2016-12-14 12:12 - 2016-10-04 10:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2016-12-14 12:12 - 2016-10-04 10:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2016-12-14 12:12 - 2016-10-04 10:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2016-12-09 13:15 - 2016-12-09 13:15 - 00019428 _____ C:\Users\Owner\Documents\Christmas Movie Trivia1.odt

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-01-08 14:53 - 2015-05-23 11:52 - 00000000 ____D C:\FRST
    2017-01-08 14:48 - 2016-11-16 12:13 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
    2017-01-08 13:58 - 2013-02-09 10:03 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2017-01-08 13:34 - 2012-07-22 08:28 - 00000000 ____D C:\ProgramData\TEMP
    2017-01-08 13:34 - 2012-07-22 08:28 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
    2017-01-08 10:12 - 2009-07-13 23:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-01-08 10:12 - 2009-07-13 23:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-01-08 10:09 - 2009-07-14 00:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-01-08 10:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
    2017-01-08 10:04 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-01-06 09:23 - 2016-10-01 05:05 - 00010366 _____ C:\Users\Owner\Documents\Weight 2017.ods
    2017-01-03 16:41 - 2014-01-13 18:27 - 00017551 _____ C:\Users\Owner\Documents\Home Delivered Meals.ods
    2017-01-03 13:15 - 2012-09-21 13:05 - 00000000 ____D C:\Users\Owner\Desktop\Margaret
    2017-01-03 09:55 - 2016-12-01 12:52 - 00014707 _____ C:\Users\Owner\Documents\Net Worth 2017.ods
    2017-01-01 07:21 - 2016-01-01 13:04 - 00017385 _____ C:\Users\Owner\Documents\Celebrity Deaths 2016.odt
    2016-12-31 14:46 - 2012-01-12 11:24 - 01261056 _____ C:\Users\Owner\Documents\Cookbook.doc
    2016-12-21 08:16 - 2012-01-12 11:24 - 00010752 _____ C:\Users\Owner\Documents\Equinoxes & Solstices.doc
    2016-12-19 18:35 - 2015-11-30 12:05 - 00009776 _____ C:\Users\Owner\Documents\SCF Picture Directory.odt
    2016-12-19 12:57 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
    2016-12-18 17:50 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\debug
    2016-12-16 16:54 - 2012-01-12 11:24 - 00000000 ___RD C:\Users\Owner\Desktop\misc house contents
    2016-12-16 16:49 - 2014-10-02 09:03 - 01834116 _____ C:\Users\Owner\Documents\George's writings corrected.odt
    2016-12-16 14:13 - 2012-01-12 11:23 - 00000000 ____D C:\Users\Owner\Desktop\Things For Sale
    2016-12-16 10:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Microsoft.NET
    2016-12-16 10:08 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\assembly
    2016-12-14 17:13 - 2014-11-07 07:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-12-14 12:58 - 2013-02-09 10:03 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-12-14 12:58 - 2012-03-31 06:33 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-12-14 12:58 - 2011-12-17 15:43 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-12-14 12:58 - 2011-12-17 15:43 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2016-12-14 12:58 - 2011-12-17 15:43 - 00000000 ____D C:\Windows\system32\Macromed
    2016-12-14 12:58 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64
    2016-12-14 12:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\winsxs
    2016-12-14 12:35 - 2009-07-13 21:34 - 00189440 ____H C:\Users\Default\NTUSER.DAT.LOG1
    2016-12-14 12:34 - 2009-07-13 23:45 - 00305528 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-12-14 12:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\en-US
    2016-12-14 12:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\en-US
    2016-12-14 12:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\drivers
    2016-12-14 12:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Boot
    2016-12-14 12:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppPatch
    2016-12-14 12:32 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Internet Explorer
    2016-12-14 12:32 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files (x86)\Internet Explorer
    2016-12-14 12:28 - 2013-08-14 05:02 - 00000000 ____D C:\Windows\system32\MRT
    2016-12-14 12:23 - 2011-12-17 15:04 - 135632432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-12-14 12:22 - 2011-12-17 15:41 - 00000000 __SHD C:\Windows\Installer
    2016-12-14 12:20 - 2011-12-17 15:48 - 00774632 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2016-12-14 12:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\catroot2
    2016-12-09 13:09 - 2015-12-09 14:08 - 00017732 _____ C:\Users\Owner\Documents\Christmas Movie Trivia2.odt

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2016-08-30 10:37

    ==================== End of FRST.txt ============================




    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
    Ran by Owner (08-01-2017 14:54:40)
    Running from C:\Users\Owner\Desktop
    Windows 7 Ultimate Service Pack 1 (X64) (2011-12-17 19:41:25)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3384263181-369055421-3260215636-500 - Administrator - Disabled)
    Guest (S-1-5-21-3384263181-369055421-3260215636-501 - Limited - Disabled)
    Owner (S-1-5-21-3384263181-369055421-3260215636-1000 - Administrator - Enabled) => C:\Users\Owner

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
    AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
    Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
    Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
    Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CardRd81 (x32 Version: 4.00.0000.0004 - EASTMAN KODAK Company) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 3.23 - Piriform)
    CCScore (x32 Version: 5.00.0000.0011 - EASTMAN KODAK Company) Hidden
    CR2 (x32 Version: 4.00.0000.0003 - EASTMAN KODAK Company) Hidden
    EKS Dinner With Moriarty (HKLM-x32\...\EKS Dinner With Moriarty) (Version: - )
    EKS Sherlock (HKLM-x32\...\EKS Sherlock) (Version: - )
    ESSBrwr (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
    ESSCDBK (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
    ESScore (x32 Version: 5.00.0000.0037 - EASTMAN KODAK Company) Hidden
    ESSCT (x32 Version: 5.00.0000.0003 - EASTMAN KODAK Company) Hidden
    ESSgui (x32 Version: 5.00.0000.0013 - EASTMAN KODAK Company) Hidden
    ESShelp (x32 Version: 5.00.0000.0005 - EASTMAN KODAK Company) Hidden
    ESSini (x32 Version: 5.00.0000.0010 - EASTMAN KODAK Company) Hidden
    ESSPCD (x32 Version: 5.00.0000.0007 - EASTMAN KODAK Company) Hidden
    ESSPDock (x32 Version: 5.00.0000.0020 - EASTMAN KODAK Company) Hidden
    ESSSONIC (x32 Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
    ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
    ESSTUTOR (x32 Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
    ESSvpaht (x32 Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSvpot (x32 Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
    Free MIDI to MP3 Converter 1.0 (HKLM-x32\...\{181E1175-1FF8-4EA5-BC08-A7CA39B85502}_is1) (Version: - PolySoft Solutions)
    HLPIndex (x32 Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
    HLPPDOCK (x32 Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
    HLPRFO (x32 Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
    iTunes (HKLM\...\{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}) (Version: 10.6.0.40 - Apple Inc.)
    Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)
    KSU (x32 Version: 632.62.0002.0001 - EASTMAN KODAK Company) Hidden
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Notifier (x32 Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
    OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
    OTtBP (x32 Version: 5.00.0000.0003 - EASTMAN KODAK Company) Hidden
    OTtBPSDK (x32 Version: 4.00.0000.0000 - EASTMAN KODAK Company) Hidden
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    QuickTime (HKLM-x32\...\QuickTime) (Version: - )
    SFR (x32 Version: 5.00.0000.0005 - Eastman Kodak Company) Hidden
    SHASTA (x32 Version: 5.00.0000.0003 - EASTMAN KODAK Company) Hidden
    SKIN0001 (x32 Version: 5.00.0000.0007 - EASTMAN KODAK Company) Hidden
    SKINXSDK (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
    Skype™ 5.5 (HKLM-x32\...\{F1CECE09-7CBE-4E98-B435-DA87CDA86167}) (Version: 5.5.124 - Skype Technologies S.A.)
    Speccy (HKLM\...\Speccy) (Version: 1.14 - Piriform)
    SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.12541 - TeamViewer)
    VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
    VPRINTOL (x32 Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
    WIRELESS (x32 Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0976F330-BF25-4F6F-B0B1-665D9BF7BCC0} - System32\Tasks\{68760510-2907-489D-B7A2-C35A3446BE71} => C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-07-22] ()
    Task: {0A0C5E8A-2FCE-4C99-B12F-00B4B70AFB83} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {52D1B772-A164-4976-9597-5BECD9597361} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3384263181-369055421-3260215636-1000
    Task: {5D084169-00AD-4D36-A448-C9A76FB459A9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-14] (Adobe Systems Incorporated)
    Task: {6B4D3DDA-9B0C-4B4E-A917-B9A141F6ED35} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-09-24] (Piriform Ltd)
    Task: {722E68A3-3B52-42DF-9580-0CFB871A3C55} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
    Task: {80B7199B-A54D-4E09-84AF-C895D435EF81} - System32\Tasks\{DB28AAC4-58A4-471C-A8CC-0A8B9CBFF8E6} => C:\Users\Owner\Desktop\DD\Games\ASTRO\ASTRO.EXE [1983-11-11] ()
    Task: {8A7A4359-A2B1-44AC-879C-D14DD8B5F309} - System32\Tasks\{FB2047DD-47C4-41E8-988F-991725D1BB0D} => C:\Users\Owner\Desktop\DD\Games\Crazy 8s\CRAZY8S.EXE [1994-11-08] ()
    Task: {A149C588-D529-48EB-BAE0-95CA7AC5FE1C} - System32\Tasks\{304152A7-70D0-4E91-9F4E-DBD1652C7AAC} => C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-07-22] ()
    Task: {D8060F20-2AF7-4010-8722-E73039BEA018} - System32\Tasks\{7771A4AC-76DB-4824-A025-706FC8FBFA13} => C:\Users\Owner\Desktop\DD\Games\ASTRO\ASTRO.EXE [1983-11-11] ()
    Task: {DD41E5FD-9E41-43A6-B4FA-841379586EEF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
    Task: {E1138DDE-FC63-4D5A-A0C5-C13AD4F5AEE0} - System32\Tasks\{11C6843C-087E-401F-A969-AB4FE5F21D3B} => C:\Users\Owner\Desktop\DD\Games\Crazy 8s\CRAZY8S.EXE [1994-11-08] ()
    Task: {EB1BC358-EB13-4BA5-93F8-1390C2F2B874} - System32\Tasks\{3831C2E7-DCFA-4E96-9F06-C7CC94D6C4C4} => C:\Users\Owner\Desktop\DD\Games\Crazy 8s\CRAZY8S.EXE [1994-11-08] ()
    Task: {FC313E55-25B0-4845-87C6-66F271AE8EC7} - System32\Tasks\{BD4C9F3C-DAAC-4CFE-8FC8-BE1EA0D54E71} => C:\Users\Owner\Desktop\DD\Games\Crazy 8s\CRAZY8S.EXE [1994-11-08] ()

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\008k.com -> 008k.com
    IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\00hq.com -> 00hq.com
    IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0190-dialers.com -> 0190-dialers.com
    IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\01i.info -> 01i.info
    IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
    IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0411dd.com -> 0411dd.com
    IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0511zfhl.com -> 0511zfhl.com
    IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\05p.com -> 05p.com
    IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0632qyw.com -> 0632qyw.com
    IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
    IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
    IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
    IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0calories.net -> 0calories.net
    IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0cj.net -> 0cj.net
    IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0scan.com -> 0scan.com
    IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
    IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\1-se.com -> 1-se.com
    IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\1001movie.com -> 1001movie.com

    There are 6091 more sites.


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2014-07-05 10:08 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost
    ::1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3384263181-369055421-3260215636-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 209.18.47.61 - 209.18.47.62
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{0E227B60-E7FB-4017-9EC7-A62A5EFA8967}] => C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    FirewallRules: [{C86A2602-2440-441D-972C-BEC7E06FC3E4}] => C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    FirewallRules: [{217F7D9C-49CD-4ED9-9050-3C2E4E9D8CC2}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{3994F65F-7D58-4F72-86D1-2E5CD9A2AD1F}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{D2F24F04-D188-44AF-8CAB-1440B2782E38}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{1A10243C-DC57-4AFE-AD3D-54A683104F27}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{D920EAFE-1F31-4BB5-BC15-E747556F30C0}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{D0FFCD08-CDC4-41E1-B87C-BCCEA99F34B6}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    ==================== Restore Points =========================

    27-08-2016 13:28:54 Windows Update
    30-08-2016 13:59:27 Windows Update
    02-09-2016 20:04:39 Windows Update
    06-09-2016 14:43:52 Windows Update
    09-09-2016 14:58:17 Windows Update
    12-09-2016 16:32:12 Windows Update
    14-09-2016 05:54:42 Windows Update
    17-09-2016 14:10:01 Windows Update
    20-09-2016 16:17:51 Windows Update
    21-09-2016 10:49:08 Windows Update
    24-09-2016 14:50:48 Windows Update
    27-09-2016 16:30:55 Windows Update
    28-09-2016 09:11:20 Windows Update
    01-10-2016 16:37:11 Windows Update
    05-10-2016 15:36:07 Windows Update
    08-10-2016 16:30:45 Windows Update
    12-10-2016 06:02:11 Windows Update
    12-10-2016 06:25:25 Windows Update
    15-10-2016 14:23:20 Windows Update
    18-10-2016 15:46:29 Windows Update
    22-10-2016 16:34:43 Windows Update
    26-10-2016 14:53:45 Windows Update
    29-10-2016 16:21:30 Windows Update
    02-11-2016 10:12:25 Windows Update
    05-11-2016 11:33:25 Windows Update
    08-11-2016 14:44:58 Windows Update
    09-11-2016 08:11:12 Windows Update
    12-11-2016 15:27:40 Windows Update
    15-11-2016 15:56:44 Windows Update
    19-11-2016 14:39:01 Windows Update
    22-11-2016 16:46:54 Windows Update
    26-11-2016 16:52:37 Windows Update
    29-11-2016 17:27:50 Windows Update
    30-11-2016 12:21:44 Windows Update
    03-12-2016 15:17:14 Windows Update
    06-12-2016 16:41:13 Windows Update
    09-12-2016 18:07:22 Windows Update
    13-12-2016 13:53:14 Windows Update
    14-12-2016 12:13:23 Windows Update
    17-12-2016 16:18:36 Windows Update
    21-12-2016 17:35:22 Windows Update
    25-12-2016 16:19:38 Windows Update
    28-12-2016 17:20:00 Windows Update
    01-01-2017 16:11:36 Windows Update
    05-01-2017 15:10:42 Windows Update

    ==================== Faulty Device Manager Devices =============

    Name: PS/2 Compatible Mouse
    Description: PS/2 Compatible Mouse
    Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/08/2017 10:05:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (01/07/2017 10:51:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (01/06/2017 09:11:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (01/05/2017 08:53:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (01/04/2017 02:58:50 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 50.1.0.6186, time stamp: 0x584a057c
    Faulting module name: mozglue.dll, version: 50.1.0.6186, time stamp: 0x5849ff8b
    Exception code: 0x80000003
    Fault offset: 0x0000ec79
    Faulting process id: 0xea0
    Faulting application start time: 0x01d266c4c081313f
    Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
    Report Id: 353a13a4-d2b8-11e6-8be4-001cc430abbd

    Error: (01/04/2017 08:52:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (01/03/2017 03:00:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (01/03/2017 09:38:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (01/02/2017 08:49:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (01/01/2017 07:11:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


    System errors:
    =============
    Error: (01/08/2017 10:05:04 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    PxHlpa64

    Error: (01/07/2017 03:03:33 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 116.72.0.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Search

    Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: Network Inspection System

    Update Type: Full

    User: Owner-PC\Owner

    Current Engine Version:

    Previous Engine Version: 2.1.12706.0

    Error code: 0x800704e8

    Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

    Error: (01/07/2017 03:02:53 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 116.72.0.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Search

    Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: Network Inspection System

    Update Type: Full

    User: Owner-PC\Owner

    Current Engine Version:

    Previous Engine Version: 2.1.12706.0

    Error code: 0x800704e8

    Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

    Error: (01/07/2017 03:02:53 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.233.4175.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Search

    Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: AntiSpyware

    Update Type: Full

    User: Owner-PC\Owner

    Current Engine Version:

    Previous Engine Version: 1.1.13303.0

    Error code: 0x800704e8

    Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

    Error: (01/07/2017 03:02:53 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.233.4175.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Search

    Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: AntiVirus

    Update Type: Full

    User: Owner-PC\Owner

    Current Engine Version:

    Previous Engine Version: 1.1.13303.0

    Error code: 0x800704e8

    Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

    Error: (01/07/2017 10:50:46 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    PxHlpa64

    Error: (01/06/2017 09:11:08 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    PxHlpa64

    Error: (01/05/2017 03:12:38 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 116.72.0.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Search

    Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: Network Inspection System

    Update Type: Full

    User: Owner-PC\Owner

    Current Engine Version:

    Previous Engine Version: 2.1.12706.0

    Error code: 0x800704e8

    Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

    Error: (01/05/2017 08:52:52 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    PxHlpa64

    Error: (01/04/2017 03:38:37 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 116.72.0.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Search

    Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: Network Inspection System

    Update Type: Full

    User: Owner-PC\Owner

    Current Engine Version:

    Previous Engine Version: 2.1.12706.0

    Error code: 0x800704e8

    Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.


    CodeIntegrity:
    ===================================
    Date: 2016-11-16 17:03:57.611
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-11-16 17:03:57.361
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-11-16 17:03:57.127
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-11-16 17:03:52.166
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-11-16 17:03:51.917
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-11-16 17:03:51.667
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-11-16 17:03:49.608
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-s..rics-storageadapter_31bf3856ad364e35_6.1.7600.16385_none_d67ca3c3b6af653e\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-11-16 17:03:49.358
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-s..rics-storageadapter_31bf3856ad364e35_6.1.7600.16385_none_d67ca3c3b6af653e\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-11-16 17:03:49.109
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-s..rics-storageadapter_31bf3856ad364e35_6.1.7600.16385_none_d67ca3c3b6af653e\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-11-16 16:58:47.794
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.16385_none_5722666f137ae177\appid.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
    Percentage of memory in use: 46%
    Total physical RAM: 3063.31 MB
    Available physical RAM: 1638.64 MB
    Total Virtual: 6124.8 MB
    Available Virtual: 4676.18 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:929.56 GB) (Free:737.2 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: (OS_TOOLS) (Fixed) (Total:1.95 GB) (Free:1.75 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CF2E5F36)
    Partition 1: (Active) - (Size=929.6 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=2 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  2. Sponsor

  3. capnkrunch

    capnkrunch Malware Specialist

    Joined:
    Nov 28, 2015
    Messages:
    411
    Hello debodun and welcome to the Tech Support Guy Forums :)

    My name is capnkrunch and I will be helping you with your malware problems.

    Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
    • The instructions being given are for YOUR computer and system only!
      Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
    • You must have Administrator rights, permissions for this computer.
    • DO NOT run any other fix or removal tools unless instructed to do so.
    • DO NOT install any other software (or hardware) during the cleaning process.
    • Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
    • Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
    • Only reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean".
      Remember, absence of symptoms does mean the infection is all gone.
    • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

    Note: If you haven't done so already, please read this topic Everyone MUST read this BEFORE posting for help in this forum where the conditions for receiving help here are explained.

    For your safety and protection, I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions:
    exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

     
  4. capnkrunch

    capnkrunch Malware Specialist

    Joined:
    Nov 28, 2015
    Messages:
    411
    I see that you posted about this issue recently in the General Security forum. Has anything changed since this thread?

    Please refer to the thread Everyone MUST Read This BEFORE Posting for Help in This Forum and follow the instructions there to run TSG Sysinfo then post the resulting report here.

    Please also run the following scans:

    Step one...

    MGA Diagnostic Tool
    • Please download MGA Diagnostic Tool and save it to your Desktop.
    • Right click on MGADiag.exe and select Run as adminsitrator.
    • Click on Continue to run the scan.
    • Once the scan is finished click Copy to copy the results. Paste them in your reply.

    Step one...

    CKScanner
    Please download CKScanner and save it to your Desktop.
    This program should only be run once!
    Make sure that CKScanner.exe is on the your desktop before running the application!

    • Right click on the CKScanner.exe icon and select Run as administrator.
    • Click the Search For Files button.
    • When the scan is finished (the cursor hourglass disappears) click the Save List To File button.
      A text file will be created on your desktop named "ckfiles.txt"
    • Click OK at the file saved message box. Double-click on the ckfiles.txt icon on your desktop.
    • Please copy/paste the contents of ckfiles.txt in your next reply.

    Please post each log separately to prevent it being cut off by the forum post size limiter.
    Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

    In your next reply please include:
    • Did you have any problems with the instructions?
    • An answer to my question
    • The TSG Sysinfo report
    • The MGA Diagnostic report
    • ckfiles.txt
    • Are there any changes in computer behavior?
     
  5. debodun

    debodun Thread Starter

    Joined:
    Jun 12, 2004
    Messages:
    589
    The workaround I have using is to update MSE is going to the Microsoft website and downloading from there rather than use the update tab from the desktop icon.

    TSG scan:

    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz, Intel64 Family 6 Model 15 Stepping 2
    Processor Count: 2
    RAM: 3063 Mb
    Graphics Card: Intel(R) Q965/Q963 Express Chipset Family, 384 Mb
    Hard Drives: C: 929 GB (736 GB Free); D: 1 GB (1 GB Free);
    Motherboard: Hewlett-Packard, 0A60h
    Antivirus: Microsoft Security Essentials, Enabled and Updated
     
    Last edited: Jan 11, 2017
  6. debodun

    debodun Thread Starter

    Joined:
    Jun 12, 2004
    Messages:
    589
    MGA scan


    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-GJY49-VJBQ7-HYRR2
    Windows Product Key Hash: W5/6nm6F2UPXrCkY5xUhXb/+21g=
    Windows Product ID: 00426-OEM-8992662-00006
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.001
    ID: {C0348408-3774-4567-B371-F9BF82039D0B}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Ultimate
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_ldr.161011-0600
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{C0348408-3774-4567-B371-F9BF82039D0B}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-HYRR2</PKey><PID>00426-OEM-8992662-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-3384263181-369055421-3260215636</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Compaq dc5700 Small Form Factor</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>786E2 v02.04</Version><SMBIOSVersion major="2" minor="4"/><Date>20070413000000.000000+000</Date></BIOS><HWID>DCA43307018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Ultimate edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00426-00178-926-600006-02-1033-7601.0000-3512011
    Installation ID: 015263951583467692325764356064963335905274358365759902
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: HYRR2
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 1/11/2017 3:25:12 PM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 11:14:2016 09:23
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: MAAAAAEABAABAAEAAAABAAAAAQABAAEAeqiM8sps7Ngu98bt2p3a2QxWSMn8qiqF

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC COMPAQ BROADH2O
    FACP COMPAQ BROADH2O
    HPET COMPAQ BROADH2O
    MCFG COMPAQ BROADH2O
    ASF! COMPAQ BROADH2O
    TCPA COMPAQ BROADH2O
    SLIC _ASUS_ Notebook
     
  7. debodun

    debodun Thread Starter

    Joined:
    Jun 12, 2004
    Messages:
    589
    CK scan:

    CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
    scanner sequence 3.RP.11.BNNARZ
    ----- EOF -----
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    106,227
    The system is using a key from an Acer and it's too old to have come with Windows 7 pre-installed therefore it's not genuine. We do not assist with pirated software.

    I suggest you purchase a genuine retail license of an operating system that can be supported and do a fresh installation.
     
  9. debodun

    debodun Thread Starter

    Joined:
    Jun 12, 2004
    Messages:
    589
    I bought it as a refurb from a computer fix-it shop.
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1183553