WiredWX Hobby Weather ToolsLog in

 


Possible Virus

2 posters

descriptionSolvedPossible Virus

more_horiz
Hi Team,
I am not able to browse through any website through any other bowser except Firefox.Every time I try to browse even google.com.I tried the following browsers IE,Opera,Google Chrome.I try to change Lan Settings to detect automatic proxy but it never gets accepted.Please help me to get this issue resolved.Thank you.
 I shall be posting my Farbar Recovery scan results.

descriptionSolvedRe: Possible Virus

more_horiz
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-07-2017
Ran by mansoor (administrator) on MANSOOR-PC (05-07-2017 18:12:33)
Running from C:\Users\mansoor\Desktop
Loaded Profiles: mansoor (Available Profiles: mansoor)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Valid Applications) C:\ProgramData\NgYIbnobV\auHyTi.exe
() C:\ProgramData\Rehupsoirg\1.0.7.1\loolkaah.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
() C:\Users\mansoor\AppData\Local\GeniusBox\Client.exe
() C:\ProgramData\Rehupsoirg\1.0.7.1\loolkaah.exe
() C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\slui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (CANON INC.)
HKLM-x32\...\Run: [iolo Startup] => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe [4521272 2015-04-27] (iolo technologies, LLC)
HKU\S-1-5-21-2753709941-258546545-1515937454-1000\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe [7342080 2013-07-03] () <==== ATTENTION
HKU\S-1-5-21-2753709941-258546545-1515937454-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27742168 2017-06-07] (Skype Technologies S.A.)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2753709941-258546545-1515937454-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-2753709941-258546545-1515937454-1000] => http=127.0.0.1:49504;https=127.0.0.1:49504
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{050FDAA5-18D2-4579-A461-1B7CF70E7F57}: [DhcpNameServer] 209.18.47.61 209.18.47.62
ManualProxies: 1http=127.0.0.1:49471;https=127.0.0.1:49471

Internet Explorer:
==================
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=100&itype=n&ver=14733&tm=574&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=100&itype=n&ver=14733&tm=574&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2753709941-258546545-1515937454-1000 -> DefaultScope {7B60B2D8-0720-4179-857F-050DF3A210AE} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2753709941-258546545-1515937454-1000 -> {7B60B2D8-0720-4179-857F-050DF3A210AE} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2753709941-258546545-1515937454-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=100&itype=n&ver=14733&tm=574&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2753709941-258546545-1515937454-1000 -> {D5B87F4D-BCD2-43E1-BCD5-9C36F06CBB23} URL = hxxps://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20141252,20028,0,31,0
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2014-03-18] (Yahoo! Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: ArcadeParlor Games -> {39AD0726-986D-40F9-972B-E3BFA24B7745} -> C:\Users\mansoor\AppData\Local\ArcadeParlor\Arcadeparlor.dll [2014-12-27] ()
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL [2014-08-25] (Symantec Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2014-03-18] (Yahoo! Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-2753709941-258546545-1515937454-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}

FireFox:
========
FF DefaultProfile: qtmtrzkw.default
FF ProfilePath: C:\Users\mansoor\AppData\Roaming\Mozilla\Firefox\Profiles\qtmtrzkw.default [2017-07-05]
FF NetworkProxy: Mozilla\Firefox\Profiles\qtmtrzkw.default -> type", 0
FF Extension: (ArcadeParlor) - C:\Users\mansoor\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} [2014-12-27] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: (Norton Vulnerability Protection) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-12-27] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: (Norton Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2017-07-04] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-03] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2015-09-11] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\mansoor\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-02-23] (Cisco WebEx LLC)

Chrome:
=======
CHR Profile: C:\Users\mansoor\AppData\Local\Google\Chrome\User Data\Default [2017-07-04]
CHR Extension: (Google Docs) - C:\Users\mansoor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-04]
CHR Extension: (Google Drive) - C:\Users\mansoor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-04]
CHR Extension: (YouTube) - C:\Users\mansoor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-04]
CHR Extension: (Google Docs Offline) - C:\Users\mansoor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mansoor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-04]
CHR Extension: (Gmail) - C:\Users\mansoor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-04]
CHR Extension: (Chrome Media Router) - C:\Users\mansoor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-04]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2015-02-07]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2015-02-07]

Opera:
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe

descriptionSolvedRe: Possible Virus

more_horiz
==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 auHyTi; C:\ProgramData\NgYIbnobV\auHyTi.exe [2733888 2014-12-27] (Valid Applications)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4676408 2015-04-27] (iolo technologies, LLC)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131002.001\BHDrvx64.sys [1525848 2013-09-25] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-10-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-10-04] (Symantec Corporation)
R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20130930.001\IDSVia64.sys [520280 2013-09-23] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131004.035\ENG64.SYS [126040 2013-10-04] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131004.035\EX64.SYS [2099288 2013-10-04] (Symantec Corporation)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32568 2015-04-27] (EldoS Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-12-27] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

descriptionSolvedRe: Possible Virus

more_horiz
==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-05 18:12 - 2017-07-05 18:13 - 00018875 _____ C:\Users\mansoor\Desktop\FRST.txt
2017-07-05 18:12 - 2017-07-05 18:12 - 00000000 ____D C:\FRST
2017-07-05 18:11 - 2017-07-05 18:11 - 02436608 _____ (Farbar) C:\Users\mansoor\Desktop\FRST64.exe
2017-07-05 18:09 - 2017-07-05 18:09 - 01766912 _____ (Farbar) C:\Users\mansoor\Downloads\FRST_19-04-17.exe
2017-07-04 14:23 - 2017-07-04 14:23 - 00000000 ____D C:\Users\mansoor\AppData\LocalLow\Mozilla
2017-07-04 12:30 - 2017-07-04 14:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-04 02:11 - 2017-07-04 02:11 - 00003832 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1499148685
2017-07-04 02:11 - 2017-07-04 02:11 - 00001095 _____ C:\Users\Public\Desktop\Opera Browser.lnk
2017-07-04 02:11 - 2017-07-04 02:11 - 00001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-07-04 02:11 - 2017-07-04 02:11 - 00000000 ____D C:\Users\mansoor\AppData\Roaming\Opera Software
2017-07-04 02:11 - 2017-07-04 02:11 - 00000000 ____D C:\Users\mansoor\AppData\Local\Opera Software
2017-07-04 02:11 - 2017-07-04 02:11 - 00000000 ____D C:\Program Files\Opera
2017-07-04 02:10 - 2017-07-04 02:10 - 01156872 _____ (Opera Software) C:\Users\mansoor\Downloads\OperaSetup.exe
2017-07-04 00:49 - 2017-07-04 00:49 - 00000000 ____D C:\Users\mansoor\Desktop\SAN Bio
2017-07-03 17:58 - 2017-07-04 07:29 - 00002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-03 17:58 - 2017-07-04 07:29 - 00002257 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-03 17:57 - 2017-07-03 17:57 - 01130328 _____ (Google Inc.) C:\Users\mansoor\Downloads\ChromeSetup.exe
2017-07-03 17:57 - 2017-07-03 17:57 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-07-03 17:57 - 2017-07-03 17:57 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-07-03 17:38 - 2017-07-03 17:38 - 00000000 ____D C:\Users\mansoor\Desktop\PM
2017-07-03 13:54 - 2017-07-05 18:07 - 00000000 ____D C:\Users\mansoor\AppData\Roaming\Skype
2017-07-03 13:54 - 2017-07-03 13:54 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2017-07-03 13:54 - 2017-07-03 13:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-07-03 13:54 - 2017-07-03 13:54 - 00000000 ____D C:\ProgramData\Skype
2017-07-03 13:54 - 2017-07-03 13:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-07-03 13:51 - 2017-07-03 13:51 - 01632216 _____ (Skype Technologies S.A.) C:\Users\mansoor\Desktop\SkypeSetup(1).exe
2017-07-03 09:12 - 2017-05-16 14:19 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-07-03 09:12 - 2017-05-16 13:35 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-07-03 09:12 - 2017-05-14 16:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-07-03 09:12 - 2017-05-14 16:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-07-03 09:12 - 2017-05-14 16:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-07-03 09:12 - 2017-05-14 16:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-07-03 09:12 - 2017-05-14 16:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-07-03 09:12 - 2017-05-14 16:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-07-03 09:12 - 2017-05-14 16:26 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-03 09:12 - 2017-05-14 16:24 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-07-03 09:12 - 2017-05-14 16:19 - 25738752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-03 09:12 - 2017-05-14 16:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-07-03 09:12 - 2017-05-14 16:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-07-03 09:12 - 2017-05-14 16:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-07-03 09:12 - 2017-05-14 16:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-03 09:12 - 2017-05-14 16:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-07-03 09:12 - 2017-05-14 16:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-07-03 09:12 - 2017-05-14 16:10 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-07-03 09:12 - 2017-05-14 16:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-07-03 09:12 - 2017-05-14 15:57 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-07-03 09:12 - 2017-05-14 15:55 - 05975040 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-03 09:12 - 2017-05-14 15:48 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-07-03 09:12 - 2017-05-14 15:47 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-07-03 09:12 - 2017-05-14 15:46 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-07-03 09:12 - 2017-05-14 15:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-07-03 09:12 - 2017-05-14 15:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-07-03 09:12 - 2017-05-14 15:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-07-03 09:12 - 2017-05-14 15:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-07-03 09:12 - 2017-05-14 15:36 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-07-03 09:12 - 2017-05-14 15:23 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-07-03 09:12 - 2017-05-14 15:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-07-03 09:12 - 2017-05-14 15:22 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-03 09:12 - 2017-05-14 15:22 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-07-03 09:12 - 2017-05-14 15:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-07-03 09:12 - 2017-05-14 15:20 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-07-03 09:12 - 2017-05-14 15:19 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-03 09:12 - 2017-05-14 15:18 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-07-03 09:12 - 2017-05-14 15:17 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-07-03 09:12 - 2017-05-14 15:16 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-07-03 09:12 - 2017-05-14 15:15 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-07-03 09:12 - 2017-05-14 15:14 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-07-03 09:12 - 2017-05-14 15:12 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-07-03 09:12 - 2017-05-14 15:11 - 20274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-03 09:12 - 2017-05-14 15:11 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-07-03 09:12 - 2017-05-14 15:10 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-03 09:12 - 2017-05-14 15:10 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-07-03 09:12 - 2017-05-14 15:02 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-07-03 09:12 - 2017-05-14 14:57 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-07-03 09:12 - 2017-05-14 14:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-07-03 09:12 - 2017-05-14 14:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-07-03 09:12 - 2017-05-14 14:54 - 15252992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-03 09:12 - 2017-05-14 14:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-07-03 09:12 - 2017-05-14 14:52 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-03 09:12 - 2017-05-14 14:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-07-03 09:12 - 2017-05-14 14:50 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-07-03 09:12 - 2017-05-14 14:49 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-07-03 09:12 - 2017-05-14 14:44 - 04549120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-03 09:12 - 2017-05-14 14:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-07-03 09:12 - 2017-05-14 14:40 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-03 09:12 - 2017-05-14 14:39 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-07-03 09:12 - 2017-05-14 14:38 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-07-03 09:12 - 2017-05-14 14:37 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-03 09:12 - 2017-05-14 14:30 - 13664768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-03 09:12 - 2017-05-14 14:27 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-03 09:12 - 2017-05-14 14:15 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-03 09:12 - 2017-05-14 14:11 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-03 09:12 - 2017-05-14 14:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-03 09:12 - 2017-05-12 14:26 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-07-03 09:12 - 2017-05-12 14:24 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-07-03 09:12 - 2017-05-12 13:52 - 03222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-03 09:12 - 2017-05-12 12:25 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-07-03 09:12 - 2017-05-12 11:58 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-07-03 09:12 - 2017-05-12 11:58 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-07-03 09:12 - 2017-05-10 11:29 - 14183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-07-03 09:12 - 2017-05-10 11:29 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-07-03 09:12 - 2017-05-10 11:29 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-07-03 09:12 - 2017-05-10 11:29 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-07-03 09:12 - 2017-05-10 11:14 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-07-03 09:12 - 2017-05-10 11:13 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-07-03 09:12 - 2017-05-10 11:13 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-07-03 09:12 - 2017-05-10 11:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-07-03 09:12 - 2017-05-10 11:12 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-07-03 09:12 - 2017-05-10 11:00 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-07-03 09:12 - 2017-05-10 11:00 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-07-03 09:12 - 2017-05-10 11:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-07-03 09:12 - 2017-05-10 11:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-07-03 09:12 - 2017-04-27 18:50 - 03550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-07-03 09:12 - 2017-04-17 11:37 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-07-03 09:12 - 2017-04-17 11:12 - 01417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-07-03 09:12 - 2017-04-12 11:32 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-07-03 09:12 - 2017-04-12 09:05 - 04296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-07-03 09:12 - 2017-04-04 11:34 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-03 09:12 - 2017-03-03 21:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-07-03 09:12 - 2017-01-18 11:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-07-03 09:12 - 2017-01-18 11:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-07-03 09:12 - 2017-01-18 11:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-07-03 09:12 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-07-03 09:12 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-07-03 09:12 - 2017-01-18 11:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-07-03 09:12 - 2017-01-18 11:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-07-03 09:12 - 2017-01-18 11:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-07-03 09:12 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-07-03 09:12 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-07-03 09:12 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-07-03 09:12 - 2017-01-11 14:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-07-03 09:12 - 2017-01-11 13:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-07-03 09:11 - 2017-06-02 04:28 - 02317824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-03 09:11 - 2017-06-02 04:28 - 02222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-03 09:11 - 2017-06-02 04:28 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-03 09:11 - 2017-06-02 04:28 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-03 09:11 - 2017-06-02 04:28 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-03 09:11 - 2017-06-02 04:28 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-07-03 09:11 - 2017-06-02 04:28 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-07-03 09:11 - 2017-06-02 04:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-07-03 09:11 - 2017-06-02 04:28 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-07-03 09:11 - 2017-06-02 04:11 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-03 09:11 - 2017-06-02 04:11 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-03 09:11 - 2017-06-02 04:10 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-07-03 09:11 - 2017-06-02 04:10 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-07-03 09:11 - 2017-06-02 04:09 - 01549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-03 09:11 - 2017-06-02 04:09 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-03 09:11 - 2017-06-02 04:09 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-07-03 09:11 - 2017-06-02 04:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-07-03 09:11 - 2017-06-02 04:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-07-03 09:11 - 2017-06-02 04:09 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-07-03 09:11 - 2017-06-02 04:09 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-07-03 09:11 - 2017-06-02 04:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-07-03 09:11 - 2017-06-02 03:58 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-07-03 09:11 - 2017-06-02 03:58 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-07-03 09:11 - 2017-06-02 03:57 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-07-03 09:11 - 2017-06-02 03:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-07-03 09:11 - 2017-05-21 00:28 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-07-03 09:11 - 2017-05-21 00:28 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-07-03 09:11 - 2017-05-21 00:24 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-03 09:11 - 2017-05-21 00:24 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-07-03 09:11 - 2017-05-21 00:24 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-03 09:11 - 2017-05-21 00:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-07-03 09:11 - 2017-05-21 00:24 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-07-03 09:11 - 2017-05-21 00:24 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-03 09:11 - 2017-05-21 00:24 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-07-03 09:11 - 2017-05-21 00:24 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-07-03 09:11 - 2017-05-21 00:24 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-07-03 09:11 - 2017-05-21 00:24 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-07-03 09:11 - 2017-05-21 00:24 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-07-03 09:11 - 2017-05-21 00:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-07-03 09:11 - 2017-05-21 00:24 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-07-03 09:11 - 2017-05-21 00:24 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-07-03 09:11 - 2017-05-21 00:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-07-03 09:11 - 2017-05-21 00:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-07-03 09:11 - 2017-05-21 00:24 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-07-03 09:11 - 2017-05-21 00:24 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-07-03 09:11 - 2017-05-21 00:24 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-07-03 09:11 - 2017-05-21 00:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-07-03 09:11 - 2017-05-21 00:06 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-07-03 09:11 - 2017-05-21 00:06 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-03 09:11 - 2017-05-21 00:06 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-07-03 09:11 - 2017-05-21 00:06 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-07-03 09:11 - 2017-05-21 00:06 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-07-03 09:11 - 2017-05-21 00:06 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-07-03 09:11 - 2017-05-21 00:06 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-07-03 09:11 - 2017-05-21 00:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-07-03 09:11 - 2017-05-21 00:06 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-07-03 09:11 - 2017-05-21 00:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-07-03 09:11 - 2017-05-21 00:06 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-07-03 09:11 - 2017-05-21 00:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-07-03 09:11 - 2017-05-21 00:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-07-03 09:11 - 2017-05-21 00:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-07-03 09:11 - 2017-05-21 00:06 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-07-03 09:11 - 2017-05-20 23:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-07-03 09:11 - 2017-05-20 23:48 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-03 09:11 - 2017-05-20 23:48 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-07-03 09:11 - 2017-05-20 23:48 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-03 09:11 - 2017-05-20 23:47 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-07-03 09:11 - 2017-05-20 23:46 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-07-03 09:11 - 2017-05-20 23:42 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-07-03 09:11 - 2017-05-14 15:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-07-03 09:11 - 2017-05-12 14:27 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-07-03 09:11 - 2017-05-12 14:26 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-07-03 09:11 - 2017-05-12 14:26 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:07 - 04001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-07-03 09:11 - 2017-05-12 14:07 - 03945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-07-03 09:11 - 2017-05-12 14:07 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-07-03 09:11 - 2017-05-12 14:04 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 13:55 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-07-03 09:11 - 2017-05-12 13:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-07-03 09:11 - 2017-05-12 13:54 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-07-03 09:11 - 2017-05-12 13:51 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-07-03 09:11 - 2017-05-12 13:50 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-07-03 09:11 - 2017-05-12 13:46 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-07-03 09:11 - 2017-05-12 13:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-07-03 09:11 - 2017-05-12 13:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-07-03 09:11 - 2017-05-12 13:41 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-07-03 09:11 - 2017-05-12 13:41 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-07-03 09:11 - 2017-05-12 13:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-07-03 09:11 - 2017-05-12 13:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 13:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 13:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-07-03 09:11 - 2017-05-12 13:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-07-03 09:11 - 2017-05-10 11:33 - 00091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe
2017-07-03 09:11 - 2017-05-10 11:29 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-03 09:11 - 2017-05-10 11:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-07-03 09:11 - 2017-05-10 11:16 - 00091368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MigAutoPlay.exe
2017-07-03 09:11 - 2017-05-10 11:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-07-03 09:11 - 2017-05-10 11:13 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-07-03 09:11 - 2017-05-10 11:13 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-07-03 09:11 - 2017-05-10 11:12 - 12880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-07-03 09:11 - 2017-05-10 11:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-03 09:11 - 2017-05-10 10:52 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-07-03 09:11 - 2017-05-09 11:30 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-07-03 09:11 - 2017-05-09 11:29 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-07-03 09:11 - 2017-05-09 11:11 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-07-03 09:11 - 2017-05-07 11:33 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-07-03 09:11 - 2017-05-07 11:29 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-07-03 09:11 - 2017-04-21 11:34 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-07-03 09:11 - 2017-04-21 11:15 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-07-03 09:11 - 2017-04-17 11:37 - 00876544 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-07-03 09:11 - 2017-04-17 11:37 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-07-03 09:11 - 2017-04-17 11:37 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-07-03 09:11 - 2017-04-17 11:37 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-07-03 09:11 - 2017-04-17 11:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-07-03 09:11 - 2017-04-17 11:12 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-07-03 09:11 - 2017-04-17 10:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-07-03 09:11 - 2017-04-12 11:32 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-07-03 09:11 - 2017-04-12 11:32 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-07-03 09:11 - 2017-04-12 11:32 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-07-03 09:11 - 2017-04-12 11:26 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-07-03 09:11 - 2017-04-12 11:25 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-07-03 09:11 - 2017-04-12 11:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-07-03 09:11 - 2017-04-12 11:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-07-03 09:11 - 2017-04-07 11:34 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-03 09:11 - 2017-04-07 11:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-03 09:11 - 2017-04-07 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-07-03 09:11 - 2017-04-05 10:55 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-07-03 09:11 - 2017-04-05 10:55 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-07-03 09:11 - 2017-04-05 10:55 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-07-03 09:11 - 2017-04-04 11:34 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-03 09:11 - 2017-04-04 11:34 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-07-03 09:11 - 2017-04-04 10:53 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-07-03 09:11 - 2017-03-30 11:03 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe
2017-07-03 09:11 - 2017-03-30 10:58 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
2017-07-03 09:11 - 2017-03-10 12:32 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2017-07-03 09:11 - 2017-03-10 12:32 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2017-07-03 09:11 - 2017-03-10 12:20 - 01508352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2017-07-03 09:11 - 2017-03-10 12:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2017-07-03 09:11 - 2017-03-10 11:57 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
2017-07-03 09:11 - 2017-03-10 11:55 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2017-07-03 09:11 - 2017-03-10 11:55 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2017-07-03 09:11 - 2017-03-09 12:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-07-03 09:11 - 2017-03-09 12:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-07-03 09:11 - 2017-03-07 12:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-07-03 09:11 - 2017-03-07 12:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-07-03 09:11 - 2017-03-03 21:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-07-03 09:11 - 2017-03-03 21:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-07-03 09:11 - 2017-03-03 21:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-07-03 09:11 - 2017-02-09 12:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-07-03 09:11 - 2017-02-09 12:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-07-03 09:11 - 2017-02-09 12:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-07-03 09:11 - 2017-02-09 12:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-07-03 09:11 - 2017-02-09 12:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-07-03 09:11 - 2017-02-09 12:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-07-03 09:11 - 2017-02-09 12:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-07-03 09:11 - 2017-02-09 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-07-03 09:11 - 2017-02-09 11:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-07-03 09:11 - 2017-01-13 14:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-07-03 09:11 - 2017-01-13 14:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-07-03 09:11 - 2017-01-13 13:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-07-03 09:11 - 2017-01-13 13:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-07-03 09:11 - 2017-01-11 14:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-07-03 09:11 - 2017-01-11 13:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-05 17:52 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\tracing
2017-07-05 17:47 - 2009-07-14 00:45 - 00020800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-05 17:47 - 2009-07-14 00:45 - 00020800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-05 16:48 - 2015-05-23 06:54 - 00003446 _____ C:\Windows\System32\Tasks\Rehupsoirg
2017-07-05 16:38 - 2014-12-27 18:19 - 00000280 _____ C:\Windows\Tasks\ArcadeParlor.job
2017-07-04 14:23 - 2015-01-01 15:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-04 08:48 - 2009-07-14 01:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-04 08:48 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-07-04 08:42 - 2014-12-27 18:27 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2017-07-04 08:42 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-04 03:58 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-07-04 03:20 - 2009-07-14 00:45 - 00267672 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-04 03:19 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-07-04 03:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2017-07-04 03:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\migwiz
2017-07-04 03:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-07-04 02:55 - 2015-02-21 14:07 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-07-04 00:49 - 2015-02-23 21:47 - 00000000 ____D C:\Users\mansoor\AppData\LocalLow\Temp
2017-07-03 17:58 - 2015-01-01 15:16 - 00000000 ____D C:\Program Files (x86)\Google
2017-07-03 08:52 - 2015-05-23 12:13 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-03 08:52 - 2015-05-23 12:13 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-03 08:52 - 2015-05-23 12:13 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-07-03 08:52 - 2015-05-23 12:13 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-03 08:52 - 2015-05-23 12:13 - 00000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2014-12-27 18:19 - 2014-12-27 18:19 - 0000064 _____ () C:\Users\mansoor\AppData\Local\076cf75d74629217cb24028a2f99be8b

Files to move or delete:
====================
C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-04 03:50

descriptionSolvedRe: Possible Virus

more_horiz
==================== End of FRST.txt ============================

Addition.txt
--------------------------------------------------------------------------------------------------
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2017
Ran by mansoor (05-07-2017 18:13:43)
Running from C:\Users\mansoor\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-12-27 18:26:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2753709941-258546545-1515937454-500 - Administrator - Disabled)
Guest (S-1-5-21-2753709941-258546545-1515937454-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2753709941-258546545-1515937454-1002 - Limited - Enabled)
mansoor (S-1-5-21-2753709941-258546545-1515937454-1000 - Administrator - Enabled) => C:\Users\mansoor

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.131 - Adobe Systems Incorporated)
ArcadeParlor (HKU\S-1-5-21-2753709941-258546545-1515937454-1000\...\{B74443DB-5A88-4583-860A-F0D06EF399E3}) (Version:  - ArcadeParlor)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.2.0 - Canon Inc.)
Canon MG2900 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2900_series) (Version: 1.00 - Canon Inc.)
Canon MG2900 series On-screen Manual (HKLM-x32\...\Canon MG2900 series On-screen Manual) (Version: 7.7.0 - Canon Inc.)
Canon MG2900 series User Registration (HKLM-x32\...\Canon MG2900 series User Registration) (Version:  - ‭Canon Inc.)
Canon MX320 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX320_series) (Version:  - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.4.0 - Canon Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-2753709941-258546545-1515937454-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
FinanceAlert (HKLM-x32\...\FinanceAlert) (Version: 3.0.23 - Valid Applications)
GeniusBox 2.0 (HKLM-x32\...\GeniusBox) (Version: 2.0 - GeniusBox 2.0)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 14.5.2 - iolo technologies, LLC)
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
KNCTR (HKLM-x32\...\Itibiti_is1) (Version:  - Itibiti Inc.) <==== ATTENTION
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
Network Recording Player (HKLM-x32\...\{14815F35-02EB-42EB-B841-928BCA2DD047}) (Version: 29.13.40.10011 - Cisco WebEx LLC)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
Opera Stable 46.0.2597.32 (HKLM-x32\...\Opera 46.0.2597.32) (Version: 46.0.2597.32 - Opera Software)
Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
WebEx Recorder and Player (HKLM-x32\...\{7A3B8117-FFCC-4C36-A2C7-DC44FADC127F}) (Version: 3.23.2516 - Cisco WebEx LLC)
Windows Driver Package - Intel (NETwLv64) net  (10/07/2010 13.4.0.139) (HKLM\...\EA1C8ECD4E416637C38F0079F98C8C7B0A112265) (Version: 10/07/2010 13.4.0.139 - Intel)
Windows Driver Package - Intel (NETwNs64) net  (01/22/2012 14.3.2.1) (HKLM\...\CD88F0FADE1395C9F91302912FD35B13CF75C196) (Version: 01/22/2012 14.3.2.1 - Intel)
Windows Driver Package - Intel (NETwNs64) net  (03/12/2012 15.1.1.1) (HKLM\...\738EE4A2348F1D264E42F18DCB309A694B162AE3) (Version: 03/12/2012 15.1.1.1 - Intel)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers01: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Windows\system32\Incinerator64.dll [2015-04-27] (iolo technologies, LLC)
ContextMenuHandlers01: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\NavShExt.dll [2014-09-21] (Symantec Corporation)
ContextMenuHandlers02: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\NavShExt.dll [2014-09-21] (Symantec Corporation)
ContextMenuHandlers04: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Windows\system32\Incinerator64.dll [2015-04-27] (iolo technologies, LLC)
ContextMenuHandlers06: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\NavShExt.dll [2014-09-21] (Symantec Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0912532F-C2DA-4D84-B965-6A21480714D5} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {28E23B22-B750-4F98-9F4B-D4AFE45E39EE} - System32\Tasks\iolo DelOnReboot => cmd.exe /c IF EXIST C:\ProgramData\iolo\ops\smrr.dll del /f C:\ProgramData\iolo\ops\smrr.dll
Task: {481AA702-368A-4A18-B99A-2BE34CCF3CAF} - System32\Tasks\Check Updates => C:\Users\mansoor\AppData\Local\GeniusBox\updater.exe [2014-12-23] ()
Task: {4E8A02C3-DD82-4F6A-A3C7-5F26286FE0C4} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\mansoor\AppData\Local\GeniusBox\client.exe" <==== ATTENTION
Task: {50082494-CB27-4DC4-89CC-AAFBA08DF336} - System32\Tasks\{D673B70E-9AE4-4D8E-B45E-B0E9BBBADE95} => Iexplore.exe hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.33.0.104&LastError=12002
Task: {5DD1407E-D619-4E2C-9A0E-2E4088FD8AA1} - System32\Tasks\Rehupsoirg => C:\ProgramData\Rehupsoirg\1.0.7.1\loolkaah.exe [2016-07-20] ()
Task: {648F7F19-E367-4008-86F8-F5239090A269} - System32\Tasks\{785AA402-15EC-457B-8F17-5823D2C7181C} => Iexplore.exe hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.33.0.104&LastError=12002
Task: {7EAEB1BC-063E-4754-9F84-BDDBEFDC1AD8} - System32\Tasks\{FA6FFDA1-8D46-4B87-A22F-35F7E6A663A1} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.23.0.105&LastError=404 <==== ATTENTION
Task: {88F99125-B7DA-4ED7-8915-9333546E75E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-03] (Google Inc.)
Task: {8C256C93-644C-4586-8093-EB176378EF45} - System32\Tasks\Opera scheduled Autoupdate 1499148685 => C:\Program Files\Opera\launcher.exe [2017-06-27] (Opera Software)
Task: {9A2FAADE-A9AC-4682-8B56-B57E0AE7EBF0} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {9F6E2561-8EAF-4B5C-9951-D1DE1077A0ED} - System32\Tasks\{818A2881-B7DB-4F16-BD73-DF53F22ED94A} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.23.0.105&LastError=404 <==== ATTENTION
Task: {B2CCD3C2-027A-40C0-9541-4B735F85B16E} - System32\Tasks\Validate Installation => C:\Users\mansoor\AppData\Local\GeniusBox\updater.exe [2014-12-23] ()
Task: {B617CD94-F9B1-4DBB-BDF2-9B7D62C528D6} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {C20735E3-8A14-40A0-B6AA-BE5CB27EDB2B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-03] (Adobe Systems Incorporated)
Task: {CE4184D9-9F0D-4391-B74E-F73C3A8F880F} - System32\Tasks\ArcadeParlor => C:\Users\mansoor\AppData\Local\ArcadeParlor\versioncheck.exe [2014-12-27] ()
Task: {D8A6A673-7207-47D7-BE2D-A7503A1C6FAB} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2015-04-27] (iolo technologies, LLC)
Task: {F73D87C7-A6C1-4D71-A522-49EDAC9ADCB4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-03] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\ArcadeParlor.job => C:\Users\mansoor\AppData\Local\ArcadeParlor\versioncheck.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2009-09-21 17:04 - 2009-09-21 17:04 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-03-04 09:11 - 2013-06-28 11:28 - 00084616 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2016-07-20 08:46 - 2016-07-20 08:46 - 00155136 _____ () C:\ProgramData\Rehupsoirg\1.0.7.1\loolkaah.exe
2014-12-22 11:12 - 2014-12-23 10:31 - 00872672 _____ () C:\Users\mansoor\AppData\Local\GeniusBox\Client.exe
2014-12-27 18:13 - 2013-07-03 16:39 - 07342080 _____ () C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
2017-05-31 11:41 - 2017-05-31 11:41 - 01982976 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2753709941-258546545-1515937454-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5017B8E5-55F3-4820-A17E-24CC68CF30A7}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{EA64AB45-9310-4EC4-9362-5AF97B76A704}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [TCP Query User{3E783F70-A084-4836-8FBA-68D7951DF37B}C:\program files (x86)\itibiti soft phone\itibiti.exe] => (Block) C:\program files (x86)\itibiti soft phone\itibiti.exe
FirewallRules: [UDP Query User{6EF43AE3-F980-49A5-BB8C-2E4D6FF2CB31}C:\program files (x86)\itibiti soft phone\itibiti.exe] => (Block) C:\program files (x86)\itibiti soft phone\itibiti.exe
FirewallRules: [{43661F39-4085-4D07-9BEF-486FA2CEAB06}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{948D7E6E-04C4-4D51-A0CD-BB14B771E68D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1CB27AC7-1680-4D13-9627-39209F6DB65B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{42B326AE-4201-4DFA-B309-B0B5C4998D84}] => (Allow) C:\Program Files\Opera\46.0.2597.32\opera.exe
FirewallRules: [{A1E72C22-B251-4F8B-901A-C92B7F6800E0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/05/2017 04:19:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: tasks.exe, version: 1.0.0.0, time stamp: 0x54997c8f
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23807, time stamp: 0x5915f98e
Exception code: 0xe0434f4d
Fault offset: 0x0000c54f
Faulting process id: 0x%9
Faulting application start time: 0xtasks.exe0
Faulting application path: tasks.exe1
Faulting module path: tasks.exe2
Report Id: tasks.exe3

Error: (07/05/2017 10:19:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: tasks.exe, version: 1.0.0.0, time stamp: 0x54997c8f
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23807, time stamp: 0x5915f98e
Exception code: 0xe0434f4d
Fault offset: 0x0000c54f
Faulting process id: 0x%9
Faulting application start time: 0xtasks.exe0
Faulting application path: tasks.exe1
Faulting module path: tasks.exe2
Report Id: tasks.exe3

Error: (07/05/2017 04:19:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: tasks.exe, version: 1.0.0.0, time stamp: 0x54997c8f
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23807, time stamp: 0x5915f98e
Exception code: 0xe0434f4d
Fault offset: 0x0000c54f
Faulting process id: 0x%9
Faulting application start time: 0xtasks.exe0
Faulting application path: tasks.exe1
Faulting module path: tasks.exe2
Report Id: tasks.exe3

Error: (07/04/2017 10:19:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: tasks.exe, version: 1.0.0.0, time stamp: 0x54997c8f
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23807, time stamp: 0x5915f98e
Exception code: 0xe0434f4d
Fault offset: 0x0000c54f
Faulting process id: 0x%9
Faulting application start time: 0xtasks.exe0
Faulting application path: tasks.exe1
Faulting module path: tasks.exe2
Report Id: tasks.exe3

Error: (07/04/2017 04:19:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: tasks.exe, version: 1.0.0.0, time stamp: 0x54997c8f
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23807, time stamp: 0x5915f98e
Exception code: 0xe0434f4d
Fault offset: 0x0000c54f
Faulting process id: 0x%9
Faulting application start time: 0xtasks.exe0
Faulting application path: tasks.exe1
Faulting module path: tasks.exe2
Report Id: tasks.exe3

Error: (07/04/2017 10:21:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: tasks.exe, version: 1.0.0.0, time stamp: 0x54997c8f
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23807, time stamp: 0x5915f98e
Exception code: 0xe0434f4d
Fault offset: 0x0000c54f
Faulting process id: 0x%9
Faulting application start time: 0xtasks.exe0
Faulting application path: tasks.exe1
Faulting module path: tasks.exe2
Report Id: tasks.exe3

Error: (07/04/2017 09:33:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 47.0.2.6148 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 9b8

Start Time: 01d2f4c9fa75c87e

Termination Time: 20

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 6626b176-60bd-11e7-9816-84a6c8b1e2a6

Error: (07/04/2017 08:45:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: tasks.exe, version: 1.0.0.0, time stamp: 0x54997c8f
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23807, time stamp: 0x5915f98e
Exception code: 0xe0434f4d
Fault offset: 0x0000c54f
Faulting process id: 0x%9
Faulting application start time: 0xtasks.exe0
Faulting application path: tasks.exe1
Faulting module path: tasks.exe2
Report Id: tasks.exe3

Error: (07/04/2017 08:42:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/04/2017 06:56:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: tasks.exe, version: 1.0.0.0, time stamp: 0x54997c8f
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23807, time stamp: 0x5915f98e
Exception code: 0xe0434f4d
Fault offset: 0x0000c54f
Faulting process id: 0x%9
Faulting application start time: 0xtasks.exe0
Faulting application path: tasks.exe1
Faulting module path: tasks.exe2
Report Id: tasks.exe3


System errors:
=============
Error: (07/05/2017 05:49:39 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (07/05/2017 05:49:39 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (07/05/2017 05:49:39 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (07/05/2017 05:49:39 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (07/05/2017 05:49:39 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (07/05/2017 05:49:39 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (07/05/2017 05:49:39 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (07/05/2017 03:44:55 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (07/05/2017 03:44:55 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (07/05/2017 03:44:55 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3612QM CPU @ 2.10GHz
Percentage of memory in use: 50%
Total physical RAM: 8053.85 MB
Available physical RAM: 3970.41 MB
Total Virtual: 16105.89 MB
Available Virtual: 11602.62 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:911.66 GB) (Free:860.69 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:19.81 GB) (Free:7.6 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 12A81DA3)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=19.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=911.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

descriptionSolvedRe: Possible Virus

more_horiz
I have posted the log files.Please let me know the next steps.

Thank you.

descriptionSolvedRe: Possible Virus

more_horiz
Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer. 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
While I look over your logs please run this scan and post the log.

Please download MiniToolBox to Desktop and run it.

Possible Virus MiniToolBox

Checkmark the following boxes:


  • Flush DNS

  • Report IE Proxy Settings

  • Reset IE Proxy Settings

  • List content of Hosts

  • List IP Configuration

  • Lst Last 10 Event Viewer Errors

  • List Users, Partitions and Memory Size


Click Go and copy/paste the log (Result.txt) into your next post.

descriptionSolvedRe: Possible Virus

more_horiz
The log shows that Norton Internet Security is disabled and out-of-date. Please download and install one of these free AV's. I suggest MSE.

Remember to only install one antivirus!
 
1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) MicroSoft Security Essentials   All versions and all languages.
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)

descriptionSolvedRe: Possible Virus

more_horiz
Hi SuperDave,
Thank you for helping me out.

Please find the Result after I ran Minitool as per your instructions.Please let me know if I should go ahead and install anti Virus or should I wait until the system is corrected.

MiniToolBox by Farbar  Version: 17-06-2016
Ran by mansoor (administrator) on 07-07-2017 at 19:37:34
Running from "C:\Users\mansoor\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: Inspiron 5520 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is enabled.
ProxyServer: http=127.0.0.1:49504;https=127.0.0.1:49504

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================

Intel(R) Centrino(R) Wireless-N 2230 = Wireless Network Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Wireless Network Connection" forwarding=disabled advertise=disabled mtu=1020 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : mansoor-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) Centrino(R) Wireless-N 2230
   Physical Address. . . . . . . . . : 84-A6-C8-B1-E2-A2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2605:6001:e5c3:1800:49f6:ecd4:4690:bf00(Preferred)
   Temporary IPv6 Address. . . . . . : 2605:6001:e5c3:1800:6145:71d2:62c0:2268(Preferred)
   Link-local IPv6 Address . . . . . : fe80::49f6:ecd4:4690:bf00%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.10(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, July 04, 2017 8:42:54 AM
   Lease Expires . . . . . . . . . . : Friday, July 07, 2017 8:33:22 PM
   Default Gateway . . . . . . . . . : fe80::4270:9ff:fe42:66f7%13
                                       192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 293906120
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-30-D4-37-84-A6-C8-B1-E2-A2
   DNS Servers . . . . . . . . . . . : 209.18.47.61
                                       209.18.47.62
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 84-A6-C8-B1-E2-A6
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{050FDAA5-18D2-4579-A461-1B7CF70E7F57}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:28a5:1d25:b749:e4d(Preferred)
   Link-local IPv6 Address . . . . . : fe80::28a5:1d25:b749:e4d%14(Preferred)
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    google.com
Addresses:  2607:f8b0:4000:802::200e
      172.217.12.78


Pinging google.com [2607:f8b0:4000:816::200e] with 32 bytes of data:
Reply from 2607:f8b0:4000:816::200e: time=18ms
Reply from 2607:f8b0:4000:816::200e: time=17ms

Ping statistics for 2607:f8b0:4000:816::200e:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 17ms, Maximum = 18ms, Average = 17ms
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
      2001:4998:58:c02::a9
      2001:4998:c:a06::2:4008
      98.139.180.149
      98.138.253.109
      206.190.36.45


Pinging yahoo.com [2001:4998:58:c02::a9] with 32 bytes of data:
Reply from 2001:4998:58:c02::a9: time=56ms
Reply from 2001:4998:58:c02::a9: time=55ms

Ping statistics for 2001:4998:58:c02::a9:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 55ms, Maximum = 56ms, Average = 55ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...84 a6 c8 b1 e2 a2 ......Intel(R) Centrino(R) Wireless-N 2230
 12...84 a6 c8 b1 e2 a6 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.10     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link      192.168.0.10    281
     192.168.0.10  255.255.255.255         On-link      192.168.0.10    281
    192.168.0.255  255.255.255.255         On-link      192.168.0.10    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.0.10    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.0.10    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13    281 ::/0                     fe80::4270:9ff:fe42:66f7
  1    306 ::1/128                  On-link
 14     58 2001::/32                On-link
 14    306 2001:0:4137:9e76:28a5:1d25:b749:e4d/128
                                    On-link
 13     33 2605:6001:e5c3:1800::/64 On-link
 13    281 2605:6001:e5c3:1800:49f6:ecd4:4690:bf00/128
                                    On-link
 13    281 2605:6001:e5c3:1800:6145:71d2:62c0:2268/128
                                    On-link
 13    281 fe80::/64                On-link
 14    306 fe80::/64                On-link
 14    306 fe80::28a5:1d25:b749:e4d/128
                                    On-link
 13    281 fe80::49f6:ecd4:4690:bf00/128
                                    On-link
  1    306 ff00::/8                 On-link
 14    306 ff00::/8                 On-link
 13    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/07/2017 04:19:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: tasks.exe, version: 1.0.0.0, time stamp: 0x54997c8f
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23807, time stamp: 0x5915f98e
Exception code: 0xe0434f4d
Fault offset: 0x0000c54f
Faulting process id: 0x%9
Faulting application start time: 0xtasks.exe0
Faulting application path: tasks.exe1
Faulting module path: tasks.exe2
Report Id: tasks.exe3

Error: (07/07/2017 10:19:23 AM) (Source: Application Error) (User: )
Description: Faulting application name: tasks.exe, version: 1.0.0.0, time stamp: 0x54997c8f
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23807, time stamp: 0x5915f98e
Exception code: 0xe0434f4d
Fault offset: 0x0000c54f
Faulting process id: 0x%9
Faulting application start time: 0xtasks.exe0
Faulting application path: tasks.exe1
Faulting module path: tasks.exe2
Report Id: tasks.exe3

Error: (07/07/2017 04:19:27 AM) (Source: Application Error) (User: )
Description: Faulting application name: tasks.exe, version: 1.0.0.0, time stamp: 0x54997c8f
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23807, time stamp: 0x5915f98e
Exception code: 0xe0434f4d
Fault offset: 0x0000c54f
Faulting process id: 0x%9
Faulting application start time: 0xtasks.exe0
Faulting application path: tasks.exe1
Faulting module path: tasks.exe2
Report Id: tasks.exe3

Error: (07/06/2017 10:19:23 PM) (Source: Application Error) (User: )
Description: Faulting application name: tasks.exe, version: 1.0.0.0, time stamp: 0x54997c8f
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23807, time stamp: 0x5915f98e
Exception code: 0xe0434f4d
Fault offset: 0x0000c54f
Faulting process id: 0x%9
Faulting application start time: 0xtasks.exe0
Faulting application path: tasks.exe1
Faulting module path: tasks.exe2
Report Id: tasks.exe3

Error: (07/06/2017 04:19:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: tasks.exe, version: 1.0.0.0, time stamp: 0x54997c8f
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23807, time stamp: 0x5915f98e
Exception code: 0xe0434f4d
Fault offset: 0x0000c54f
Faulting process id: 0x%9
Faulting application start time: 0xtasks.exe0
Faulting application path: tasks.exe1
Faulting module path: tasks.exe2
Report Id: tasks.exe3

Error: (07/06/2017 10:19:23 AM) (Source: Application Error) (User: )
Description: Faulting application name: tasks.exe, version: 1.0.0.0, time stamp: 0x54997c8f
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23807, time stamp: 0x5915f98e
Exception code: 0xe0434f4d
Fault offset: 0x0000c54f
Faulting process id: 0x%9
Faulting application start time: 0xtasks.exe0
Faulting application path: tasks.exe1
Faulting module path: tasks.exe2
Report Id: tasks.exe3

Error: (07/06/2017 04:19:23 AM) (Source: Application Error) (User: )
Description: Faulting application name: tasks.exe, version: 1.0.0.0, time stamp: 0x54997c8f
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23807, time stamp: 0x5915f98e
Exception code: 0xe0434f4d
Fault offset: 0x0000c54f
Faulting process id: 0x%9
Faulting application start time: 0xtasks.exe0
Faulting application path: tasks.exe1
Faulting module path: tasks.exe2
Report Id: tasks.exe3

Error: (07/05/2017 10:19:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: tasks.exe, version: 1.0.0.0, time stamp: 0x54997c8f
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23807, time stamp: 0x5915f98e
Exception code: 0xe0434f4d
Fault offset: 0x0000c54f
Faulting process id: 0x%9
Faulting application start time: 0xtasks.exe0
Faulting application path: tasks.exe1
Faulting module path: tasks.exe2
Report Id: tasks.exe3

Error: (07/05/2017 04:19:23 PM) (Source: Application Error) (User: )
Description: Faulting application name: tasks.exe, version: 1.0.0.0, time stamp: 0x54997c8f
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23807, time stamp: 0x5915f98e
Exception code: 0xe0434f4d
Fault offset: 0x0000c54f
Faulting process id: 0x%9
Faulting application start time: 0xtasks.exe0
Faulting application path: tasks.exe1
Faulting module path: tasks.exe2
Report Id: tasks.exe3

Error: (07/05/2017 10:19:23 AM) (Source: Application Error) (User: )
Description: Faulting application name: tasks.exe, version: 1.0.0.0, time stamp: 0x54997c8f
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23807, time stamp: 0x5915f98e
Exception code: 0xe0434f4d
Fault offset: 0x0000c54f
Faulting process id: 0x%9
Faulting application start time: 0xtasks.exe0
Faulting application path: tasks.exe1
Faulting module path: tasks.exe2
Report Id: tasks.exe3


System errors:
=============
Error: (07/07/2017 06:13:17 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (07/07/2017 06:13:17 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (07/07/2017 06:13:17 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (07/07/2017 06:13:17 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (07/07/2017 04:06:02 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (07/07/2017 04:06:02 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (07/07/2017 04:06:02 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (07/07/2017 04:06:02 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (07/07/2017 04:06:02 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (07/07/2017 04:06:02 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.


Microsoft Office Sessions:
=========================
Error: (07/07/2017 04:19:24 PM) (Source: Application Error)(User: )
Description: tasks.exe1.0.0.054997c8fKERNELBASE.dll6.1.7601.238075915f98ee0434f4d0000c54f

Error: (07/07/2017 10:19:23 AM) (Source: Application Error)(User: )
Description: tasks.exe1.0.0.054997c8fKERNELBASE.dll6.1.7601.238075915f98ee0434f4d0000c54f

Error: (07/07/2017 04:19:27 AM) (Source: Application Error)(User: )
Description: tasks.exe1.0.0.054997c8fKERNELBASE.dll6.1.7601.238075915f98ee0434f4d0000c54f

Error: (07/06/2017 10:19:23 PM) (Source: Application Error)(User: )
Description: tasks.exe1.0.0.054997c8fKERNELBASE.dll6.1.7601.238075915f98ee0434f4d0000c54f

Error: (07/06/2017 04:19:24 PM) (Source: Application Error)(User: )
Description: tasks.exe1.0.0.054997c8fKERNELBASE.dll6.1.7601.238075915f98ee0434f4d0000c54f

Error: (07/06/2017 10:19:23 AM) (Source: Application Error)(User: )
Description: tasks.exe1.0.0.054997c8fKERNELBASE.dll6.1.7601.238075915f98ee0434f4d0000c54f

Error: (07/06/2017 04:19:23 AM) (Source: Application Error)(User: )
Description: tasks.exe1.0.0.054997c8fKERNELBASE.dll6.1.7601.238075915f98ee0434f4d0000c54f

Error: (07/05/2017 10:19:24 PM) (Source: Application Error)(User: )
Description: tasks.exe1.0.0.054997c8fKERNELBASE.dll6.1.7601.238075915f98ee0434f4d0000c54f

Error: (07/05/2017 04:19:23 PM) (Source: Application Error)(User: )
Description: tasks.exe1.0.0.054997c8fKERNELBASE.dll6.1.7601.238075915f98ee0434f4d0000c54f

Error: (07/05/2017 10:19:23 AM) (Source: Application Error)(User: )
Description: tasks.exe1.0.0.054997c8fKERNELBASE.dll6.1.7601.238075915f98ee0434f4d0000c54f


========================= Memory info: ===================================

Percentage of memory in use: 64%
Total physical RAM: 8053.85 MB
Available physical RAM: 2844.94 MB
Total Virtual: 16105.89 MB
Available Virtual: 10118.88 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:911.66 GB) (Free:860.59 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:19.81 GB) (Free:7.6 GB) NTFS

========================= Users: ========================================

User accounts for \\MANSOOR-PC

Administrator            Guest                    mansoor                 


**** End of log ****

descriptionSolvedRe: Possible Virus

more_horiz
Please let me know if I should go ahead and install anti Virus or should I wait until the system is corrected.

You should install one ASAP.

What error messages are you receiving when you try other browsers? The log show that all browsers are functioning.

descriptionSolvedRe: Possible Virus

more_horiz
This is the screen I get

Possible Virus AwAAAAAQI38DAAAAABA7f8BGLbebENMQiAAAAAASUVORK5CYII=

descriptionSolvedRe: Possible Virus

more_horiz
Let's run some more scans on that computer to make sure it is clean then we'll go from there.

Please download AdwareCleaner onto your Desktop. AdwCleaner

Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.

Possible Virus AdwCleaner-icon

If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
When the AdwCleaner program will open, click on the Scan button as shown below.

Possible Virus Untitled

AdwCleaner will now start to search for malicious files that may be installed on your computer.
To remove the files that were detected in the previous step, please click on the Clean button.

Possible Virus 3

AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
*********************************************
Possible Virus Mbamicontw5 Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.


  • It should update automatically if the computer is connected to the internet.
  • Click on Threat Scan and click on Scan Now.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
  • Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
  • When disinfection is completed you can click on "Copy to Clipboard".
  • Paste the log in you next reply (CTRL+ V)

*************************************************
Please download Junkware Removal Tool to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
**********************************************************
Download Security Check by screen317 from the following link and save it to your desktop.

Security Check

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

descriptionSolvedRe: Possible Virus

more_horiz
Hi SuperDave,
Please find the logs you had asked me in the previous reply.

# AdwCleaner v6.047 - Logfile created 08/07/2017 at 10:03:48
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-07-07.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : mansoor - MANSOOR-PC
# Running from : C:\Users\mansoor\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: YahooAUService


***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\Rehupsoirg
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Rehupsoirg
[-] Folder deleted: C:\Users\mansoor\AppData\Local\ArcadeParlor
[-] Folder deleted: C:\Users\mansoor\AppData\Local\FinanceAlert
[-] Folder deleted: C:\Users\mansoor\AppData\Local\GeniusBox
[-] Folder deleted: C:\Users\mansoor\AppData\LocalLow\Yahoo! Companion
[-] Folder deleted: C:\Users\mansoor\AppData\LocalLow\Yahoo!\Companion
[-] Folder deleted: C:\Users\mansoor\AppData\Roaming\KeepMySettingsX
[-] Folder deleted: C:\Users\mansoor\AppData\Roaming\Yahoo!\Companion
[-] Folder deleted: C:\Users\mansoor\AppData\Roaming\Itibiti
[-] Folder deleted: C:\Users\mansoor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor
[-] Folder deleted: C:\FinanceAlert
[-] Folder deleted: C:\ProgramData\FinanceAlert
[-] Folder deleted: C:\ProgramData\NetEngine
[-] Folder deleted: C:\ProgramData\Yahoo! Companion
[#] Folder deleted on reboot: C:\ProgramData\Application Data\FinanceAlert
[#] Folder deleted on reboot: C:\ProgramData\Application Data\NetEngine
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Yahoo! Companion
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
[-] Folder deleted: C:\Program Files (x86)\Itibiti Soft Phone
[-] Folder deleted: C:\Program Files (x86)\user extensions
[-] Folder deleted: C:\Program Files (x86)\Yahoo!\Companion
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\speed browser
[-] Folder deleted: C:\Users\mansoor\APPDATA\LOCALLOW\DATAMNGR


***** [ Files ] *****

[-] File deleted: C:\Users\mansoor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Knctr.lnk
[#] File deleted: C:\Users\mansoor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\KNCTR.lnk
[-] File deleted: C:\END
[-] File deleted: C:\Program Files (x86)\Yahoo!\Common\unyt.exe


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****

[-] Task deleted: Rehupsoirg
[-] Task deleted: ArcadeParlor
[-] Task deleted: Check Updates
[-] Task deleted: GeniusBox
[-] Task deleted: Validate Installation
[-] Task deleted: validate installation
[-] Task deleted: geniusbox
[-] Task deleted: arcadeparlor
[-] Task deleted: check updates


***** [ Registry ] *****

[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\services\yahooauservice
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.BrowserHandler
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.CacheLoader
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.CacheLoader.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.Clickstream
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.Clickstream.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTBMButton
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTBMButton.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTHelper
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTHelper.2
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTNavAssistPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTNavAssistPlugin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YToolbarBand
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.BrowserHandler
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.CacheLoader
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.CacheLoader.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.Clickstream
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.Clickstream.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTBMButton
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTBMButton.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTHelper
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTHelper.2
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTNavAssistPlugin
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTNavAssistPlugin.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YToolbarBand
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B33BD6CF-BF4C-4CF0-AC84-B2974BC14ABD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3C16E079-E4C7-493C-BE9F-E0F2BB0B7430}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{7DB8B625-DBF0-4491-B544-5A06F7B17BB4}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{8E74A0AE-F0ED-47ED-A940-A8E99687646B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9DE77B51-89F6-468E-9402-16050382E950}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Key deleted: HKU\S-1-5-21-2753709941-258546545-1515937454-1000\Software\Browser
[-] Key deleted: HKU\S-1-5-21-2753709941-258546545-1515937454-1000\Software\Linkey
[-] Key deleted: HKU\S-1-5-21-2753709941-258546545-1515937454-1000\Software\Search Extensions
[-] Key deleted: HKU\S-1-5-21-2753709941-258546545-1515937454-1000\Software\Softonic
[-] Key deleted: HKU\S-1-5-21-2753709941-258546545-1515937454-1000\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-2753709941-258546545-1515937454-1000\Software\Yahoo\YFriendsBar
[-] Key deleted: HKU\S-1-5-21-2753709941-258546545-1515937454-1000\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-2753709941-258546545-1515937454-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B74443DB-5A88-4583-860A-F0D06EF399E3}
[#] Key deleted on reboot: HKCU\Software\Browser
[#] Key deleted on reboot: HKCU\Software\Linkey
[#] Key deleted on reboot: HKCU\Software\Search Extensions
[#] Key deleted on reboot: HKCU\Software\Softonic
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\{F2E9660B-98AF-42c0-8258-9CDDF07BF95D}
[-] Key deleted: HKLM\SOFTWARE\GeniusBox
[-] Key deleted: HKLM\SOFTWARE\SmdmF
[-] Key deleted: HKLM\SOFTWARE\SpeedBrowser
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B74443DB-5A88-4583-860A-F0D06EF399E3}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FinanceAlert
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GeniusBox
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Itibiti_is1
[#] Key deleted on reboot: [x64] HKCU\Software\Browser
[#] Key deleted on reboot: [x64] HKCU\Software\Linkey
[#] Key deleted on reboot: [x64] HKCU\Software\Search Extensions
[#] Key deleted on reboot: [x64] HKCU\Software\Softonic
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B74443DB-5A88-4583-860A-F0D06EF399E3}
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKU\S-1-5-21-2753709941-258546545-1515937454-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bestpriceninja.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\eshopcomp.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\foxi69.tlscdn.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\itibitiphone.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.bestpriceninja.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.eshopcomp.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tlscdn.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\b4.playsushi.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\bestpriceninja.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cmptch.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\en.softonic.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\eshopcomp.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\playsushi.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.bestpriceninja.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.eshopcomp.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.cmptch.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webex-player.en.softonic.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bestpriceninja.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\eshopcomp.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\foxi69.tlscdn.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\itibitiphone.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.bestpriceninja.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.eshopcomp.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tlscdn.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\b4.playsushi.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\bestpriceninja.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\en.softonic.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\eshopcomp.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\playsushi.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.bestpriceninja.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.eshopcomp.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webex-player.en.softonic.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
[-] Value deleted: HKU\S-1-5-21-2753709941-258546545-1515937454-1000\Software\Microsoft\Windows\CurrentVersion\Run [Itibiti.exe]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Itibiti.exe]
[#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Itibiti.exe]
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\yt.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE


***** [ Web browsers ] *****

[-] [C:\Users\mansoor\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\mansoor\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [22378 Bytes] - [08/07/2017 10:03:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [20885 Bytes] - [08/07/2017 09:58:41]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [22526 Bytes] ##########

descriptionSolvedRe: Possible Virus

more_horiz
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/8/2017
Scan Time: 1:28 PM
Logfile: MBAM Scan.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.07.08.05
Rootkit Database: v2017.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: mansoor

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 264956
Time Elapsed: 10 min, 33 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 3
PUP.Optional.FinanceAlert, C:\ProgramData\NgYIbnobV\auHyTi.exe, 2256, Delete-on-Reboot, [369f045f2782d75f5592c39dc23f5fa1]
Adware.PullUpdate, C:\ProgramData\Rehupsoirg\1.0.7.1\loolkaah.exe, 5236, Delete-on-Reboot, [676e194a4168c175dd8a4816837e10f0]
Adware.PullUpdate, C:\ProgramData\Rehupsoirg\1.0.7.1\loolkaah.exe, 4576, Delete-on-Reboot, [676e194a4168c175dd8a4816837e10f0]

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.FinanceAlert, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\auHyTi, Quarantined, [369f045f2782d75f5592c39dc23f5fa1],
PUP.Optional.WebSteroids, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [94414023624742f4f59bbe8ad13129d7],
PUP.Optional.ArcadeParlor, HKU\S-1-5-21-2753709941-258546545-1515937454-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{39AD0726-986D-40F9-972B-E3BFA24B7745}, Quarantined, [c90c144fa207f93dba9eba8921e13cc4],
PUP.Optional.ArcadeParlor, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{39AD0726-986D-40F9-972B-E3BFA24B7745}, Quarantined, [c90c144fa207f93dba9eba8921e13cc4],
PUP.Optional.ArcadeParlor, HKU\S-1-5-21-2753709941-258546545-1515937454-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{39AD0726-986D-40F9-972B-E3BFA24B7745}, Quarantined, [c90c144fa207f93dba9eba8921e13cc4],
PUP.Optional.W3i, HKU\S-1-5-21-2753709941-258546545-1515937454-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{D5B87F4D-BCD2-43E1-BCD5-9C36F06CBB23}, Quarantined, [fcd9fb68c3e6f244b83496e58c7456aa],

Registry Values: 1
PUP.Optional.W3i, HKU\S-1-5-21-2753709941-258546545-1515937454-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{D5B87F4D-BCD2-43E1-BCD5-9C36F06CBB23}|URL, https://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20141252,20028,0,31,0, Quarantined, [fcd9fb68c3e6f244b83496e58c7456aa]

Registry Data: 0
(No malicious items detected)

Folders: 8
PUP.Optional.FinanceAlert, C:\Users\mansoor\AppData\Local\FinanceAlert, Quarantined, [6e672b38d2d7d561e65a3db189797888],
PUP.Optional.PullUpdate, C:\ProgramData\Radio, Quarantined, [e7eece951792af872a079c5fbb4719e7],
PUP.Optional.ArcadeParlor, C:\Users\mansoor\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}, Quarantined, [d500f07302a7c76f3ba561f9f909ca36],
PUP.Optional.ArcadeParlor, C:\Users\mansoor\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome, Quarantined, [d500f07302a7c76f3ba561f9f909ca36],
PUP.Optional.ArcadeParlor, C:\Users\mansoor\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome\content, Quarantined, [d500f07302a7c76f3ba561f9f909ca36],
PUP.Optional.ArcadeParlor, C:\Users\mansoor\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\skin, Quarantined, [d500f07302a7c76f3ba561f9f909ca36],
PUP.Optional.PullUpdate, C:\ProgramData\NgYIbnobV\dat, Delete-on-Reboot, [478e66fd2485ba7cb1ce30381ee5fa06],
PUP.Optional.PullUpdate, C:\ProgramData\NgYIbnobV, Delete-on-Reboot, [478e66fd2485ba7cb1ce30381ee5fa06],

Files: 24
PUP.Optional.FinanceAlert, C:\ProgramData\NgYIbnobV\auHyTi.exe, Delete-on-Reboot, [369f045f2782d75f5592c39dc23f5fa1],
Adware.PullUpdate, C:\ProgramData\Rehupsoirg\1.0.7.1\loolkaah.exe, Delete-on-Reboot, [676e194a4168c175dd8a4816837e10f0],
PUP.Optional.SofTonic, C:\Users\mansoor\Downloads\SoftonicDownloader_for_webex-player.exe, Quarantined, [567f77eca60366d0a510cf0f51af53ad],
PUP.Optional.IBryte, C:\Users\mansoor\AppData\Local\3b0b6c41-dd12-4afc-9277-9bda3fb240e5\install_temp.exe, Quarantined, [f2e3c79cbaeff73ff45473ec26dba35d],
PUP.Optional.PullUpdate, C:\ProgramData\Browser\prompt.exe, Quarantined, [914491d2e1c8c96d8420045e28d9e31d],
PUP.Optional.FinanceAlert, C:\ProgramData\NgYIbnobV\dat\bZiziTZEo.exe, Delete-on-Reboot, [29acf76ca306a393edfa243c9e63916f],
PUP.Optional.FinanceAlert, C:\ProgramData\NgYIbnobV\dat\IgNArjt.exe, Delete-on-Reboot, [f0e5e57e9514171fdb0cc69a47ba9d63],
PUP.Optional.ZombieInvasion, C:\ProgramData\NgYIbnobV\dat\lQcCKhEDhc.dll, Delete-on-Reboot, [874e441febbe71c56b260942a95afd03],
PUP.Optional.PullUpdate, C:\ProgramData\NgYIbnobV\dat\zMroSNCx.dll, Delete-on-Reboot, [8253c2a16b3ed36302ffe37307f90000],
PUP.Optional.PullUpdate, C:\ProgramData\Radio\prompt.exe, Quarantined, [6471de85f8b158de9c08a6bc9d64c43c],
PUP.Optional.Browser, C:\ProgramData\Browser\prompt.exe.config, Quarantined, [09ccf76ce2c7ad89cda7e204ae54cb35],
PUP.Optional.FinanceAlert, C:\Users\mansoor\AppData\Local\FinanceAlert\data2.dat, Quarantined, [6e672b38d2d7d561e65a3db189797888],
PUP.Optional.PullUpdate, C:\ProgramData\Radio\prompt.exe.config, Quarantined, [e7eece951792af872a079c5fbb4719e7],
PUP.Optional.ArcadeParlor, C:\Users\mansoor\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome.manifest, Quarantined, [d500f07302a7c76f3ba561f9f909ca36],
PUP.Optional.ArcadeParlor, C:\Users\mansoor\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\icon.png, Quarantined, [d500f07302a7c76f3ba561f9f909ca36],
PUP.Optional.ArcadeParlor, C:\Users\mansoor\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\install.rdf, Quarantined, [d500f07302a7c76f3ba561f9f909ca36],
PUP.Optional.ArcadeParlor, C:\Users\mansoor\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome\content\arcadeparlor.js, Quarantined, [d500f07302a7c76f3ba561f9f909ca36],
PUP.Optional.ArcadeParlor, C:\Users\mansoor\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome\content\browser.xul, Quarantined, [d500f07302a7c76f3ba561f9f909ca36],
PUP.Optional.ArcadeParlor, C:\Users\mansoor\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\skin\style.css, Quarantined, [d500f07302a7c76f3ba561f9f909ca36],
PUP.Optional.PullUpdate, C:\ProgramData\NgYIbnobV\dat\bZiziTZEo.exe.config, Delete-on-Reboot, [478e66fd2485ba7cb1ce30381ee5fa06],
PUP.Optional.PullUpdate, C:\ProgramData\NgYIbnobV\dat\IgNArjt.exe.config, Delete-on-Reboot, [478e66fd2485ba7cb1ce30381ee5fa06],
PUP.Optional.PullUpdate, C:\ProgramData\NgYIbnobV\auHyTi.dat, Delete-on-Reboot, [478e66fd2485ba7cb1ce30381ee5fa06],
PUP.Optional.PullUpdate, C:\ProgramData\NgYIbnobV\auHyTi.exe.config, Quarantined, [478e66fd2485ba7cb1ce30381ee5fa06],
PUP.Optional.PullUpdate, C:\ProgramData\NgYIbnobV\info.dat, Delete-on-Reboot, [478e66fd2485ba7cb1ce30381ee5fa06],

Physical Sectors: 0
(No malicious items detected)


(end)

descriptionSolvedRe: Possible Virus

more_horiz
Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 7/8/2017 1:27 PM, SYSTEM, MANSOOR-PC, Manual, Rootkit Database, 2016.2.8.1, 2017.5.27.1,
Update, 7/8/2017 1:27 PM, SYSTEM, MANSOOR-PC, Manual, Remediation Database, 2016.2.12.1, 2017.7.7.1,
Update, 7/8/2017 1:27 PM, SYSTEM, MANSOOR-PC, Manual, IP Database, 2016.2.8.1, 2017.7.7.1,
Update, 7/8/2017 1:27 PM, SYSTEM, MANSOOR-PC, Manual, Domain Database, 2016.2.16.8, 2017.7.8.1,
Update, 7/8/2017 1:27 PM, SYSTEM, MANSOOR-PC, Manual, Malware Database, 2016.2.16.6, 2017.7.8.5,
Scan, 7/8/2017 1:40 PM, SYSTEM, MANSOOR-PC, Manual, Start:7/8/2017 1:28 PM, Duration:10 min 33 sec, Threat Scan, Completed, 3 Malware Detections, 39 Non-Malware Detections,
Update, 7/8/2017 4:42 PM, SYSTEM, MANSOOR-PC, Manual, Malware Database, 2017.7.8.5, 2017.7.8.6,

(end)

descriptionSolvedRe: Possible Virus

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum