Jump to content


Photo

Potential malware attack - no symptoms, but alerted from Life Lock

malware email keylogger

  • This topic is locked This topic is locked
33 replies to this topic

#1 ObscureReferenceMan

ObscureReferenceMan

    Advanced Member

  • Full Member
  • PipPipPip
  • 113 posts

Posted 25 March 2016 - 01:17 PM

I just got an alert from Life Lock. To quote them:

LifeLock detected a piece of your personal information being sold online. When this occurs, we make a record of all the data being sold along with it, so the alert will contain varying amounts of information that may or may not belong to you.

 

The information was related to my personal email account.

 

I spoke with a Life Lock representative, and she said it was flagged as a keylogger attack, and that she saw a snippet of my email password. None of the characters were part of my password. But she recommended doing a malware check anyway. So here I am!

 

Thanks!

 

EDIT: Please read the Instructions http://www.spywarein...showtopic=79038 and post logs...  Our helpers need details to review in order to help...


Edited by Budfred, 25 March 2016 - 04:22 PM.


#2 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,276 posts

Posted 27 March 2016 - 06:09 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

If you still need help please follow the instructions posted by Budfred on you original post.

Post the logs for my review.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 ObscureReferenceMan

ObscureReferenceMan

    Advanced Member

  • Full Member
  • PipPipPip
  • 113 posts

Posted 29 March 2016 - 07:18 PM

Malwarebytes scan

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/29/2016
Scan Time: 7:49 PM
Logfile: Log03292016.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.03.29.07
Rootkit Database: v2016.03.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dave

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 385537
Time Elapsed: 56 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

FRST scan

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Dave (administrator) on DAVE-HP (29-03-2016 20:57:13)
Running from C:\Users\Dave\Desktop
Loaded Profiles: Dave (Available Profiles: Dave)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\Transfer Utility\CameraMonitor.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Virgin HealthMiles Inc.) C:\Program Files (x86)\GoZone\GoZone_iSync.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Joyent, Inc) C:\Windows\Prey\versions\1.5.0\bin\node.exe
(Fork, Ltd.) C:\Windows\Prey\versions\1.5.0\node_modules\triggers\bin\lightevt.exe
(WildTangent, Inc.) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2919992 2011-01-26] (Hewlett-Packard Company)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-01-06] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2011-01-06] (Atheros Commnucations)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [835072 2011-01-27] (IDT, Inc.)
HKLM\...\Run: [MfeEpePcMonitor] => C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2011-03-29] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [299576 2011-01-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12274688 2011-02-07] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-04-05] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HPQuickWebProxy] => c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [76344 2011-02-10] (Hewlett-Packard Company)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-548866596-747862405-3157901741-1001\...\Run: [Google Update] => C:\Users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-548866596-747862405-3157901741-1001\...\Run: [MotoCast] => C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk [1979 2014-09-14] ()
HKU\S-1-5-21-548866596-747862405-3157901741-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3074128 2016-03-10] (Valve Corporation)
HKU\S-1-5-18\...\Run: [MotoCast] => C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk [1979 2014-09-14] ()
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-06-14]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-10-17]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-02-18]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Transfer Utility Camera Monitor.lnk [2013-02-17]
ShortcutTarget: Transfer Utility Camera Monitor.lnk -> C:\Program Files (x86)\PIXELA\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-06-14]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoZone iSync.lnk [2014-05-13]
ShortcutTarget: GoZone iSync.lnk -> C:\Program Files (x86)\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 173.44.120.64 173.44.120.65
Tcpip\..\Interfaces\{095D141C-544C-4EE0-A0A5-87B85B4F1450}: [DhcpNameServer] 173.44.120.64 173.44.120.65
Tcpip\..\Interfaces\{88343041-AA7B-4136-B60A-FCC6E197E777}: [DhcpNameServer] 173.44.120.64 173.44.120.65

Internet Explorer:
==================
HKU\S-1-5-21-548866596-747862405-3157901741-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM/1
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-02-25] (HP)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2011-02-07] (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-01-06] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-14] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-14] (Skype Technologies S.A.)

FireFox:
========
FF ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\prt7yhzo.default-1446854180886
FF Homepage: hxxps://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-24] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-24] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1223183.dll [2015-12-22] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-07-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2016-03-09] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-548866596-747862405-3157901741-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Dave\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-548866596-747862405-3157901741-1001: @talk.google.com/O1DPlugin -> C:\Users\Dave\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-548866596-747862405-3157901741-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-548866596-747862405-3157901741-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Dave\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Dave\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Bitdefender QuickScan - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\prt7yhzo.default-1446854180886\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2016-03-29]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-03-21] [not signed]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-21] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2011-05-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-10-17] [not signed]
FF HKU\S-1-5-21-548866596-747862405-3157901741-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Dave\AppData\Local\Google\Chrome\Application\49.0.2623.87\gcswf32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Native Client) - C:\Users\Dave\AppData\Local\Google\Chrome\Application\49.0.2623.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Dave\AppData\Local\Google\Chrome\Application\49.0.2623.87\pdf.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Dave\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Skype) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-03-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-11-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-01-06] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [53920 2011-01-06] (Atheros Commnucations) [File not signed]
R2 CronService; c:\windows\Prey\wpxsvc.exe [611854 2015-10-10] (Fork, Ltd.) [File not signed]
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [481104 2011-02-11] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [464480 2011-02-03] (Hewlett-Packard Company)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-03-09] (WildTangent)
S3 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2011-01-12] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [320000 2011-02-07] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [281656 2011-01-28] (Hewlett-Packard Company)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26680 2016-02-18] (Hewlett-Packard Company)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1318912 2011-03-29] () [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [293128 2016-02-05] (McAfee, Inc.)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-02] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
S4 SQLAgent$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-03-07] (Xobni Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-29] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [168008 2011-03-29] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1826048 2010-12-21] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-29 20:57 - 2016-03-29 20:57 - 00028029 _____ C:\Users\Dave\Desktop\FRST.txt
2016-03-29 19:46 - 2016-03-29 19:47 - 00000000 ____D C:\Users\Dave\AppData\Roaming\QuickScan
2016-03-29 19:42 - 2016-03-29 19:42 - 00898048 _____ C:\Users\Dave\Desktop\RGSA.exe
2016-03-29 19:39 - 2016-03-29 19:39 - 02374144 _____ (Farbar) C:\Users\Dave\Desktop\FRST64.exe
2016-03-28 18:09 - 2016-03-29 06:57 - 00003180 _____ C:\windows\System32\Tasks\HPCeeScheduleForDave
2016-03-28 18:09 - 2016-03-29 06:57 - 00000328 _____ C:\windows\Tasks\HPCeeScheduleForDave.job
2016-03-25 12:23 - 2016-03-25 12:23 - 00070405 _____ C:\Users\Dave\Desktop\SOI-ep.2-draft-5-1.pdf
2016-03-25 12:20 - 2016-03-25 12:20 - 00019287 _____ C:\Users\Dave\Desktop\Film-Shooting-Schedule.pdf
2016-03-21 21:25 - 2016-03-26 15:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-21 19:44 - 2016-03-21 19:44 - 00040369 _____ C:\Users\Dave\Desktop\DCSC Media Log Sheet.xlsx
2016-03-09 21:02 - 2016-02-12 14:52 - 03169792 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-03-09 21:02 - 2016-02-12 14:22 - 02610688 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-03-09 21:02 - 2016-02-12 14:19 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-03-09 21:02 - 2016-02-04 21:19 - 00381440 _____ (Microsoft Corporation) C:\windows\system32\mfds.dll
2016-03-09 21:02 - 2016-02-04 14:41 - 00296448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfds.dll
2016-03-09 21:02 - 2016-02-04 13:52 - 03211264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-03-09 21:01 - 2016-02-12 14:52 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-03-09 21:01 - 2016-02-12 14:52 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-03-09 21:01 - 2016-02-12 14:44 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2016-03-09 21:01 - 2016-02-12 14:39 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-03-09 21:01 - 2016-02-12 14:18 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-03-09 21:01 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-03-09 21:01 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-03-09 21:01 - 2016-02-12 14:18 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-03-09 21:01 - 2016-02-12 14:18 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2016-03-09 21:01 - 2016-02-12 14:06 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-03-09 21:01 - 2016-02-12 14:05 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-03-09 21:01 - 2016-02-12 14:05 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-03-09 21:01 - 2016-02-12 14:05 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2016-03-09 21:01 - 2016-02-09 02:53 - 00387792 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-03-09 21:01 - 2016-02-09 02:10 - 00341200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-03-09 21:01 - 2016-02-08 17:05 - 20352512 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-03-09 21:01 - 2016-02-08 16:51 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-03-09 21:01 - 2016-02-08 16:39 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-03-09 21:01 - 2016-02-08 16:39 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-03-09 21:01 - 2016-02-08 16:38 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-03-09 21:01 - 2016-02-08 16:38 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-03-09 21:01 - 2016-02-08 16:37 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-03-09 21:01 - 2016-02-08 16:34 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-03-09 21:01 - 2016-02-08 16:32 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-03-09 21:01 - 2016-02-08 16:31 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-03-09 21:01 - 2016-02-08 16:30 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-03-09 21:01 - 2016-02-08 16:28 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-03-09 21:01 - 2016-02-08 16:28 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-03-09 21:01 - 2016-02-08 16:28 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-03-09 21:01 - 2016-02-08 16:20 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-03-09 21:01 - 2016-02-08 16:16 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-03-09 21:01 - 2016-02-08 16:15 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-03-09 21:01 - 2016-02-08 16:13 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-03-09 21:01 - 2016-02-08 16:12 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-03-09 21:01 - 2016-02-08 16:11 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-03-09 21:01 - 2016-02-08 16:10 - 04611072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-03-09 21:01 - 2016-02-08 16:10 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-03-09 21:01 - 2016-02-08 16:03 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-03-09 21:01 - 2016-02-08 16:02 - 13012480 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-03-09 21:01 - 2016-02-08 16:02 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-03-09 21:01 - 2016-02-08 16:01 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-03-09 21:01 - 2016-02-08 16:01 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-03-09 21:01 - 2016-02-08 15:43 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-03-09 21:01 - 2016-02-08 15:39 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-03-09 21:01 - 2016-02-08 15:38 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-03-09 21:01 - 2016-02-08 14:41 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-03-09 21:01 - 2016-02-08 14:41 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-03-09 21:01 - 2016-02-08 14:27 - 02887680 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-03-09 21:01 - 2016-02-08 14:27 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-03-09 21:01 - 2016-02-08 14:26 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-03-09 21:01 - 2016-02-08 14:26 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-03-09 21:01 - 2016-02-08 14:19 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-03-09 21:01 - 2016-02-08 14:18 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-03-09 21:01 - 2016-02-08 14:16 - 06052352 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-03-09 21:01 - 2016-02-08 14:15 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-03-09 21:01 - 2016-02-08 14:14 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-03-09 21:01 - 2016-02-08 14:14 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-03-09 21:01 - 2016-02-08 14:13 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-03-09 21:01 - 2016-02-08 14:13 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-03-09 21:01 - 2016-02-08 14:06 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-03-09 21:01 - 2016-02-08 14:03 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-03-09 21:01 - 2016-02-08 13:55 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-03-09 21:01 - 2016-02-08 13:54 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-03-09 21:01 - 2016-02-08 13:51 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-03-09 21:01 - 2016-02-08 13:49 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-03-09 21:01 - 2016-02-08 13:47 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-03-09 21:01 - 2016-02-08 13:37 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-03-09 21:01 - 2016-02-08 13:35 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-03-09 21:01 - 2016-02-08 13:34 - 00798720 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-03-09 21:01 - 2016-02-08 13:33 - 14613504 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-03-09 21:01 - 2016-02-08 13:33 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-03-09 21:01 - 2016-02-08 13:33 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-03-09 21:01 - 2016-02-08 13:19 - 02597376 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-03-09 21:01 - 2016-02-08 13:07 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-03-09 21:01 - 2016-02-08 12:55 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-03-09 21:01 - 2016-02-03 14:58 - 00862208 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2016-03-09 21:01 - 2016-02-03 14:52 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll
2016-03-09 21:01 - 2016-02-03 14:49 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2016-03-09 21:01 - 2016-02-03 14:43 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\asycfilt.dll
2016-03-09 21:01 - 2016-02-03 14:07 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
2016-03-09 21:00 - 2016-02-08 16:05 - 25816576 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-03-09 21:00 - 2016-02-08 14:26 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-03-09 21:00 - 2016-02-08 14:26 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-03-09 21:00 - 2016-02-08 13:52 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-03-09 20:59 - 2016-02-11 14:56 - 05572032 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-03-09 20:59 - 2016-02-11 14:56 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-03-09 20:59 - 2016-02-11 14:56 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-03-09 20:59 - 2016-02-11 14:52 - 01733592 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-03-09 20:59 - 2016-02-11 14:48 - 01214464 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-03-09 20:59 - 2016-02-11 14:48 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-03-09 20:59 - 2016-02-11 14:44 - 03994560 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-03-09 20:59 - 2016-02-11 14:44 - 03938240 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-03-09 20:59 - 2016-02-11 14:44 - 01461248 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-03-09 20:59 - 2016-02-11 14:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-03-09 20:59 - 2016-02-11 14:44 - 00730112 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-03-09 20:59 - 2016-02-11 14:44 - 00422400 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-03-09 20:59 - 2016-02-11 14:41 - 01314328 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-03-09 20:59 - 2016-02-11 14:41 - 00880128 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-03-09 20:59 - 2016-02-11 14:38 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-03-09 20:59 - 2016-02-11 14:38 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-03-09 20:59 - 2016-02-11 14:33 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-03-09 20:59 - 2016-02-11 14:30 - 00642560 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-03-09 20:59 - 2016-02-11 13:34 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-03-09 20:59 - 2016-02-11 13:34 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-03-09 20:59 - 2016-02-11 13:32 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-03-09 20:58 - 2016-02-11 14:49 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-03-09 20:58 - 2016-02-11 14:49 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-03-09 20:58 - 2016-02-11 14:49 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-03-09 20:58 - 2016-02-11 14:49 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-03-09 20:58 - 2016-02-11 14:49 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-03-09 20:58 - 2016-02-11 14:49 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-03-09 20:58 - 2016-02-11 14:49 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-03-09 20:58 - 2016-02-11 14:49 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-03-09 20:58 - 2016-02-11 14:48 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-03-09 20:58 - 2016-02-11 14:48 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-03-09 20:58 - 2016-02-11 14:48 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-03-09 20:58 - 2016-02-11 14:47 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-03-09 20:58 - 2016-02-11 14:45 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-03-09 20:58 - 2016-02-11 14:45 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-03-09 20:58 - 2016-02-11 14:45 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-03-09 20:58 - 2016-02-11 14:45 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-03-09 20:58 - 2016-02-11 14:42 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-03-09 20:58 - 2016-02-11 14:42 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-03-09 20:58 - 2016-02-11 14:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-03-09 20:58 - 2016-02-11 14:41 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-03-09 20:58 - 2016-02-11 14:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-03-09 20:58 - 2016-02-11 14:41 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:41 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:41 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:41 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:41 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:41 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:41 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:41 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:38 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-03-09 20:58 - 2016-02-11 14:38 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-03-09 20:58 - 2016-02-11 14:38 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-03-09 20:58 - 2016-02-11 14:38 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-03-09 20:58 - 2016-02-11 14:38 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-03-09 20:58 - 2016-02-11 14:37 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-03-09 20:58 - 2016-02-11 14:37 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-03-09 20:58 - 2016-02-11 14:37 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-03-09 20:58 - 2016-02-11 14:35 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-03-09 20:58 - 2016-02-11 14:35 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-03-09 20:58 - 2016-02-11 14:35 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-03-09 20:58 - 2016-02-11 14:34 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-03-09 20:58 - 2016-02-11 14:31 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-03-09 20:58 - 2016-02-11 14:30 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-03-09 20:58 - 2016-02-11 14:30 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-03-09 20:58 - 2016-02-11 14:30 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:30 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:30 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:30 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:30 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:30 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:30 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 13:48 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-03-09 20:58 - 2016-02-11 13:43 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-03-09 20:58 - 2016-02-11 13:41 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-03-09 20:58 - 2016-02-11 13:40 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-03-09 20:58 - 2016-02-11 13:33 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-03-09 20:58 - 2016-02-11 13:32 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-03-09 20:58 - 2016-02-11 13:32 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-03-09 20:58 - 2016-02-11 13:32 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-03-09 20:58 - 2016-02-11 13:32 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-03-09 20:58 - 2016-02-11 13:32 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-03-09 20:58 - 2016-02-11 13:31 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-03-09 20:58 - 2016-02-11 13:30 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 13:30 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 13:30 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-03-09 20:58 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-03-09 20:57 - 2016-02-09 05:57 - 14634496 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2016-03-09 20:57 - 2016-02-09 05:57 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2016-03-09 20:57 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2016-03-09 20:57 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2016-03-09 20:57 - 2016-02-09 05:55 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\seclogon.dll
2016-03-09 20:57 - 2016-02-09 05:54 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2016-03-09 20:57 - 2016-02-09 05:51 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2016-03-09 20:57 - 2016-02-09 05:51 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2016-03-09 20:57 - 2016-02-09 05:13 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2016-03-09 20:57 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2016-03-09 20:57 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2016-03-09 20:57 - 2016-02-05 14:54 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2016-03-09 20:57 - 2016-02-05 14:54 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2016-03-09 20:57 - 2016-02-05 14:53 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-03-09 20:57 - 2016-02-05 14:53 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2016-03-09 20:57 - 2016-02-05 14:50 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2016-03-09 20:57 - 2016-02-05 14:44 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2016-03-09 20:57 - 2016-02-05 14:42 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2016-03-09 20:57 - 2016-02-05 13:48 - 00372736 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-03-09 20:57 - 2016-02-05 13:43 - 00299520 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2016-03-09 20:57 - 2016-02-05 13:43 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2016-03-09 07:30 - 2016-03-09 07:30 - 00002163 _____ C:\Users\Public\Desktop\Plants vs. Zombies.lnk
2016-03-08 18:57 - 2016-03-08 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-29 20:57 - 2015-04-12 19:35 - 00000000 ____D C:\FRST
2016-03-29 20:56 - 2015-04-13 06:16 - 00000000 ____D C:\Users\Dave\Documents\Malware
2016-03-29 20:54 - 2011-12-01 20:03 - 00000904 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-548866596-747862405-3157901741-1001UA.job
2016-03-29 20:51 - 2012-07-14 12:55 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-03-29 19:42 - 2015-09-20 07:58 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-29 19:40 - 2015-09-20 07:57 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-29 19:40 - 2015-09-20 07:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-29 19:40 - 2015-09-20 07:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-29 18:59 - 2011-12-01 20:03 - 00000852 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-548866596-747862405-3157901741-1001Core.job
2016-03-29 18:51 - 2013-02-24 19:23 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2016-03-29 06:57 - 2011-11-18 21:37 - 00000000 ____D C:\Users\Dave
2016-03-28 19:16 - 2012-01-09 18:32 - 00003216 _____ C:\windows\System32\Tasks\HPCeeScheduleForDAVE-HP$
2016-03-28 19:16 - 2012-01-09 18:32 - 00000340 _____ C:\windows\Tasks\HPCeeScheduleForDAVE-HP$.job
2016-03-28 18:19 - 2009-07-14 00:45 - 00022704 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-28 18:19 - 2009-07-14 00:45 - 00022704 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-28 06:37 - 2013-06-16 17:27 - 00002452 ____N C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
2016-03-28 06:36 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-27 20:34 - 2011-05-04 20:54 - 00000000 ____D C:\ProgramData\PDFC
2016-03-26 15:58 - 2009-07-14 01:13 - 00875874 _____ C:\windows\system32\PerfStringBackup.INI
2016-03-26 15:58 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf
2016-03-26 15:54 - 2012-05-13 13:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-26 15:51 - 2015-11-16 22:50 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-26 15:50 - 2014-09-14 06:37 - 00000000 ____D C:\Temp
2016-03-26 15:49 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-03-24 21:51 - 2012-07-14 12:55 - 00797376 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-03-24 21:51 - 2012-07-14 12:55 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-03-24 21:51 - 2011-12-03 17:24 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-21 17:30 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\NDF
2016-03-19 21:07 - 2013-04-12 07:50 - 00000000 ____D C:\Users\Dave\Documents\Financial
2016-03-14 18:12 - 2011-12-01 20:03 - 00002329 _____ C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-14 18:12 - 2011-12-01 20:03 - 00002321 _____ C:\Users\Dave\Desktop\Google Chrome.lnk
2016-03-13 21:45 - 2011-11-19 05:35 - 00000000 ____D C:\windows\rescache
2016-03-11 21:14 - 2015-12-20 19:56 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-10 14:09 - 2015-09-20 07:57 - 00064896 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-03-10 14:08 - 2015-09-20 07:57 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-03-10 14:08 - 2015-09-20 07:57 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-03-10 07:49 - 2009-07-14 00:45 - 00425824 _____ C:\windows\system32\FNTCACHE.DAT
2016-03-10 07:11 - 2013-07-15 06:07 - 00000000 ____D C:\windows\system32\MRT
2016-03-10 07:01 - 2011-12-07 19:34 - 143659408 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-03-09 07:29 - 2013-06-16 17:26 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-03-08 19:54 - 2011-12-01 20:14 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Skype
2016-03-08 18:57 - 2015-01-05 19:59 - 00000000 ____D C:\Users\Dave\AppData\Local\Skype
2016-03-08 18:57 - 2011-12-01 20:14 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-03-08 18:57 - 2011-10-13 12:37 - 00000000 ____D C:\ProgramData\Skype
2016-03-08 07:07 - 2016-01-30 07:47 - 00002198 _____ C:\Users\Dave\Desktop\Plants vs. Zombies.lnk

==================== Files in the root of some directories =======

2013-12-28 20:16 - 2014-06-06 08:39 - 0003747 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2011-12-13 19:07 - 2011-12-13 19:07 - 0000017 _____ () C:\Users\Dave\AppData\Local\resmon.resmoncfg
2015-10-17 22:59 - 2015-11-06 20:12 - 0002430 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => Fi

Edited by ObscureReferenceMan, 29 March 2016 - 07:24 PM.


#4 ObscureReferenceMan

ObscureReferenceMan

    Advanced Member

  • Full Member
  • PipPipPip
  • 113 posts

Posted 29 March 2016 - 07:26 PM

Edited because FRST Addition and RGSA were cut off.



#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,276 posts

Posted 30 March 2016 - 06:07 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
CHR Plugin: (Shockwave Flash) - C:\Users\Dave\AppData\Local\Google\Chrome\Application\49.0.2623.87\gcswf32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll => No File
CHR Plugin: (Native Client) - C:\Users\Dave\AppData\Local\Google\Chrome\Application\49.0.2623.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Dave\AppData\Local\Google\Chrome\Application\49.0.2623.87\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Users\Dave\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll => No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-25]
CustomCLSID: HKU\S-1-5-21-548866596-747862405-3157901741-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-548866596-747862405-3157901741-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-548866596-747862405-3157901741-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-548866596-747862405-3157901741-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-548866596-747862405-3157901741-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-548866596-747862405-3157901741-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-548866596-747862405-3157901741-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-548866596-747862405-3157901741-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-548866596-747862405-3157901741-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-548866596-747862405-3157901741-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-548866596-747862405-3157901741-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Firefox:
Reset Default Browsing settings:
https://support.mozi.../www.google.ca/

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com...d/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmic...java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.co...oads/index.html

How to disable Java in your browsers
http://www.infoworld...browsers-210882


If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features applet.
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)

Please let me know what problem persists with this computer.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 ObscureReferenceMan

ObscureReferenceMan

    Advanced Member

  • Full Member
  • PipPipPip
  • 113 posts

Posted 30 March 2016 - 06:21 AM

Started ESET scan last night at around 10:00pm. At 11:30pm, it was at about 95% (not exact, just my approximation), and still running. Disconnected wifi, and went to bed. Woke up at 6:30am, and it was still running (and with errors - probably because I disconnected wifi) - maybe at about 96%. Reconnected wifi, and let it continue for almost two hours, and it is currently still running - no increase in completion noticeable.

 

Is this normal?



#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,276 posts

Posted 30 March 2016 - 11:45 AM

Stop the process.

Restart the computer normally.

Run the Scan again. It should not take more than 4 hours to complete.
Unless or course you have a lot of files to verify.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#8 ObscureReferenceMan

ObscureReferenceMan

    Advanced Member

  • Full Member
  • PipPipPip
  • 113 posts

Posted 31 March 2016 - 04:52 AM

Re-started ESET the scan last night, and it seemed to pick up where it left off (~98%). But then continued very slowly. Rebooted. Will start the start the ESET scan again, and let it run.



#9 ObscureReferenceMan

ObscureReferenceMan

    Advanced Member

  • Full Member
  • PipPipPip
  • 113 posts

Posted 31 March 2016 - 06:06 PM

ESET scan finished. Could not find a log, or post a screenshot here, but there were six threats. For each of these, I selected "Clean", and hit Apply. Rebooted computer.

 

Any word on the logs I posted from before?



#10 ObscureReferenceMan

ObscureReferenceMan

    Advanced Member

  • Full Member
  • PipPipPip
  • 113 posts

Posted 01 April 2016 - 05:06 AM

Sorry... I missed your reply to my logs. I did the the following:

  • Ran FRST with the fixlist.txt file, and rebooted.
  • Updated to Java 8. (Java 7 was properly uninstalled.)
  • Reset Firefox default browsing settings.

However, when I tried to clean the Firefox cache (via the link https://kb.wisc.edu/....php?id=15141),that tab came up titled,  "Insecure Connection", and the following was displayed on the page:


Your connection is not secure

The owner of kb.wisc.edu has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

 

I searched for "clean the Firefox cache", and found this (and did it):

  1. From the History menu, select Clear Recent History. ...
  2. From the Time range to clear: drop-down menu, select the desired range; to clear your entire cache, select Everything.
  3. Next to "Details", click the down arrow to choose which elements of the history to clear; to clear your entire cache, select all items.

Is that enough? Thanks!



#11 ObscureReferenceMan

ObscureReferenceMan

    Advanced Member

  • Full Member
  • PipPipPip
  • 113 posts

Posted 01 April 2016 - 05:21 AM

Hmmm... Now I'm getting the same "Insecure Connection" message when trying to connect to Facebook. But now, there's a little more info:

 

The owner of www.facebook.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.

 

Also, some web sites do not display properly. I went to reddit.com, and it displayed in a "text mode" (not sure of the proper term - no graphics, only text). Even when I signed in, "text mode" remained. But when I went to metafilter, it seemed to display graphics properly.



#12 ObscureReferenceMan

ObscureReferenceMan

    Advanced Member

  • Full Member
  • PipPipPip
  • 113 posts

Posted 01 April 2016 - 05:25 AM

Tried connecting to my modem by ethernet cable (vs. wifi), and connected to Facebook with no problem. I've had some slow wifi connection problems in the past. I'll deal with that as best I can.

 

But some sites are still "text mode".



#13 ObscureReferenceMan

ObscureReferenceMan

    Advanced Member

  • Full Member
  • PipPipPip
  • 113 posts

Posted 02 April 2016 - 05:56 AM

I did a little digging, and it seems the "text mode" thing might be related to Javascript. Did my upgrade of Javascript from 7 to 8 contribute to the problem?



#14 ObscureReferenceMan

ObscureReferenceMan

    Advanced Member

  • Full Member
  • PipPipPip
  • 113 posts

Posted 02 April 2016 - 08:18 AM

Another problem...

 

I have gone to a few sites, and gotten the "insecure connection" alert. But have been able to do an "add certificate" for them. But now, for some sites (latest being yahoo mail), I cannot even do that. I get the following:

 

Your connection is not secure

The owner of login.yahoo.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.



#15 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,276 posts

Posted 02 April 2016 - 11:53 AM

This is good for me.
https://kb.wisc.edu/page.php?id=15141

Let me have the URL of the sites that you have problems with.

Not all of them just one or 2.

Is the Time and Date correct on your computer.
That could cause a problem with the certificates.

Has the problem just started?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#16 ObscureReferenceMan

ObscureReferenceMan

    Advanced Member

  • Full Member
  • PipPipPip
  • 113 posts

Posted 03 April 2016 - 04:48 AM

First, the link you provided gave me the "Insecure Connection" alert. But I clicked "Advanced", and selected "Add Exception". After I went there, I saw that it was about clearing cache, which was recommended in post #5.

 

Some of the sites that have been "text only"; twitter, reddit, youtube (although just today, when I went to youtube, I got the "Insecure Connection" alert, and could NOT add an exception). Also, one odd occurrence; amazon came up fine (all graphics displayed), but after I logged in, it was back to "text only" mode.

 

I checked, and the date is correct, but time is off (from my phone), by about 12 seconds (laptop is slower).

 

The "secure connection problem, can't add exception" problem seems to have started yesterday (4/2) morning.



#17 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,276 posts

Posted 03 April 2016 - 05:40 AM

In Firefox.

Make sure that you allow pages to choose their colors and that you haven't enabled High Contrast in the Accessibility settings.

Tools > Options > Content : Fonts & Colors > Colors : [X] "Allow pages to choose their own colors, instead of my selections above"

Check the Color tag also.
Make sure it's not set to never.


===
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#18 ObscureReferenceMan

ObscureReferenceMan

    Advanced Member

  • Full Member
  • PipPipPip
  • 113 posts

Posted 03 April 2016 - 06:46 AM

The selections are not quite as you described.

 

I selected "Use system colors", check box.

 

And the "Override the colors specified by the page with my selections above:" drop-down had "Only with High Contrast themes", "Always" and "Never". I selected "Only with High Contrast themes".



#19 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,276 posts

Posted 03 April 2016 - 09:18 AM

Dis you also check the Advanced button

Look at the Font

Is this box checked "Allow pages to use their own fonts..."

The Text encoding.
Is the fallback "Default for the current locale"?

Any improvement so far?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#20 ObscureReferenceMan

ObscureReferenceMan

    Advanced Member

  • Full Member
  • PipPipPip
  • 113 posts

Posted 04 April 2016 - 05:02 AM

I have noticed that two sites (yahoo mail, and youtube) no longer show the "unsecure connection" alert. And I haven't seen that alert again (but I haven't checked it extensively).

 

I went to Options > Content > Fonts & Colors > Advanced, and Fallback Text Encoding is set to "Default for the current locale".

 

Still several sites are coming up in "text only" mode.



#21 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,276 posts

Posted 04 April 2016 - 05:30 AM

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#22 ObscureReferenceMan

ObscureReferenceMan

    Advanced Member

  • Full Member
  • PipPipPip
  • 113 posts

Posted 04 April 2016 - 04:07 PM

I previously cleared the cache, as directed initially. But I have done so again. Still sites come up in "text only" mode.

 

FYI, the link you provided was for clearing cache for Internet Explorer, not Firefox.



#23 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,276 posts

Posted 05 April 2016 - 05:34 AM

Press the View menu on the tool bar.

Seletc A+

How is it now?

Got the idea from this old topic.
http://forums.mozill...p?f=38&t=578720

Hope it helps.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#24 ObscureReferenceMan

ObscureReferenceMan

    Advanced Member

  • Full Member
  • PipPipPip
  • 113 posts

Posted 05 April 2016 - 05:27 PM

Some pages have View > Page Style, and the choices "No Style", "A", "A+" and "A++".

Other pages have View > Page Style, and the choices "No Style" and "Basic Page Style".

 

I tried all selections, and for the pages that are in "text only" mode, nothing brings them back to "graphics" mode.



#25 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,276 posts

Posted 06 April 2016 - 05:36 AM

Give me the oe or two URL you are having problems with I will check check them and see if the problem is with the site or not.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#26 ObscureReferenceMan

ObscureReferenceMan

    Advanced Member

  • Full Member
  • PipPipPip
  • 113 posts

Posted 06 April 2016 - 06:20 PM

reddit.com

twitter.com



#27 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,276 posts

Posted 07 April 2016 - 05:39 AM

All is well here.

My version of Firefox is 45.0.1

On the menu select View > Page Style > Basic Page Style.

How is it now?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#28 ObscureReferenceMan

ObscureReferenceMan

    Advanced Member

  • Full Member
  • PipPipPip
  • 113 posts

Posted 08 April 2016 - 05:29 AM

My version of Firefox is also 45.0.1.

Selected View > Page Style > Basic Page Style. No change - reddit and twitter still coming up in text mode. Also, I'm still getting (seemingly) random occurrences of the "unsecure connections" alerts I mentioned before.



#29 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,276 posts

Posted 08 April 2016 - 06:09 AM

I hope this will solve the issues.
Navigate to this page.
http://forums.mozill...?f=23&t=2945915

The post by patclash dated July 9th, 2015, 12:30 am

Will lead you to this Mozilla page.

https://bugzilla.moz....cgi?id=1180317

Open the about:config in Firefox and check the settings

Look at the post (comment) no 30.

See if you can find the culprit.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#30 ObscureReferenceMan

ObscureReferenceMan

    Advanced Member

  • Full Member
  • PipPipPip
  • 113 posts

Posted 08 April 2016 - 08:40 AM

Per comment #30, I set:

"image.downscale-during-decode.enabled" to false
"layers.offmainthreadcomposition.enabled" to false

 

But reddit and twitter still come up in text mode. Even after I closed & re-opened Firefox.


Edited by ObscureReferenceMan, 08 April 2016 - 08:44 AM.


#31 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,276 posts

Posted 08 April 2016 - 11:02 AM

Did you close Firefox and restart browser to see if the change was applied?

If you did and the problem persists I suggest you start a topic in the Firefox forum.
http://forums.mozill...wforum.php?f=38

See what the experts have to say.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#32 ObscureReferenceMan

ObscureReferenceMan

    Advanced Member

  • Full Member
  • PipPipPip
  • 113 posts

Posted 10 April 2016 - 08:32 AM

OK! I posted in the mozillazine forum. According to this article, there's a little "glitch" with ESET's SSL/TLS settings. One must disable and re-enable SSL scanning.

 

Once I did that, the "text only" mode problem went away. Also, I have not encountered the "unsecure connection" problem either.

 

Thank you for all your help. (Another donation to spywareinfoforum will be forlthcoming!)



#33 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,276 posts

Posted 11 April 2016 - 05:37 AM

Thank you for the information.

It may become handy some time.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingc...best-practices/
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#34 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,276 posts

Posted 23 April 2016 - 05:27 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760





Also tagged with one or more of these keywords: malware, email, keylogger

Member of UNITE
Support SpywareInfo Forum - click the button