Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

S.pmddBy.com Highjacker

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: S.pmddBy.com Highjacker

Unread postby phillip245 » April 23rd, 2017, 8:44 am

mAL: thanks for the advice on YouTube, here is the first log the rest will follow

Thanks
Phillip

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-04-2017
Ran by Phillip (23-04-2017 08:30:12) Run:1
Running from C:\Users\Phillip\Desktop
Loaded Profiles: Phillip (Available Profiles: Phillip)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4193585031-2840196977-3773957042-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-4193585031-2840196977-3773957042-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [107520 2016-10-21] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2016-10-21] (Ellora Assets Corp.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 tmlwf; no ImagePath
U3 tmwfp; no ImagePath
2017-04-13 21:03 - 2017-04-13 21:07 - 00000000 ____D C:\Users\Phillip\Documents\Freemake
2017-04-13 21:03 - 2017-04-13 21:04 - 00000000 ____D C:\ProgramData\Freemake
2017-04-13 21:03 - 2017-04-13 21:03 - 00001338 _____ C:\Users\Public\Desktop\Freemake Video Downloader.lnk
2017-04-13 21:03 - 2017-04-13 21:03 - 00000000 ____D C:\Users\Phillip\Desktop\Freemake Shared
2017-04-13 21:03 - 2017-04-13 21:03 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2017-04-13 21:03 - 2017-04-13 21:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2017-04-13 21:03 - 2017-04-13 21:03 - 00000000 ____D C:\Program Files (x86)\Freemake
2017-04-13 21:00 - 2017-04-13 21:01 - 18796032 _____ ( ) C:\Users\Phillip\Downloads\FreemakeVideoDownloaderFull.exe
2010-02-26 09:56 - 2009-09-10 13:06 - 0131368 _____ () C:\ProgramData\FullRemove.exe
Task: {02F0A926-339E-4DF3-B9C6-230D076AEE56} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {E2792AB7-9482-4691-A28C-967800B9696D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4193585031-2840196977-3773957042-1002
Task: {EEE8E8CC-380D-4DFF-A11C-028A72A43E28} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]

Hosts:
EmptyTemp:
CMD: ipconfig /flushdns

*****************

Restore point was successfully created.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-4193585031-2840196977-3773957042-1002\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-4193585031-2840196977-3773957042-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => key removed successfully
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully
Freemake Improver => service not found.
FreemakeVideoCapture => service not found.
HKLM\System\CurrentControlSet\Services\AppMgmt => key removed successfully
AppMgmt => service removed successfully
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully
catchme => service removed successfully
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully
dbx => service removed successfully
HKLM\System\CurrentControlSet\Services\tmlwf => key removed successfully
tmlwf => service removed successfully
HKLM\System\CurrentControlSet\Services\tmwfp => key removed successfully
tmwfp => service removed successfully
C:\Users\Phillip\Documents\Freemake => moved successfully
C:\ProgramData\Freemake => moved successfully
"C:\Users\Public\Desktop\Freemake Video Downloader.lnk" => not found.
"C:\Users\Phillip\Desktop\Freemake Shared" => not found.
"C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake" => not found.
"C:\Program Files (x86)\Freemake" => not found.
C:\Users\Phillip\Downloads\FreemakeVideoDownloaderFull.exe => moved successfully
C:\ProgramData\FullRemove.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02F0A926-339E-4DF3-B9C6-230D076AEE56} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02F0A926-339E-4DF3-B9C6-230D076AEE56} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E2792AB7-9482-4691-A28C-967800B9696D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2792AB7-9482-4691-A28C-967800B9696D} => key removed successfully
C:\Windows\System32\Tasks\Games\UpdateCheck_S-1-5-21-4193585031-2840196977-3773957042-1002 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Games\UpdateCheck_S-1-5-21-4193585031-2840196977-3773957042-1002 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EEE8E8CC-380D-4DFF-A11C-028A72A43E28} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEE8E8CC-380D-4DFF-A11C-028A72A43E28} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 40458962 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 1856823 B
Edge => 0 B
Chrome => 83891151 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 175559937 B
systemprofile32 => 66228 B
LocalService => 132244 B
NetworkService => 66228 B
Phillip => 265550600 B

RecycleBin => 529837 B
EmptyTemp: => 553.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:31:58 ====
phillip245
Regular Member
 
Posts: 18
Joined: April 16th, 2017, 6:17 pm
Advertisement
Register to Remove

Re: S.pmddBy.com Highjacker

Unread postby phillip245 » April 23rd, 2017, 1:07 pm

mAL I just realized that avast was only off for one hour when the eset scan was running.

Thanks
Phillip
phillip245
Regular Member
 
Posts: 18
Joined: April 16th, 2017, 6:17 pm

Re: S.pmddBy.com Highjacker

Unread postby mAL_rEm018 » April 23rd, 2017, 4:26 pm

Hi Phillip,

phillip245 wrote:mAL I just realized that avast was only off for one hour when the eset scan was running.

I only asked you to disable your antivirus because it can cause the ESET scan to run very slowly. Since Avast was active for a short while, then it shouldn't be a problem. That being said, were you able to complete the ESET scan?
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2333
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: S.pmddBy.com Highjacker

Unread postby phillip245 » April 23rd, 2017, 7:04 pm

mAl I think I messed up again
1) I run the ESET Scan and one file came up
2) I tried to copy it to clipboard no luck
3) I tried to save it as a txt file no luck
4) I copied the files address and thought i sent it to you after that
5) I believe the file was in C:\program files\Google
6) it was a variant of Win 32

mAL it seems that the above info and the last email I sent to you was not received. The eset run for about 3 + hours this AM but I did have difficulty in copying the result and then the last post was not received by you or probably it was my mistake in sending it to you. I will wait for your next instructions, I realize that ESET is a one time only use or a 30 day trial. When it did finish up there was only the one file that was bad it said but I could not copy or post it, it did ask if I wanted to clean it.

Thanks
Phillip
phillip245
Regular Member
 
Posts: 18
Joined: April 16th, 2017, 6:17 pm

Re: S.pmddBy.com Highjacker

Unread postby mAL_rEm018 » April 24th, 2017, 7:20 am

Hi Phillip,

ESET usually creates a log in the following location:
C:\users\%userprofile%\appdata\local\temp\log.txt

Open the Start menu and copy/paste the above inside the Search programs and files box and press enter. If a log was created it will open.
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2333
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: S.pmddBy.com Highjacker

Unread postby phillip245 » April 24th, 2017, 8:28 am

mAL You are correct again the file is as follows. I thank you again for the help and patiences

Thank You
Phillip



08:58:34 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.16.0
# EOSSerial=f5b9e3d0cd927749b57029929b33a9cb
# end=init
# utc_time=2017-04-23 12:58:34
# local_time=2017-04-23 08:58:34 (-0500, Eastern Daylight Time)
# country="Canada"
# osver=6.1.7601 NT Service Pack 1
09:01:08 Updating
09:01:08 Update Init
09:01:10 Update Download
09:03:13 esets_scanner_reload returned 0
09:03:13 g_uiModuleBuild: 33149
09:03:13 Update Finalize
09:03:13 Call m_esets_charon_send
09:03:13 Call m_esets_charon_destroy
09:03:13 Updated modules version: 33149
09:03:27 Call m_esets_charon_setup_create
09:03:27 Call m_esets_charon_create
09:03:27 m_esets_charon_create OK
09:03:27 Call m_esets_charon_start_send_thread
09:03:27 Call m_esets_charon_setup_set
09:03:27 m_esets_charon_setup_set OK
09:03:27 Scanner engine: 33149
12:12:58 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.16.0
# EOSSerial=f5b9e3d0cd927749b57029929b33a9cb
# engine=33149
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# sfx_checked=true
# utc_time=2017-04-23 16:12:57
# local_time=2017-04-23 12:12:57 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avast Antivirus'
# compatibility_mode=798 16777213 66 88 0 44388097 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 19476948 244507427 0 0
# scanned=2
# found=1
# cleaned=0
# scan_time=11382
sh=877ACC9E5BBC2D6156A26A24EB5D59A865764C9B ft=1 fh=0000000000000000 vn="a variant of Win32/Adware.Coupons.AA application" ac=I fn="C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll"
12:58:19 Call m_esets_charon_send
12:58:19 Call m_esets_charon_destroy
12:58:20 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Phillip\AppData\Local\ESET\ESETOnlineScanner\Quarantine\
phillip245
Regular Member
 
Posts: 18
Joined: April 16th, 2017, 6:17 pm

Re: S.pmddBy.com Highjacker

Unread postby mAL_rEm018 » April 24th, 2017, 8:45 am

Hi Phillip,

phillip245 wrote:I thank you again for the help and patiences


It's my pleasure. :)

The file that was flagged by ESET is a remnant from Coupons. I'll include it in my next fix, but for now can you tell me how your computer is behaving? Are you still being redirected in Chrome?

I need to see a fresh set of FRST logs..


  • Right-click on FRST64.exe and select Run as administrator.
  • The tool might update. Please allow it to do so.
  • Select Scan.
  • When the scan is over two windows will open, FRST.txt and Addition.txt.
  • Please post the contents of both logs in your next reply.


-----------------------------------------
In your next reply, I would like to see..
  • Did you encounter any problem while following the instructions?
  • Answer to my question
  • FRST.txt
  • Addition.txt

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2333
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: S.pmddBy.com Highjacker

Unread postby phillip245 » April 24th, 2017, 6:52 pm

mAL Thanks for the quick turnaround.
1) no the files run good the first post is below, the second Addition will follow
2) I do not seem to be having any redirect in Chrome, the computer is working good as it was. Thanks
3) I do have the odd time freezing in IE11

Thanks
Phillip

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-04-2017 01
Ran by Phillip (administrator) on PHILLIP-PC (24-04-2017 18:39:41)
Running from C:\Users\Phillip\Desktop
Loaded Profiles: Phillip (Available Profiles: Phillip)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-04] (AVAST Software)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ADSMTray] => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe [272952 2009-06-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28344776 2017-04-17] (Dropbox, Inc.)
HKU\S-1-5-21-4193585031-2840196977-3773957042-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> none
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-04] (AVAST Software)
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll [2007-06-15] ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll [2007-06-01] ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll [2007-06-15] ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-01] ()
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{5ECC4103-727E-46DE-B93F-803ECD7B1A49}: [DhcpNameServer] 75.114.81.1 75.114.81.2

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-4193585031-2840196977-3773957042-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/en-ca?checklang=1
HKU\S-1-5-21-4193585031-2840196977-3773957042-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-4193585031-2840196977-3773957042-1002 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4193585031-2840196977-3773957042-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08] (Microsoft Corporation)
BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner64.dll => No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-04] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04] (Microsoft Corp.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-04] (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-08] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-4193585031-2840196977-3773957042-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-30]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://msn.ca/
CHR StartupUrls: Default -> "hxxp://www.msn.com/en-ca?checklang=1"
CHR Profile: C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default [2017-04-24]
CHR Extension: (http://www.theweathernetwork.com/weather/usfl) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\aidnpjefmpijoekpkaghfgemkkegeepc [2015-11-25]
CHR Extension: (Google Docs) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-25]
CHR Extension: (Google Drive) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-11-25]
CHR Extension: (YouTube) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-25]
CHR Extension: (Adblock Plus) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-21]
CHR Extension: (Google Search) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-25]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2015-11-25]
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2015-12-10]
CHR Extension: (Protect My Choices) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgloanjhdcenjgiafkpbehddcnonlic [2017-03-15]
CHR Extension: (Google Hangouts) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-02-11]
CHR Extension: (Office Online) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2016-11-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-25]
CHR Extension: (Chrome Media Router) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-24]
CHR Profile: C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-04-23]
CHR Profile: C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\System Profile [2017-04-23]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-04] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-12] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-12] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [48944 2017-04-17] (Dropbox, Inc.)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-04] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-04] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [127112 2017-04-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-04] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-04] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-04] (AVAST Software)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2017-04-17] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-19] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-24 17:52 - 2017-04-24 17:52 - 00276008 _____ C:\Windows\Minidump\042417-25521-01.dmp
2017-04-24 11:50 - 2017-04-24 11:55 - 00000000 ____D C:\Users\Phillip\Documents\2017_04_24
2017-04-24 11:47 - 2017-04-24 11:47 - 00506215 _____ C:\Users\Phillip\Documents\IMG.pdf
2017-04-23 08:58 - 2017-04-23 08:58 - 00000000 ____D C:\Users\Phillip\AppData\Local\ESET
2017-04-23 08:56 - 2017-04-23 08:56 - 06752896 _____ (ESET spol. s r.o.) C:\Users\Phillip\Desktop\esetonlinescanner_enu.exe
2017-04-23 08:30 - 2017-04-23 08:31 - 00011823 _____ C:\Users\Phillip\Desktop\Fixlog.txt
2017-04-21 17:32 - 2017-04-21 17:33 - 03458963 _____ C:\Users\Phillip\Downloads\Guardia, Mike - American Guerrilla- The Forgotten Heroics of Russell W Volckmann ( Casemate Publishers and Book Distributors, LLC, 9781935149545).mobi
2017-04-21 08:44 - 2017-04-21 08:44 - 00001813 _____ C:\Users\Phillip\Desktop\SearchReg.txt
2017-04-20 19:10 - 2017-04-22 08:47 - 00000000 ____D C:\AdwCleaner
2017-04-20 19:03 - 2017-04-20 19:03 - 04089296 _____ C:\Users\Phillip\Desktop\AdwCleaner.exe
2017-04-20 19:00 - 2017-04-20 19:00 - 00000207 _____ C:\Windows\tweaking.com-regbackup-PHILLIP-PC-Windows-7-Home-Premium-(64-bit).dat
2017-04-20 19:00 - 2017-04-20 19:00 - 00000000 ____D C:\RegBackup
2017-04-20 18:12 - 2017-04-20 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-04-20 08:33 - 2017-04-20 08:33 - 00002241 _____ C:\Users\Phillip\Desktop\Tweaking.com - Registry Backup.lnk
2017-04-20 08:33 - 2017-04-20 08:33 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-04-20 08:33 - 2017-04-20 08:33 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-04-20 08:31 - 2017-04-20 08:33 - 00018143 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2017-04-20 08:28 - 2017-04-20 08:28 - 05766144 _____ (Tweaking.com) C:\Users\Phillip\Desktop\tweaking.com_registry_backup_setup.exe
2017-04-19 14:24 - 2017-04-20 20:03 - 00043532 _____ C:\Users\Phillip\Desktop\Addition.txt
2017-04-19 14:23 - 2017-04-24 18:40 - 00021755 _____ C:\Users\Phillip\Desktop\FRST.txt
2017-04-19 14:23 - 2017-04-24 18:38 - 00000000 ____D C:\Users\Phillip\Desktop\FRST-OlderVersion
2017-04-19 14:15 - 2017-04-19 14:15 - 00276008 _____ C:\Windows\Minidump\041917-21528-01.dmp
2017-04-19 09:39 - 2017-04-19 09:39 - 00000000 ____D C:\Users\Phillip\AppData\LocalLow\Adobe
2017-04-18 08:56 - 2017-04-18 08:56 - 05774688 _____ (Zemana Ltd. ) C:\Users\Phillip\Downloads\Zemana.AntiMalware.Setup.exe
2017-04-17 13:06 - 2017-04-17 13:06 - 00035040 _____ C:\Users\Phillip\Desktop\combo 1.txt
2017-04-17 12:39 - 2017-04-17 12:39 - 00035034 _____ C:\ComboFix.txt
2017-04-17 12:39 - 2017-04-17 12:39 - 00016712 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP113.SYS
2017-04-17 12:12 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2017-04-17 12:12 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2017-04-17 12:12 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-04-17 12:12 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-04-17 12:12 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-04-17 12:12 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2017-04-17 12:12 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2017-04-17 12:12 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2017-04-17 12:08 - 2017-04-17 12:39 - 00000000 ____D C:\Qoobox
2017-04-17 12:08 - 2017-04-17 12:36 - 00000000 ____D C:\Windows\erdnt
2017-04-17 12:04 - 2017-04-17 12:04 - 05659609 ____R (Swearware) C:\Users\Phillip\Downloads\ComboFix.exe
2017-04-17 11:14 - 2017-04-17 11:14 - 00048944 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-04-17 10:53 - 2017-04-17 10:53 - 00284232 _____ C:\Windows\Minidump\041717-16068-01.dmp
2017-04-17 10:53 - 2017-04-17 10:53 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-04-17 10:51 - 2017-04-17 10:51 - 00004976 _____ C:\Windows\system32\.crusader
2017-04-17 10:42 - 2017-04-17 10:42 - 00001899 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-04-17 10:42 - 2017-04-17 10:42 - 00000000 ____D C:\Program Files\HitmanPro
2017-04-17 10:41 - 2017-04-17 10:41 - 11583584 _____ (SurfRight B.V.) C:\Users\Phillip\Downloads\HitmanPro_x64.exe
2017-04-17 10:23 - 2017-04-17 10:26 - 00703604 _____ C:\TDSSKiller.3.1.0.12_17.04.2017_10.23.41_log.txt
2017-04-17 10:20 - 2017-04-17 10:22 - 00203046 _____ C:\TDSSKiller.3.1.0.12_17.04.2017_10.20.53_log.txt
2017-04-17 09:22 - 2017-04-17 10:30 - 00002590 _____ C:\Users\Phillip\Desktop\Rkill.txt
2017-04-17 09:22 - 2017-04-17 09:22 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Phillip\Downloads\rkill.exe
2017-04-17 09:16 - 2017-04-17 09:19 - 00202880 _____ C:\TDSSKiller.3.1.0.12_17.04.2017_09.16.55_log.txt
2017-04-17 09:15 - 2017-04-17 09:15 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Phillip\Downloads\tdsskiller.exe
2017-04-16 18:40 - 2017-04-24 18:39 - 00000000 ____D C:\FRST
2017-04-16 18:37 - 2017-04-24 18:38 - 02426368 _____ (Farbar) C:\Users\Phillip\Desktop\FRST64.exe
2017-04-16 10:24 - 2017-04-16 10:27 - 00260516 _____ C:\Windows\ntbtlog.txt
2017-04-16 09:59 - 2017-04-19 14:31 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-16 09:58 - 2017-04-16 09:58 - 01129376 _____ (Google Inc.) C:\Users\Phillip\Downloads\ChromeSetup.exe
2017-04-16 09:46 - 2017-04-16 09:46 - 00000000 ____D C:\$AV_ASW
2017-04-15 20:48 - 2017-04-15 20:49 - 00000000 ____D C:\Users\Phillip\Documents\Kindle
2017-04-15 20:47 - 2013-12-15 10:34 - 41929941 _____ C:\Users\Phillip\Documents\STALINGRAD - Victory On The Volga (Images of War) By Nik Cornish ABEE.pdf
2017-04-15 20:35 - 2017-01-29 20:55 - 41441494 ____R C:\Users\Phillip\Documents\Consumer_Reports_New_Car_Buying_Guide_Spring_2017.pdf
2017-04-15 16:50 - 2017-04-15 16:50 - 00000000 ____D C:\Users\Phillip\Downloads\winds of war
2017-04-15 16:48 - 2017-04-15 16:48 - 00000906 _____ C:\Users\Phillip\Desktop\Downloads.lnk
2017-04-15 16:39 - 2017-04-15 17:13 - 00000000 ____D C:\Users\Phillip\.cr3
2017-04-15 16:38 - 2017-04-15 16:39 - 00000000 ____D C:\Users\Phillip\cr3
2017-04-15 16:38 - 2017-04-15 16:38 - 07955398 _____ C:\Users\Phillip\Documents\cr3-win32-qt-opengl-3.3.61.zip
2017-04-15 10:38 - 2017-04-15 10:38 - 02041884 _____ C:\Users\Phillip\Downloads\Shadow Commander_ The Epic Stor - Mike Guardia.epub
2017-04-14 18:55 - 2017-04-14 18:55 - 01581245 _____ C:\Users\Phillip\Documents\duplicates.dupeguru
2017-04-14 10:09 - 2017-04-14 10:29 - 00000000 ____D C:\Users\Phillip\Documents\Phillips library
2017-04-14 09:39 - 2017-04-14 09:39 - 00001098 _____ C:\Users\Public\Desktop\dupeGuru.lnk
2017-04-14 09:39 - 2017-04-14 09:39 - 00000000 ____D C:\Users\Phillip\AppData\Local\Hardcoded Software
2017-04-14 09:39 - 2017-04-14 09:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dupeGuru
2017-04-14 09:39 - 2017-04-14 09:39 - 00000000 ____D C:\Program Files\Hardcoded Software
2017-04-14 09:35 - 2017-04-14 09:36 - 17460736 _____ C:\Users\Phillip\Downloads\dupeguru_win64_3.9.1.msi
2017-04-14 08:24 - 2017-04-14 08:24 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\IsolatedStorage
2017-04-14 08:24 - 2017-04-14 08:24 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\DigitalVolcano
2017-04-14 08:24 - 2017-04-14 08:24 - 00000000 ____D C:\ProgramData\IsolatedStorage
2017-04-14 08:15 - 2017-04-14 08:15 - 13391688 _____ (DigitalVolcano Software Ltd) C:\Users\Phillip\Downloads\DuplicateCleanerPro4_setup.exe
2017-04-13 21:57 - 2017-04-13 21:57 - 00001018 _____ C:\Users\Public\Desktop\WinMerge.lnk
2017-04-13 21:57 - 2017-04-13 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge
2017-04-13 21:56 - 2017-04-13 21:57 - 00000000 ____D C:\Program Files (x86)\WinMerge
2017-04-13 21:52 - 2017-04-13 21:52 - 06433055 _____ (hxxp://winmerge.org ) C:\Users\Phillip\Downloads\WinMerge-2.14.0-Setup.exe
2017-04-13 21:41 - 2017-04-13 21:41 - 00000000 ____D C:\Users\Phillip\Downloads\duplicate_files_deleter
2017-04-13 21:04 - 2017-04-13 21:04 - 00000000 ____D C:\Program Files\WinPcap
2017-04-13 10:20 - 2017-04-13 10:20 - 63918174 _____ C:\Users\Phillip\Downloads\Blossoms in the Wind The Human Legacy of the Kamikaze.pdf
2017-04-12 11:40 - 2017-03-27 14:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-04-12 11:40 - 2017-03-27 13:28 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-04-12 11:40 - 2017-03-25 15:39 - 20284416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-04-12 11:40 - 2017-03-25 15:07 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-04-12 11:40 - 2017-03-25 15:06 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-04-12 11:40 - 2017-03-25 14:55 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-04-12 11:40 - 2017-03-25 14:52 - 02289152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-04-12 11:40 - 2017-03-25 14:51 - 01313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-04-12 11:40 - 2017-03-25 14:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-04-12 11:40 - 2017-03-25 14:46 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-04-12 11:40 - 2017-03-25 14:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-04-12 11:40 - 2017-03-25 14:10 - 02898432 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-04-12 11:40 - 2017-03-25 13:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-04-12 11:40 - 2017-03-25 13:52 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-04-12 11:40 - 2017-03-25 13:41 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-04-12 11:40 - 2017-03-25 13:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-04-12 11:40 - 2017-03-25 12:59 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-04-12 11:40 - 2017-03-25 12:57 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-04-12 11:40 - 2017-03-25 12:28 - 15259136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-04-12 11:40 - 2017-03-25 12:27 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-04-12 11:40 - 2017-03-25 12:24 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-04-12 11:40 - 2017-03-25 12:10 - 01546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-04-12 11:40 - 2017-03-24 18:50 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-04-12 11:40 - 2017-03-24 18:42 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-04-12 11:40 - 2017-03-22 11:32 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-04-12 11:40 - 2017-03-22 11:17 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-12 11:40 - 2017-03-22 11:15 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-12 11:40 - 2017-03-22 11:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-04-12 11:40 - 2017-03-14 11:34 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-04-12 11:40 - 2017-03-14 11:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-04-12 11:40 - 2017-03-10 12:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-12 11:40 - 2017-03-10 12:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-12 11:40 - 2017-03-10 12:00 - 03219968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-04-12 11:40 - 2017-03-08 16:20 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-04-12 11:40 - 2017-03-08 16:10 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-04-12 11:40 - 2017-03-08 00:37 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-04-12 11:40 - 2017-03-08 00:36 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-04-12 11:40 - 2017-03-08 00:36 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-04-12 11:40 - 2017-03-08 00:36 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-04-12 11:40 - 2017-03-08 00:36 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-04-12 11:40 - 2017-03-08 00:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-04-12 11:40 - 2017-03-08 00:33 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-04-12 11:40 - 2017-03-08 00:26 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-04-12 11:40 - 2017-03-08 00:26 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-04-12 11:40 - 2017-03-08 00:24 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-04-12 11:40 - 2017-03-08 00:22 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-04-12 11:40 - 2017-03-07 12:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-12 11:40 - 2017-03-07 12:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-12 11:40 - 2017-03-07 10:05 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-04-12 11:40 - 2017-03-03 21:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-12 11:40 - 2017-03-03 21:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-12 11:40 - 2017-03-03 21:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-12 11:40 - 2017-03-03 21:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-04-12 11:40 - 2017-02-14 12:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-04-12 11:40 - 2017-02-14 12:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-04-12 11:40 - 2017-02-09 12:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-04-12 11:40 - 2017-02-09 12:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-04-12 11:40 - 2017-02-09 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-12 11:39 - 2017-03-25 14:48 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-04-12 11:39 - 2017-03-25 14:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-04-12 11:39 - 2017-03-25 14:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-04-12 11:39 - 2017-03-25 14:46 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-04-12 11:39 - 2017-03-25 14:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-04-12 11:39 - 2017-03-25 14:46 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-04-12 11:39 - 2017-03-25 14:46 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-04-12 11:39 - 2017-03-25 14:46 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-04-12 11:39 - 2017-03-25 14:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-04-12 11:39 - 2017-03-25 14:45 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-04-12 11:39 - 2017-03-25 14:45 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-04-12 11:39 - 2017-03-25 14:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-04-12 11:39 - 2017-03-25 14:45 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-04-12 11:39 - 2017-03-25 14:45 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-04-12 11:39 - 2017-03-25 14:45 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-04-12 11:39 - 2017-03-25 14:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-04-12 11:39 - 2017-03-25 14:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-04-12 11:39 - 2017-03-25 14:44 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-04-12 11:39 - 2017-03-25 14:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-04-12 11:39 - 2017-03-25 14:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-04-12 11:39 - 2017-03-25 14:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-04-12 11:39 - 2017-03-25 14:14 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-04-12 11:39 - 2017-03-25 14:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-04-12 11:39 - 2017-03-25 14:13 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-04-12 11:39 - 2017-03-25 14:13 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-04-12 11:39 - 2017-03-25 14:04 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-04-12 11:39 - 2017-03-25 14:02 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-04-12 11:39 - 2017-03-25 13:57 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-04-12 11:39 - 2017-03-25 13:56 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-04-12 11:39 - 2017-03-25 13:56 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-04-12 11:39 - 2017-03-25 13:56 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-04-12 11:39 - 2017-03-25 13:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-12 11:39 - 2017-03-25 13:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-04-12 11:39 - 2017-03-25 13:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-12 11:39 - 2017-03-25 13:29 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-04-12 11:39 - 2017-03-25 13:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-04-12 11:39 - 2017-03-25 13:23 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-04-12 11:39 - 2017-03-25 13:20 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-04-12 11:39 - 2017-03-25 13:19 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-04-12 11:39 - 2017-03-25 13:17 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-04-12 11:39 - 2017-03-25 13:06 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-04-12 11:39 - 2017-03-25 13:00 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-04-12 11:39 - 2017-03-25 12:57 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-04-12 11:39 - 2017-03-25 12:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-04-12 11:39 - 2017-03-22 11:32 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-04-12 11:39 - 2017-03-22 11:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-04-12 11:39 - 2017-03-22 11:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-04-12 11:39 - 2017-03-22 11:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-04-12 11:39 - 2017-03-22 11:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-04-12 11:39 - 2017-03-22 11:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-04-12 11:39 - 2017-03-22 11:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-04-12 11:39 - 2017-03-22 11:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-04-12 11:39 - 2017-03-22 11:15 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-04-12 11:39 - 2017-03-22 11:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-04-12 11:39 - 2017-03-22 11:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-04-12 11:39 - 2017-03-22 11:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-04-12 11:39 - 2017-03-14 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-04-12 11:39 - 2017-03-10 12:31 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-04-12 11:39 - 2017-03-10 12:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-12 11:39 - 2017-03-10 12:31 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-04-12 11:39 - 2017-03-10 12:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-04-12 11:39 - 2017-03-10 12:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-04-12 11:39 - 2017-03-10 12:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-04-12 11:39 - 2017-03-10 12:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-04-12 11:39 - 2017-03-10 11:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-04-12 11:39 - 2017-03-08 00:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-04-12 11:39 - 2017-03-08 00:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-04-12 11:39 - 2017-03-08 00:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-04-12 11:39 - 2017-03-08 00:00 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-04-12 11:39 - 2017-03-07 23:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-04-12 11:39 - 2017-03-07 23:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-04-12 11:39 - 2017-03-07 23:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-04-12 11:39 - 2017-03-07 23:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-04-12 11:39 - 2017-03-07 23:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-04-12 11:39 - 2017-03-07 23:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-04-12 11:39 - 2017-03-07 23:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-04-12 11:39 - 2017-03-07 23:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-04-12 11:39 - 2017-03-07 23:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-04-12 11:39 - 2017-03-07 23:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-04-12 11:39 - 2017-03-07 23:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-04-12 11:39 - 2017-03-07 23:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-04-12 11:39 - 2017-03-07 23:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-12 11:39 - 2017-03-07 23:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-12 11:39 - 2017-03-07 23:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-12 11:39 - 2017-03-07 23:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-12 11:39 - 2017-02-11 12:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-04-12 11:39 - 2017-02-11 12:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-04-12 11:39 - 2016-03-23 18:40 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-04-12 11:39 - 2016-03-23 18:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-04-08 08:23 - 2017-04-08 08:23 - 00276008 _____ C:\Windows\Minidump\040817-27580-01.dmp
2017-04-04 08:23 - 2017-04-04 08:22 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-04-01 18:53 - 2017-04-01 18:53 - 11061478 _____ C:\Users\Phillip\Downloads\Video.MOV
2017-03-31 08:45 - 2017-04-14 19:33 - 00004431 _____ C:\Users\Phillip\Documents\newsbin.nbi.bak
2017-03-31 08:35 - 2017-03-31 08:35 - 00000000 ____D C:\Users\Phillip\Documents\Temp
2017-03-31 08:35 - 2017-03-31 08:35 - 00000000 ____D C:\Users\Phillip\Documents\Import
2017-03-31 08:35 - 2017-03-31 08:35 - 00000000 ____D C:\Users\Phillip\Documents\Images
2017-03-31 08:35 - 2017-03-31 08:35 - 00000000 ____D C:\Users\Phillip\Documents\Chunks

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-24 18:01 - 2009-07-14 00:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-24 18:01 - 2009-07-14 00:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-24 17:55 - 2016-11-12 08:34 - 00000000 ___RD C:\Users\Phillip\Dropbox
2017-04-24 17:52 - 2016-11-12 08:31 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-04-24 17:52 - 2015-12-22 15:31 - 00000000 ____D C:\Windows\Minidump
2017-04-24 17:52 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-24 17:51 - 2017-02-08 10:00 - 582852329 _____ C:\Windows\MEMORY.DMP
2017-04-24 17:43 - 2016-11-12 08:31 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-04-23 08:31 - 2016-02-24 18:44 - 00000000 ____D C:\Users\Phillip\AppData\LocalLow\Temp
2017-04-23 08:30 - 2015-11-29 14:20 - 00000000 ____D C:\Windows\System32\Tasks\Games
2017-04-21 16:23 - 2009-07-14 01:08 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-04-20 18:18 - 2017-03-15 15:18 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-04-20 18:12 - 2016-11-12 08:31 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-04-19 18:35 - 2016-02-18 21:43 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\Google
2017-04-19 14:31 - 2010-02-26 09:41 - 00002197 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-18 08:47 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2017-04-17 19:21 - 2015-11-25 18:29 - 00000000 ____D C:\Users\Phillip\AppData\Local\Google
2017-04-17 12:32 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2017-04-17 10:53 - 2016-07-25 05:54 - 00000000 ____D C:\Users\Phillip
2017-04-17 10:51 - 2015-12-03 20:00 - 00000000 ____D C:\ProgramData\HitmanPro
2017-04-16 10:20 - 2009-07-29 01:20 - 00000000 ____D C:\Windows\log
2017-04-16 10:06 - 2015-12-03 19:47 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-16 09:53 - 2016-02-19 22:12 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-16 09:53 - 2016-02-19 22:12 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-16 09:53 - 2016-02-19 22:12 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-16 09:53 - 2010-02-26 10:03 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-16 09:46 - 2016-12-30 13:28 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-04-15 18:18 - 2009-07-14 01:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-15 18:18 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-04-15 16:57 - 2017-03-03 18:15 - 00000000 ____D C:\Users\Phillip\Downloads\GrabIt Downloads
2017-04-15 16:50 - 2017-03-03 17:15 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\GrabIt
2017-04-15 16:35 - 2015-11-25 21:48 - 00000000 ____D C:\Users\Phillip\Documents\Calibre Library
2017-04-14 19:33 - 2017-02-26 10:07 - 00000000 ____D C:\Users\Phillip\AppData\Local\Newsbin
2017-04-14 19:33 - 2017-02-26 10:06 - 00004431 _____ C:\Users\Phillip\Documents\newsbin.nbi.old
2017-04-14 19:33 - 2017-02-26 10:06 - 00004431 _____ C:\Users\Phillip\Documents\newsbin.nbi
2017-04-13 10:18 - 2017-02-20 18:34 - 00000985 _____ C:\Users\Phillip\Desktop\GrabIt.lnk
2017-04-13 10:18 - 2017-02-20 18:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GrabIt
2017-04-13 10:18 - 2017-02-20 18:34 - 00000000 ____D C:\Program Files (x86)\GrabIt
2017-04-13 08:03 - 2017-01-23 08:46 - 00478752 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-13 07:47 - 2015-11-29 16:54 - 00000000 ____D C:\Windows\system32\MRT
2017-04-13 07:43 - 2015-11-29 16:54 - 148601744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-04-13 07:39 - 2015-12-16 22:21 - 00765700 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-04-12 11:26 - 2017-01-05 10:13 - 00000000 ____D C:\Users\Phillip\Documents\RBC US
2017-04-11 17:35 - 2016-07-28 19:49 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d1e92ab36a59e7
2017-04-11 17:35 - 2016-07-28 19:49 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1e92ab3177dc0
2017-04-04 20:06 - 2016-03-23 07:45 - 00003896 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458733531
2017-04-04 08:22 - 2017-03-15 15:18 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-04-04 08:22 - 2017-03-15 15:18 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-04-04 08:22 - 2017-03-15 15:18 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-04-04 08:22 - 2017-03-15 15:18 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-04-04 08:22 - 2016-03-23 07:45 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 00127112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-03-31 14:11 - 2017-03-03 17:31 - 00000000 ____D C:\Users\Phillip\.pan2
2017-03-31 08:37 - 2017-02-26 10:07 - 00000000 ____D C:\Users\Phillip\Documents\Newsbin
2017-03-29 20:11 - 2015-11-25 20:27 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\calibre

==================== Files in the root of some directories =======

2017-02-20 18:40 - 2017-02-20 18:40 - 0000292 _____ () C:\Users\Phillip\AppData\Local\HamsterBookConverter.cfg
2017-03-03 17:53 - 2017-03-03 17:53 - 0000703 _____ () C:\Users\Phillip\AppData\Local\recently-used.xbel
2010-02-26 09:36 - 2010-02-26 09:36 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-02-26 09:35 - 2010-02-26 09:36 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-06 19:07

==================== End of FRST.txt ============================
phillip245
Regular Member
 
Posts: 18
Joined: April 16th, 2017, 6:17 pm

Re: S.pmddBy.com Highjacker

Unread postby phillip245 » April 24th, 2017, 7:03 pm

mAL: the Addition file is below

Thank You
Phillip

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-04-2017 01
Ran by Phillip (24-04-2017 18:40:50)
Running from C:\Users\Phillip\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-11-25 22:10:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4193585031-2840196977-3773957042-500 - Administrator - Disabled)
Guest (S-1-5-21-4193585031-2840196977-3773957042-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4193585031-2840196977-3773957042-1001 - Limited - Enabled)
Phillip (S-1-5-21-4193585031-2840196977-3773957042-1002 - Administrator - Enabled) => C:\Users\Phillip

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.8 - ASUS)
ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0014 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS WebStorage (HKLM\...\ASUS WebStorage) (Version: 2.0.36.1260 - eCareme Technologies, Inc.)
ATI AVIVO64 Codecs (Version: 10.12.0.00122 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{D0528577-31BF-2ABC-D7FC-E443EBF8B40A}) (Version: 3.0.758.0 - ATI Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0003 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
calibre (HKLM-x32\...\{8162FB74-BE08-4525-9241-DAB991F90147}) (Version: 2.81.0 - Kovid Goyal)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
ccc-core-static (x32 Version: 2010.0122.858.16002 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Cisco VideoGuard Player (HKLM-x32\...\{28c1da00-d362-464b-bdee-90ef5358f8d7}) (Version: 6.8 - Cisco Systems, Inc)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.18.65 - Conexant)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3509a - CyberLink Corp.)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Dropbox (HKLM-x32\...\Dropbox) (Version: 24.4.16 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
dupeGuru (HKLM\...\{C11DACBD-8863-4AA4-94AD-708602F6F7EF}) (Version: 3.9.1 - Hardcoded Software)
ETDWare PS/2-x64 7.0.5.10_WHQL (HKLM\...\Elantech) (Version: 7.0.5.10 - ELAN Microelectronics Corp.)
GB Manager (HKLM-x32\...\{A67539A1-0696-498F-832E-ACEA50886C80}) (Version: 1.20.0000 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.81 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.2.183.13 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
GrabIt 1.7.4 Beta 2 (build 1014) (HKLM-x32\...\GrabIt_is1) (Version: - Ilan Shemes)
GTK2-Runtime (HKLM-x32\...\GTK2-Runtime) (Version: 2.24.10-2012-10-10-ash - Alexander Shaduri)
Hamster Free EbookConverter (HKLM-x32\...\{441AC599-200D-4E04-B274-C6B7B50C281D}_is1) (Version: 1.0.0.13 - HamsterSoft)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.18.284 - SurfRight B.V.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.14.11 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.33.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Live Add-in 1.3 (HKLM-x32\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95120000-0120-0409-0000-0000000FF1CE}) (Version: 12.0.6414.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4193585031-2840196977-3773957042-1002\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Newsbin for NewsDemon (HKLM\...\Newsbin6) (Version: 6.72 - DJI Interprises, LLC)
Pan (HKLM-x32\...\{99B11F20-86C9-4BD3-8A34-DA4EAE276188}) (Version: 2.1.7 - pan.rebelbase.com)
RAR File Open Knife - Free Opener (HKLM-x32\...\RAR File Open Knife - Free Opener) (Version: 7 - Philipp Winterberg)
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - )
Silicon Laboratories CP210x VCP Drivers for Windows 7 (HKLM-x32\...\{4CCD24F6-8665-457B-8467-2E232F1CC0B4}) (Version: 5.40.24 - Silicon Laboratories, Inc.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
USB2.0 UVC VGA WebCam (HKLM\...\USB2.0 UVC VGA WebCam) (Version: 5.8.54000.205 - Sonix)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.0 - ASUS)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4193585031-2840196977-3773957042-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Phillip\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileCoAuthLib64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4193585031-2840196977-3773957042-1002_Classes\CLSID\{F09690BD-582D-4439-B6ED-5C2545D2F424}\InprocServer32 -> C:\Windows\system32\kernel32.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09272D54-B571-430C-AD41-61C62BAD9DF6} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] ()
Task: {2B3862ED-DC96-41D0-9BC7-21FD8C40F857} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e92ab36a59e7 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-25] (Google Inc.)
Task: {3C588659-CB96-428A-9A26-1671A8ECF255} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-12] (Dropbox, Inc.)
Task: {3F2F99A8-B806-4761-8CDD-93259BD63197} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {4E6C1ED0-9CEE-4DA1-8B05-57A87F4E28D2} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-12] (Dropbox, Inc.)
Task: {5F94DC91-F97B-4A22-8DA4-3192AB31D3D8} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-04] ()
Task: {607592B6-301E-4EF2-9211-AEC0148369A6} - System32\Tasks\SafeZone scheduled Autoupdate 1458733531 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {82EF36E8-EE2E-4E54-A8CF-4AB8B57EA287} - System32\Tasks\GoogleUpdateTaskMachineCore1d1e92ab3177dc0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-25] (Google Inc.)
Task: {9C4AB184-EE61-4B8F-99BF-229154BB8089} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {A2BA485D-BE18-483C-A0D6-4B490582E44F} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {A98A7772-E0DA-4CCB-96AA-9C2C10A5FD5C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-04] (AVAST Software)
Task: {C8F84BE2-F5CB-47D1-9060-E378900630AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-25] (Google Inc.)
Task: {E0FFA851-29E9-4AC6-AE58-B3D96D5394BB} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {F2A3EEC6-ECD7-4614-93F2-0085DF64D3B2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-25] (Google Inc.)
Task: {FF4D0B6E-EDB9-4B2E-9E66-6BD9B6DA9534} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-16] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl

==================== Loaded Modules (Whitelisted) ==============

2009-11-27 01:29 - 2009-11-27 01:29 - 00148752 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-02-26 09:49 - 2010-02-26 09:49 - 00029968 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3617.20553__0d0f4b69e50e559b\SqliteShared.dll
2010-02-26 09:49 - 2010-02-26 09:49 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2017-04-04 08:22 - 2017-04-04 08:22 - 00162024 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-04-04 08:22 - 2017-04-04 08:22 - 00790544 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-04-04 08:22 - 2017-04-04 08:22 - 00275776 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2017-04-19 14:31 - 2017-04-19 01:03 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\libglesv2.dll
2017-04-19 14:31 - 2017-04-19 01:03 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\libegl.dll
2017-04-04 08:22 - 2017-04-04 08:22 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-04-04 08:22 - 2017-04-04 08:22 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-04-04 08:22 - 2017-04-04 08:22 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-04-04 08:22 - 2017-04-04 08:22 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-04-24 17:55 - 2017-04-24 17:55 - 06021752 _____ () C:\Program Files\AVAST Software\Avast\defs\17042402\algo.dll
2016-06-30 06:57 - 2016-06-30 06:57 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-04-04 08:22 - 2017-04-04 08:22 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-04-20 18:12 - 2017-04-17 11:09 - 00870720 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-04-07 18:59 - 2017-03-28 19:54 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-04-07 18:59 - 2017-03-28 19:54 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-04-07 18:59 - 2017-03-28 19:54 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-04-07 18:59 - 2017-04-17 11:13 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-04-20 18:12 - 2017-04-17 11:13 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-04-07 18:59 - 2017-03-28 19:54 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-04-07 18:59 - 2017-03-28 19:54 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-04-20 18:12 - 2017-04-17 11:13 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-04-20 18:12 - 2017-04-17 11:13 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-04-20 18:12 - 2017-03-28 19:54 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-04-20 18:12 - 2017-03-28 19:54 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-04-20 18:12 - 2017-03-28 19:54 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-04-07 18:59 - 2017-03-28 19:56 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-04-07 18:59 - 2017-04-17 11:13 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-04-20 18:12 - 2017-04-17 11:13 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-04-20 18:12 - 2017-04-17 11:13 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-04-07 18:59 - 2017-03-28 19:56 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-04-20 18:12 - 2017-03-28 19:54 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-04-20 18:12 - 2017-03-28 19:56 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-04-07 18:59 - 2017-03-28 19:56 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-04-07 18:59 - 2017-04-17 11:13 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-04-07 18:59 - 2017-03-28 19:56 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-04-07 18:59 - 2017-04-17 11:14 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-04-07 18:59 - 2017-03-28 19:56 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-04-07 18:59 - 2017-03-28 19:56 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-04-07 18:59 - 2017-03-28 19:56 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-04-07 18:59 - 2017-03-28 19:56 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-04-07 18:59 - 2017-03-28 19:56 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-04-07 18:59 - 2017-03-28 19:56 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-04-07 18:59 - 2017-03-28 19:56 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-04-20 18:12 - 2017-04-17 11:13 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-04-20 18:12 - 2017-04-17 11:13 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-04-07 18:59 - 2017-03-28 19:55 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-04-20 18:12 - 2017-04-17 11:13 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-04-07 18:59 - 2017-04-17 11:14 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-04-07 18:59 - 2017-03-28 19:56 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-04-20 18:12 - 2017-04-17 11:13 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-04-07 18:59 - 2017-03-28 19:54 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-04-20 18:12 - 2017-04-17 11:13 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-04-20 18:12 - 2017-04-17 11:13 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-04-20 18:12 - 2017-04-17 11:13 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-04-20 18:12 - 2017-04-17 11:13 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-04-20 18:12 - 2017-04-17 11:13 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-04-20 18:12 - 2017-04-17 11:13 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-04-20 18:12 - 2017-04-17 11:13 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-04-20 18:12 - 2017-04-17 11:13 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-04-07 18:59 - 2017-03-28 19:56 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-04-07 18:59 - 2017-04-17 11:14 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-04-07 18:59 - 2017-04-17 11:14 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-04-07 18:59 - 2017-04-17 11:13 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-04-07 18:59 - 2017-04-17 11:14 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-04-07 18:59 - 2017-04-17 11:14 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-04-07 18:59 - 2017-03-28 19:56 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-04-07 18:59 - 2017-04-17 11:14 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-04-20 18:12 - 2017-04-17 11:13 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-04-20 18:12 - 2017-03-28 19:52 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-04-20 18:12 - 2017-04-17 11:13 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-04-07 18:59 - 2017-04-17 11:13 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-04-20 18:12 - 2017-03-28 20:00 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-04-20 18:12 - 2017-03-28 20:00 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-04-20 18:12 - 2017-04-17 11:13 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-04-07 18:59 - 2017-04-17 11:14 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-04-20 18:12 - 2017-04-17 11:13 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2017-04-23 08:30 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4193585031-2840196977-3773957042-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.114.81.1 - 75.114.81.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk => C:\Windows\pss\SRS Premium Sound.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: EeeStorageBackup => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe MySyncFolder
MSCONFIG\startupreg: ETDWare => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: OneDrive => "C:\Users\Phillip\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
MSCONFIG\startupreg: ProductUpdater => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
MSCONFIG\startupreg: Setwallpaper => c:\programdata\SetWallpaper.cmd
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: VideoGuardMonitor => "C:\Users\Phillip\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{56DF5966-7ACC-4645-9981-5A87390AD45C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{42661680-E3C0-4708-BA2B-D4EF5EB19E9A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F05F66FE-4F44-483A-9191-D0F886B96C50}] => (Allow) svchost.exe
FirewallRules: [{D1DADC6F-60AE-4138-997C-AA4B4962F926}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{F3F998E9-1A31-4851-815A-7908AA11B8DA}] => (Allow) C:\Program Files\Newsbin\newsbinpro64.exe
FirewallRules: [{DC299F70-D651-4634-80EF-7C6EEFCA2AE4}] => (Allow) C:\Program Files\Newsbin\newsbinpro64.exe
FirewallRules: [{298DB852-C9EB-4843-B7A3-98309AB8BF17}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe
FirewallRules: [{C6943E5E-42CA-4A96-AF05-1CD6B7CAF3DF}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{761FE2FE-A851-4339-BFDB-AB92530A68CA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{78F567A9-D3D0-4FD3-A9E8-C5D5C3F0FD6F}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

17-04-2017 10:49:29 Checkpoint by HitmanPro
17-04-2017 10:51:03 Checkpoint by HitmanPro
23-04-2017 08:30:16 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/24/2017 11:43:58 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/24/2017 11:43:58 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/24/2017 08:20:33 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SRCHBXEX.DLL".Error in manifest or policy file "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SRCHBXEX.DLL" on line 2.
Invalid Xml syntax.

Error: (04/23/2017 01:01:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18639 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1650

Start Time: 01d2bc5325e0a8bb

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (04/23/2017 01:00:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18639 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13b0

Start Time: 01d2bc53067cfdbc

Termination Time: 60

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (04/23/2017 12:59:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18639 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b24

Start Time: 01d2bc2ea5112119

Termination Time: 50

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (04/23/2017 08:30:16 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {6e45c5d7-e894-4572-915e-de6de1a184c6}

Error: (04/23/2017 08:21:30 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SRCHBXEX.DLL".Error in manifest or policy file "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SRCHBXEX.DLL" on line 2.
Invalid Xml syntax.

Error: (04/22/2017 10:12:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18639 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 6b4

Start Time: 01d2bbc198215e7d

Termination Time: 140

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (04/22/2017 09:54:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18639, time stamp: 0x58d6bb0d
Faulting module name: MSHTML.dll, version: 11.0.9600.18639, time stamp: 0x58d6c720
Exception code: 0xc0000005
Fault offset: 0x0035a4d2
Faulting process id: 0x1b6c
Faulting application start time: 0x01d2bbd1e849dc0a
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\Windows\system32\MSHTML.dll
Report Id: bf2a3677-27c7-11e7-8ae0-485b3908ab67


System errors:
=============
Error: (04/24/2017 05:52:03 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000041790, 0xfffffa80012eb290, 0x00000000000003ff, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042417-25521-01.

Error: (04/24/2017 12:46:59 PM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.

Error: (04/24/2017 12:46:59 PM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.

Error: (04/24/2017 08:20:37 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (04/23/2017 09:03:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (04/23/2017 09:03:15 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Phillip\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (04/23/2017 09:03:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (04/23/2017 09:03:15 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Phillip\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (04/23/2017 09:03:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (04/23/2017 09:03:14 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Phillip\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


CodeIntegrity:
===================================
Date: 2017-04-17 12:26:51.726
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-17 12:26:51.492
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-30 09:50:09.367
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 09:50:09.133
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-29 12:02:10.585
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-29 12:02:10.414
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-29 09:45:55.974
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-29 09:45:55.755
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-25 09:34:14.944
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-25 09:34:14.726
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 65%
Total physical RAM: 3948.54 MB
Available physical RAM: 1378.59 MB
Total Virtual: 7895.27 MB
Available Virtual: 5252.68 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:35.7 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:334.67 GB) (Free:334.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 76692CA8)
Partition 1: (Not Active) - (Size=14.6 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=334.7 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================
phillip245
Regular Member
 
Posts: 18
Joined: April 16th, 2017, 6:17 pm

Re: S.pmddBy.com Highjacker

Unread postby mAL_rEm018 » April 25th, 2017, 1:54 am

Hi Phillip,

phillip245 wrote:3) I do have the odd time freezing in IE11

I have to go to work now and I will look over your logs when I come back. In the meantime, could you follow the steps in the following article: Basic Troubleshooting Tips for Internet Explorer. Do you see an improvement with IE?
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2333
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: S.pmddBy.com Highjacker

Unread postby mAL_rEm018 » April 27th, 2017, 5:21 am

Hi Phillip,

Do you still need help? It's been more than 48 hours since my last post. If you need more time please let me know, otherwise this topic will be closed due to lack of response in 24 hours.

Thank you for your understanding,

mAL
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2333
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: S.pmddBy.com Highjacker

Unread postby phillip245 » April 27th, 2017, 9:29 am

mAL I was away for a day but I did go through the IE suggestions did some of them. Chrome is woking a 100% better. If you feel that you are happy, I am happy with all you have done.
I wonder if i should remove any of the logs or you will instruct me on the removal.

Thank You
Phillip
phillip245
Regular Member
 
Posts: 18
Joined: April 16th, 2017, 6:17 pm

Re: S.pmddBy.com Highjacker

Unread postby mAL_rEm018 » April 28th, 2017, 12:11 am

Hi Phillip,

phillip245 wrote:If you feel that you are happy, I am happy with all you have done.
I wonder if i should remove any of the logs or you will instruct me on the removal.

Yes I will instruct you to remove the tools and logs in my "all clean". We still have a little more work, so please stick with this topic.

Please answer the following question..
  • Are you still experiencing issues with IE?

Please run the following fix..

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.
Code: Select all
BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner64.dll => No File
C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll

EmptyTemp:
CreateRestorePoint:

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log


-----------------------------------------
In your next reply, I would like to see..
  • Did you encounter any problem while following the instructions?
  • Answer to my question
  • fixlog.txt
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2333
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: S.pmddBy.com Highjacker

Unread postby phillip245 » April 28th, 2017, 8:20 am

mAL thanks, I did not have any trouble with your instructions.
2) IE is running ok
3) Log is as follows

Thanks
phillip

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-04-2017
Ran by Phillip (28-04-2017 08:06:06) Run:2
Running from C:\Users\Phillip\Desktop
Loaded Profiles: Phillip (Available Profiles: Phillip)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Code: Select all
BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner64.dll => No File
C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll

EmptyTemp:
CreateRestorePoint:
*****************

Code: Select all => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} => key removed successfully
HKCR\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} => key not found.
C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll => moved successfully
Restore point was successfully created.

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4271792 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 7904 B
Edge => 0 B
Chrome => 414103689 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Phillip => 21369379 B

RecycleBin => 12367 B
EmptyTemp: => 431.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:07:07 ====
phillip245
Regular Member
 
Posts: 18
Joined: April 16th, 2017, 6:17 pm

Re: S.pmddBy.com Highjacker

Unread postby mAL_rEm018 » April 28th, 2017, 7:31 pm

Hi Phillip,

I have good news..there are no more signs of malware on your computer. :) Please follow the steps below and then you'll be all set to go.

Removing a program in Windows 7
  • Click the Star Menu and select Control Panel.
  • Click Programs, then Programs and Features.
  • Select the following programs:
    • Adobe Reader 9.1 MUI
  • Select Uninstall.
  • When prompted select Yes.
  • Answer any questions attentively.
  • When the process is finished, please restart your computer.
Note: you can only remove one program at a time.

To re-install Adobe Reader, please do the following..
  • Click on the following link: Adobe Reader DC.
    Make sure to uncheck all bundled software offers.
  • Select Install Now and save the executable file to your desktop.
  • Right-Click readerdc_en_xa_crd_install.exe and click Run as administrator.
  • Select Next.
  • When the install process is over, select Close.


Let's remove the tools we have been using so far..

To remove Combofix..
  • Open the Start menu.
  • In the search box copy/paste or type the following:
    Code: Select all
    combofix /uninstall
    
  • Press Enter.

Next..
  • Please download Delfix to your desktop.
  • Right-click on delfix_1.013.exe and select Run as administrator.
  • Check the following boxes:
    • Remove disinfection tools
    • Purge system restore
  • You can now safely remove any tools and/or logs that may remain on your computer.

2017-04-17 12:04 - 2017-04-17 12:04 - 05659609 ____R (Swearware) C:\Users\Phillip\Downloads\ComboFix.exe

A word of caution: Combofix is a very powerful tool that could cause substantial damage to your computer if used incorrectly. Please do not use it in the future, unless you are being asked by a trained helper.

You should also read and get acquainted with the following topic: COMPUTER SECURITY - a short guide to staying safer online , which goes into depth on how to keep your computer secure. I bookmarked it for easy reference and so should you.

I would really appreciate it if you could reply to this post to let me know that you've seen it, so that I can request for this topic to be closed.
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2333
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 78 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware