Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

S.pmddBy.com Highjacker

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

S.pmddBy.com Highjacker

Unread postby phillip245 » April 16th, 2017, 7:07 pm

HI: My home page will only half load I am being directed to antivirus sites, microsoft fake sites norton sites .I did not go to any. My home page says it is waiting for "s.pmddby.com" never seen this before. Any help with this would be appreciated. I had to delete some of the 2nd scan it was to big it said it was to big I can send it on your reply when needed .

Thank you
Phillip






==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2017-04-16 10:19 - 00000888 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 v1.ff.avast.com
127.0.0.1 vlcproxy.ff.avast.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4193585031-2840196977-3773957042-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.114.81.1 - 75.114.81.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk => C:\Windows\pss\SRS Premium Sound.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: EeeStorageBackup => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe MySyncFolder
MSCONFIG\startupreg: ETDWare => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: OneDrive => "C:\Users\Phillip\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
MSCONFIG\startupreg: Setwallpaper => c:\programdata\SetWallpaper.cmd
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: VideoGuardMonitor => "C:\Users\Phillip\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{56DF5966-7ACC-4645-9981-5A87390AD45C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{42661680-E3C0-4708-BA2B-D4EF5EB19E9A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F05F66FE-4F44-483A-9191-D0F886B96C50}] => (Allow) svchost.exe
FirewallRules: [{D1DADC6F-60AE-4138-997C-AA4B4962F926}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{F3F998E9-1A31-4851-815A-7908AA11B8DA}] => (Allow) C:\Program Files\Newsbin\newsbinpro64.exe
FirewallRules: [{DC299F70-D651-4634-80EF-7C6EEFCA2AE4}] => (Allow) C:\Program Files\Newsbin\newsbinpro64.exe
FirewallRules: [{298DB852-C9EB-4843-B7A3-98309AB8BF17}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe
FirewallRules: [{C6943E5E-42CA-4A96-AF05-1CD6B7CAF3DF}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{B165B4D9-D674-4B4E-ADD9-D8FA5EDBBA12}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{51BAAF75-E2E0-4450-9396-7DCD187536EB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2017 12:28:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x580a668e
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23714, time stamp: 0x58bf87bb
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0x81c
Faulting application start time: 0x01d2b6ce4c88245b
Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: a81b9adf-22c1-11e7-b1b9-485b3908ab67

Error: (04/16/2017 12:27:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at FreemakeUtilsService.Statistics.Manager.ApplyNewTargetsConfigs()
at FreemakeUtilsService.Statistics.Manager.TargetsConfigSyncCompleted(System.Object, System.EventArgs)
at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (04/16/2017 10:29:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x580a668e
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23714, time stamp: 0x58bf87bb
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0xb6c
Faulting application start time: 0x01d2b6bdd2c06947
Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 1d4dc602-22b1-11e7-9f70-485b3908ab67

Error: (04/16/2017 10:29:27 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at FreemakeUtilsService.Statistics.Manager.ApplyNewTargetsConfigs()
at FreemakeUtilsService.Statistics.Manager.TargetsConfigSyncCompleted(System.Object, System.EventArgs)
at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (04/16/2017 10:22:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x580a668e
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23714, time stamp: 0x58bf87bb
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0xb74
Faulting application start time: 0x01d2b6bcca09906d
Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 16ba69a7-22b0-11e7-b8ce-485b3908ab67

Error: (04/16/2017 10:22:02 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at FreemakeUtilsService.Statistics.Manager.ApplyNewTargetsConfigs()
at FreemakeUtilsService.Statistics.Manager.TargetsConfigSyncCompleted(System.Object, System.EventArgs)
at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (04/16/2017 10:02:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 57.0.2987.133, time stamp: 0x58db385a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x1e18
Faulting application start time: 0x01d2b6ba0a2d38f8
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: unknown
Report Id: 48c7cd73-22ad-11e7-bffd-485b3908ab67

Error: (04/16/2017 10:00:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 57.0.2987.133, time stamp: 0x58db385a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000002
Faulting process id: 0x1a08
Faulting application start time: 0x01d2b6b9bdc763c9
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: unknown
Report Id: fd25104a-22ac-11e7-bffd-485b3908ab67

Error: (04/16/2017 09:56:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 57.0.2987.133, time stamp: 0x58db385a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x14c8
Faulting application start time: 0x01d2b6b934649158
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: unknown
Report Id: 724870e3-22ac-11e7-bffd-485b3908ab67

Error: (04/16/2017 09:54:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 57.0.2987.133, time stamp: 0x58db385a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x1068
Faulting application start time: 0x01d2b6b90061ad97
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: unknown
Report Id: 3e95e6e7-22ac-11e7-bffd-485b3908ab67


System errors:
=============
Error: (04/16/2017 12:28:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Freemake Improver service terminated unexpectedly. It has done this 1 time(s).

Error: (04/16/2017 10:29:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Freemake Improver service terminated unexpectedly. It has done this 1 time(s).

Error: (04/16/2017 10:27:58 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {3EB3C877-1F16-487C-9050-104DBCD66683} did not register with DCOM within the required timeout.

Error: (04/16/2017 10:26:15 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/16/2017 10:25:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/16/2017 10:25:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/16/2017 10:25:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/16/2017 10:25:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/16/2017 10:25:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/16/2017 10:25:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.


CodeIntegrity:
===================================
Date: 2016-08-30 09:50:09.367
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 09:50:09.133
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-29 12:02:10.585
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-29 12:02:10.414
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-29 09:45:55.974
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-29 09:45:55.755
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-25 09:34:14.944
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-25 09:34:14.726
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-20 17:27:37.992
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-20 17:27:37.774
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 66%
Total physical RAM: 3948.54 MB
Available physical RAM: 1331.24 MB
Total Virtual: 7895.27 MB
Available Virtual: 4733.01 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:38.38 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:334.67 GB) (Free:334.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 76692CA8)
Partition 1: (Not Active) - (Size=14.6 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=334.7 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-04-2017
Ran by Phillip (administrator) on PHILLIP-PC (16-04-2017 18:40:32)
Running from C:\Users\Phillip\Desktop
Loaded Profiles: Phillip (Available Profiles: Phillip)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-04] (AVAST Software)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ADSMTray] => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe [272952 2009-06-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28330072 2017-04-13] (Dropbox, Inc.)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [75776 2016-10-21] ()
HKU\S-1-5-21-4193585031-2840196977-3773957042-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> none
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-04] (AVAST Software)
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll [2007-06-15] ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll [2007-06-01] ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll [2007-06-15] ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-01] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{5ECC4103-727E-46DE-B93F-803ECD7B1A49}: [DhcpNameServer] 75.114.81.1 75.114.81.2

Internet Explorer:
==================
HKU\S-1-5-21-4193585031-2840196977-3773957042-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?cobrand=asus.msn.co ... HP&pc=ASU2
HKU\S-1-5-21-4193585031-2840196977-3773957042-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-4193585031-2840196977-3773957042-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08] (Microsoft Corporation)
BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner64.dll [2010-02-26] (Google Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-04] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04] (Microsoft Corp.)
BHO-x32: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner.dll [2010-02-26] (Google Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-04] (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-08] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-08] (Microsoft Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-4193585031-2840196977-3773957042-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-30]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://msn.ca/
CHR StartupUrls: Default -> "hxxp://www.msn.com/en-ca?checklang=1&AR=3"
CHR Profile: C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default [2017-04-16]
CHR Extension: (http://www.theweathernetwork.com/weather/usfl) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\aidnpjefmpijoekpkaghfgemkkegeepc [2015-11-25]
CHR Extension: (Google Docs) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-25]
CHR Extension: (Google Drive) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-11-25]
CHR Extension: (YouTube) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-25]
CHR Extension: (Adblock Plus) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-21]
CHR Extension: (Google Search) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-25]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2015-11-25]
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2015-12-10]
CHR Extension: (Protect My Choices) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgloanjhdcenjgiafkpbehddcnonlic [2017-03-15]
CHR Extension: (Google Hangouts) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-02-11]
CHR Extension: (Office Online) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2016-11-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-25]
CHR Extension: (Chrome Media Router) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-31]
CHR Profile: C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-01-22]
CHR Profile: C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-22]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-04] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-12] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-12] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-04-13] (Dropbox, Inc.)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [107520 2016-10-21] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2016-10-21] (Ellora Assets Corp.) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-04] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-04] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [127112 2017-04-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-04] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-04] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-04] (AVAST Software)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-19] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 tmlwf; no ImagePath
U3 tmwfp; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-16 18:40 - 2017-04-16 18:41 - 00022793 _____ C:\Users\Phillip\Desktop\FRST.txt
2017-04-16 18:40 - 2017-04-16 18:40 - 00000000 ____D C:\FRST
2017-04-16 18:39 - 2017-04-16 18:39 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-04-16 18:37 - 2017-04-16 18:37 - 02424320 _____ (Farbar) C:\Users\Phillip\Desktop\FRST64.exe
2017-04-16 10:24 - 2017-04-16 10:27 - 00260516 _____ C:\Windows\ntbtlog.txt
2017-04-16 09:59 - 2017-04-16 09:59 - 00002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-16 09:58 - 2017-04-16 09:58 - 01129376 _____ (Google Inc.) C:\Users\Phillip\Downloads\ChromeSetup.exe
2017-04-16 09:46 - 2017-04-16 09:46 - 00000000 ___HD C:\$AV_ASW
2017-04-16 09:46 - 2017-04-16 09:46 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\Browsers
2017-04-15 20:48 - 2017-04-15 20:49 - 00000000 ____D C:\Users\Phillip\Documents\Kindle
2017-04-15 20:47 - 2013-12-15 10:34 - 41929941 _____ C:\Users\Phillip\Documents\STALINGRAD - Victory On The Volga (Images of War) By Nik Cornish ABEE.pdf
2017-04-15 20:35 - 2017-01-29 20:55 - 41441494 ____R C:\Users\Phillip\Documents\Consumer_Reports_New_Car_Buying_Guide_Spring_2017.pdf
2017-04-15 16:50 - 2017-04-15 16:50 - 00000000 ____D C:\Users\Phillip\Downloads\winds of war
2017-04-15 16:48 - 2017-04-15 16:48 - 00000906 _____ C:\Users\Phillip\Desktop\Downloads.lnk
2017-04-15 16:39 - 2017-04-15 17:13 - 00000000 ____D C:\Users\Phillip\.cr3
2017-04-15 16:38 - 2017-04-15 16:39 - 00000000 ____D C:\Users\Phillip\cr3
2017-04-15 16:38 - 2017-04-15 16:38 - 07955398 _____ C:\Users\Phillip\Documents\cr3-win32-qt-opengl-3.3.61.zip
2017-04-15 10:38 - 2017-04-15 10:38 - 02041884 _____ C:\Users\Phillip\Downloads\Shadow Commander_ The Epic Stor - Mike Guardia.epub
2017-04-14 18:55 - 2017-04-14 18:55 - 01581245 _____ C:\Users\Phillip\Documents\duplicates.dupeguru
2017-04-14 16:54 - 2017-04-14 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-04-14 10:09 - 2017-04-14 10:29 - 00000000 ____D C:\Users\Phillip\Documents\Phillips library
2017-04-14 09:39 - 2017-04-14 09:39 - 00001098 _____ C:\Users\Public\Desktop\dupeGuru.lnk
2017-04-14 09:39 - 2017-04-14 09:39 - 00000000 ____D C:\Users\Phillip\AppData\Local\Hardcoded Software
2017-04-14 09:39 - 2017-04-14 09:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dupeGuru
2017-04-14 09:39 - 2017-04-14 09:39 - 00000000 ____D C:\Program Files\Hardcoded Software
2017-04-14 09:35 - 2017-04-14 09:36 - 17460736 _____ C:\Users\Phillip\Downloads\dupeguru_win64_3.9.1.msi
2017-04-14 08:24 - 2017-04-14 08:24 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\IsolatedStorage
2017-04-14 08:24 - 2017-04-14 08:24 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\DigitalVolcano
2017-04-14 08:24 - 2017-04-14 08:24 - 00000000 ____D C:\ProgramData\IsolatedStorage
2017-04-14 08:15 - 2017-04-14 08:15 - 13391688 _____ (DigitalVolcano Software Ltd) C:\Users\Phillip\Downloads\DuplicateCleanerPro4_setup.exe
2017-04-13 21:57 - 2017-04-13 21:57 - 00001018 _____ C:\Users\Public\Desktop\WinMerge.lnk
2017-04-13 21:57 - 2017-04-13 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge
2017-04-13 21:56 - 2017-04-13 21:57 - 00000000 ____D C:\Program Files (x86)\WinMerge
2017-04-13 21:52 - 2017-04-13 21:52 - 06433055 _____ (hxxp://winmerge.org ) C:\Users\Phillip\Downloads\WinMerge-2.14.0-Setup.exe
2017-04-13 21:41 - 2017-04-13 21:41 - 00000000 ____D C:\Users\Phillip\Downloads\duplicate_files_deleter
2017-04-13 21:04 - 2017-04-13 21:04 - 00000000 ____D C:\Program Files\WinPcap
2017-04-13 21:03 - 2017-04-13 21:07 - 00000000 ____D C:\Users\Phillip\Documents\Freemake
2017-04-13 21:03 - 2017-04-13 21:04 - 00000000 ____D C:\ProgramData\Freemake
2017-04-13 21:03 - 2017-04-13 21:03 - 00001338 _____ C:\Users\Public\Desktop\Freemake Video Downloader.lnk
2017-04-13 21:03 - 2017-04-13 21:03 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2017-04-13 21:03 - 2017-04-13 21:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2017-04-13 21:03 - 2017-04-13 21:03 - 00000000 ____D C:\Program Files (x86)\Freemake
2017-04-13 21:00 - 2017-04-13 21:01 - 18796032 _____ ( ) C:\Users\Phillip\Downloads\FreemakeVideoDownloaderFull.exe
2017-04-13 19:22 - 2017-04-13 19:22 - 00046408 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-04-13 10:20 - 2017-04-13 10:20 - 63918174 _____ C:\Users\Phillip\Downloads\Blossoms in the Wind The Human Legacy of the Kamikaze.pdf
2017-04-12 11:40 - 2017-03-27 14:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-04-12 11:40 - 2017-03-27 13:28 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-04-12 11:40 - 2017-03-25 15:39 - 20284416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-04-12 11:40 - 2017-03-25 15:07 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-04-12 11:40 - 2017-03-25 15:06 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-04-12 11:40 - 2017-03-25 14:55 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-04-12 11:40 - 2017-03-25 14:52 - 02289152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-04-12 11:40 - 2017-03-25 14:51 - 01313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-04-12 11:40 - 2017-03-25 14:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-04-12 11:40 - 2017-03-25 14:46 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-04-12 11:40 - 2017-03-25 14:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-04-12 11:40 - 2017-03-25 14:10 - 02898432 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-04-12 11:40 - 2017-03-25 13:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-04-12 11:40 - 2017-03-25 13:52 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-04-12 11:40 - 2017-03-25 13:41 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-04-12 11:40 - 2017-03-25 13:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-04-12 11:40 - 2017-03-25 12:59 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-04-12 11:40 - 2017-03-25 12:57 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-04-12 11:40 - 2017-03-25 12:28 - 15259136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-04-12 11:40 - 2017-03-25 12:27 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-04-12 11:40 - 2017-03-25 12:24 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-04-12 11:40 - 2017-03-25 12:10 - 01546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-04-12 11:40 - 2017-03-24 18:50 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-04-12 11:40 - 2017-03-24 18:42 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-04-12 11:40 - 2017-03-22 11:32 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-04-12 11:40 - 2017-03-22 11:17 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-12 11:40 - 2017-03-22 11:15 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-12 11:40 - 2017-03-22 11:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-04-12 11:40 - 2017-03-14 11:34 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-04-12 11:40 - 2017-03-14 11:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-04-12 11:40 - 2017-03-10 12:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-12 11:40 - 2017-03-10 12:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-12 11:40 - 2017-03-10 12:00 - 03219968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-04-12 11:40 - 2017-03-08 16:20 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-04-12 11:40 - 2017-03-08 16:10 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-04-12 11:40 - 2017-03-08 00:37 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-04-12 11:40 - 2017-03-08 00:36 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-04-12 11:40 - 2017-03-08 00:36 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-04-12 11:40 - 2017-03-08 00:36 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-04-12 11:40 - 2017-03-08 00:36 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-04-12 11:40 - 2017-03-08 00:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-04-12 11:40 - 2017-03-08 00:33 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-04-12 11:40 - 2017-03-08 00:26 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-04-12 11:40 - 2017-03-08 00:26 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-04-12 11:40 - 2017-03-08 00:24 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-04-12 11:40 - 2017-03-08 00:22 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-04-12 11:40 - 2017-03-07 12:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-12 11:40 - 2017-03-07 12:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-12 11:40 - 2017-03-07 10:05 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-04-12 11:40 - 2017-03-03 21:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-12 11:40 - 2017-03-03 21:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-12 11:40 - 2017-03-03 21:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-12 11:40 - 2017-03-03 21:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-04-12 11:40 - 2017-02-14 12:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-04-12 11:40 - 2017-02-14 12:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-04-12 11:40 - 2017-02-09 12:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-04-12 11:40 - 2017-02-09 12:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-04-12 11:40 - 2017-02-09 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-12 11:39 - 2017-03-25 14:48 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-04-12 11:39 - 2017-03-25 14:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-04-12 11:39 - 2017-03-25 14:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-04-12 11:39 - 2017-03-25 14:46 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-04-12 11:39 - 2017-03-25 14:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-04-12 11:39 - 2017-03-25 14:46 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-04-12 11:39 - 2017-03-25 14:46 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-04-12 11:39 - 2017-03-25 14:46 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-04-12 11:39 - 2017-03-25 14:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-04-12 11:39 - 2017-03-25 14:45 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-04-12 11:39 - 2017-03-25 14:45 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-04-12 11:39 - 2017-03-25 14:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-04-12 11:39 - 2017-03-25 14:45 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-04-12 11:39 - 2017-03-25 14:45 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-04-12 11:39 - 2017-03-25 14:45 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-04-12 11:39 - 2017-03-25 14:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-04-12 11:39 - 2017-03-25 14:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-04-12 11:39 - 2017-03-25 14:44 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-04-12 11:39 - 2017-03-25 14:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-04-12 11:39 - 2017-03-25 14:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-04-12 11:39 - 2017-03-25 14:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-04-12 11:39 - 2017-03-25 14:14 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-04-12 11:39 - 2017-03-25 14:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-04-12 11:39 - 2017-03-25 14:13 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-04-12 11:39 - 2017-03-25 14:13 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-04-12 11:39 - 2017-03-25 14:04 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-04-12 11:39 - 2017-03-25 14:02 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-04-12 11:39 - 2017-03-25 13:57 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-04-12 11:39 - 2017-03-25 13:56 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-04-12 11:39 - 2017-03-25 13:56 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-04-12 11:39 - 2017-03-25 13:56 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-04-12 11:39 - 2017-03-25 13:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-12 11:39 - 2017-03-25 13:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-04-12 11:39 - 2017-03-25 13:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-12 11:39 - 2017-03-25 13:29 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-04-12 11:39 - 2017-03-25 13:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-04-12 11:39 - 2017-03-25 13:23 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-04-12 11:39 - 2017-03-25 13:20 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-04-12 11:39 - 2017-03-25 13:19 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-04-12 11:39 - 2017-03-25 13:17 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-04-12 11:39 - 2017-03-25 13:06 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-04-12 11:39 - 2017-03-25 13:00 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-04-12 11:39 - 2017-03-25 12:57 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-04-12 11:39 - 2017-03-25 12:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-04-12 11:39 - 2017-03-22 11:32 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-04-12 11:39 - 2017-03-22 11:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-04-12 11:39 - 2017-03-22 11:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-04-12 11:39 - 2017-03-22 11:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-04-12 11:39 - 2017-03-22 11:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-04-12 11:39 - 2017-03-22 11:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-04-12 11:39 - 2017-03-22 11:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-04-12 11:39 - 2017-03-22 11:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-04-12 11:39 - 2017-03-22 11:15 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-04-12 11:39 - 2017-03-22 11:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-04-12 11:39 - 2017-03-22 11:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-04-12 11:39 - 2017-03-22 11:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-04-12 11:39 - 2017-03-14 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-04-12 11:39 - 2017-03-10 12:31 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-04-12 11:39 - 2017-03-10 12:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-12 11:39 - 2017-03-10 12:31 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-04-12 11:39 - 2017-03-10 12:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-04-12 11:39 - 2017-03-10 12:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-04-12 11:39 - 2017-03-10 12:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-04-12 11:39 - 2017-03-10 12:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-04-12 11:39 - 2017-03-10 11:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-04-12 11:39 - 2017-03-08 00:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-04-12 11:39 - 2017-03-08 00:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-04-12 11:39 - 2017-03-08 00:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-04-12 11:39 - 2017-03-08 00:00 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-04-12 11:39 - 2017-03-07 23:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-04-12 11:39 - 2017-03-07 23:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-04-12 11:39 - 2017-03-07 23:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-04-12 11:39 - 2017-03-07 23:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-04-12 11:39 - 2017-03-07 23:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-04-12 11:39 - 2017-03-07 23:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-04-12 11:39 - 2017-03-07 23:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-04-12 11:39 - 2017-03-07 23:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-04-12 11:39 - 2017-03-07 23:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-04-12 11:39 - 2017-03-07 23:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-04-12 11:39 - 2017-03-07 23:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-04-12 11:39 - 2017-03-07 23:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-04-12 11:39 - 2017-03-07 23:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-12 11:39 - 2017-03-07 23:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-12 11:39 - 2017-03-07 23:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-12 11:39 - 2017-03-07 23:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-12 11:39 - 2017-02-11 12:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-04-12 11:39 - 2017-02-11 12:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-04-12 11:39 - 2016-03-23 18:40 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-04-12 11:39 - 2016-03-23 18:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-04-08 08:23 - 2017-04-08 08:23 - 00276008 _____ C:\Windows\Minidump\040817-27580-01.dmp
2017-04-04 08:23 - 2017-04-04 08:22 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-04-01 18:53 - 2017-04-01 18:53 - 11061478 _____ C:\Users\Phillip\Downloads\Video.MOV
2017-03-31 08:45 - 2017-04-14 19:33 - 00004431 _____ C:\Users\Phillip\Documents\newsbin.nbi.bak
2017-03-31 08:35 - 2017-03-31 08:35 - 00000000 ____D C:\Users\Phillip\Documents\Temp
2017-03-31 08:35 - 2017-03-31 08:35 - 00000000 ____D C:\Users\Phillip\Documents\Import
2017-03-31 08:35 - 2017-03-31 08:35 - 00000000 ____D C:\Users\Phillip\Documents\Images
2017-03-31 08:35 - 2017-03-31 08:35 - 00000000 ____D C:\Users\Phillip\Documents\Chunks
2017-03-21 23:57 - 2017-03-21 23:57 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-03-21 23:57 - 2017-03-21 23:57 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-03-21 23:57 - 2017-03-21 23:57 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-03-20 00:48 - 2017-03-20 00:48 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2017-03-20 00:48 - 2017-03-20 00:48 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110_clr0400.dll
2017-03-20 00:48 - 2017-03-20 00:48 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2017-03-20 00:48 - 2017-03-20 00:48 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110_clr0400.dll
2017-03-20 00:41 - 2017-03-20 00:41 - 00030400 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2017-03-20 00:41 - 2017-03-20 00:41 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr110_clr0400.dll
2017-03-20 00:41 - 2017-03-20 00:41 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2017-03-20 00:41 - 2017-03-20 00:41 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcp110_clr0400.dll
2017-03-17 19:39 - 2017-03-17 19:39 - 05938019 _____ C:\Users\Phillip\Downloads\trim.57193474-49F3-4963-A74B-0B600958D0BA.MOV

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-16 17:43 - 2016-11-12 08:31 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-04-16 12:35 - 2009-07-14 00:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-16 12:35 - 2009-07-14 00:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-16 12:29 - 2016-11-12 08:34 - 00000000 ___RD C:\Users\Phillip\Dropbox
2017-04-16 12:27 - 2016-11-12 08:31 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-04-16 12:27 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-16 10:20 - 2009-07-29 01:20 - 00000000 ____D C:\Windows\log
2017-04-16 10:19 - 2016-07-25 05:54 - 00000000 ____D C:\Users\Phillip
2017-04-16 10:06 - 2015-12-03 19:47 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-16 09:59 - 2010-02-26 09:41 - 00002273 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-16 09:53 - 2016-02-19 22:12 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-16 09:53 - 2016-02-19 22:12 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-16 09:53 - 2016-02-19 22:12 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-16 09:53 - 2010-02-26 10:03 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-16 09:46 - 2016-12-30 13:28 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-04-15 18:18 - 2009-07-14 01:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-15 18:18 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-04-15 16:57 - 2017-03-03 18:15 - 00000000 ____D C:\Users\Phillip\Downloads\GrabIt Downloads
2017-04-15 16:50 - 2017-03-03 17:15 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\GrabIt
2017-04-15 16:35 - 2015-11-25 21:48 - 00000000 ____D C:\Users\Phillip\Documents\Calibre Library
2017-04-14 19:33 - 2017-02-26 10:07 - 00000000 ____D C:\Users\Phillip\AppData\Local\Newsbin
2017-04-14 19:33 - 2017-02-26 10:06 - 00004431 _____ C:\Users\Phillip\Documents\newsbin.nbi.old
2017-04-14 19:33 - 2017-02-26 10:06 - 00004431 _____ C:\Users\Phillip\Documents\newsbin.nbi
2017-04-14 16:54 - 2016-11-12 08:31 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-04-13 10:18 - 2017-02-20 18:34 - 00000985 _____ C:\Users\Phillip\Desktop\GrabIt.lnk
2017-04-13 10:18 - 2017-02-20 18:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GrabIt
2017-04-13 10:18 - 2017-02-20 18:34 - 00000000 ____D C:\Program Files (x86)\GrabIt
2017-04-13 08:03 - 2017-01-23 08:46 - 00478752 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-13 07:47 - 2015-11-29 16:54 - 00000000 ____D C:\Windows\system32\MRT
2017-04-13 07:43 - 2015-11-29 16:54 - 148601744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-04-13 07:39 - 2015-12-16 22:21 - 00765700 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-04-12 11:26 - 2017-01-05 10:13 - 00000000 ____D C:\Users\Phillip\Documents\RBC US
2017-04-11 17:35 - 2016-07-28 19:49 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d1e92ab36a59e7
2017-04-11 17:35 - 2016-07-28 19:49 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1e92ab3177dc0
2017-04-08 08:23 - 2017-02-08 10:00 - 514002665 _____ C:\Windows\MEMORY.DMP
2017-04-08 08:23 - 2015-12-22 15:31 - 00000000 ____D C:\Windows\Minidump
2017-04-08 08:09 - 2017-03-15 15:18 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-04-04 20:06 - 2016-03-23 07:45 - 00003896 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458733531
2017-04-04 08:22 - 2017-03-15 15:18 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-04-04 08:22 - 2017-03-15 15:18 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-04-04 08:22 - 2017-03-15 15:18 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-04-04 08:22 - 2017-03-15 15:18 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-04-04 08:22 - 2016-03-23 07:45 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 00127112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-03-31 14:11 - 2017-03-03 17:31 - 00000000 ____D C:\Users\Phillip\.pan2
2017-03-31 08:37 - 2017-02-26 10:07 - 00000000 ____D C:\Users\Phillip\Documents\Newsbin
2017-03-29 20:11 - 2015-11-25 20:27 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\calibre
2017-03-24 13:17 - 2016-02-29 09:53 - 00000000 ____D C:\Program Files (x86)\Coupons

==================== Files in the root of some directories =======

2017-02-20 18:40 - 2017-02-20 18:40 - 0000292 _____ () C:\Users\Phillip\AppData\Local\HamsterBookConverter.cfg
2017-03-03 17:53 - 2017-03-03 17:53 - 0000703 _____ () C:\Users\Phillip\AppData\Local\recently-used.xbel
2010-02-26 09:56 - 2009-09-10 13:06 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-02-26 09:36 - 2010-02-26 09:36 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-02-26 09:35 - 2010-02-26 09:36 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some files in TEMP:
====================
2017-04-14 22:21 - 2015-12-21 18:13 - 11323704 _____ (SurfRight B.V.) C:\Users\Phillip\AppData\Local\Temp\HitmanPro.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-06 19:07

==================== End of FRST.txt ============================
phillip245
Regular Member
 
Posts: 18
Joined: April 16th, 2017, 6:17 pm
Advertisement
Register to Remove

Re: S.pmddBy.com Highjacker

Unread postby mAL_rEm018 » April 19th, 2017, 5:46 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.


Hello phillip245,

Welcome to Malware Removal! My name is mAL_rEm018, but feel free to call me mAL. I will be helping you with your malware related problems :)

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.

To make sure everything goes smoothly, I would like you to observe the following rules:
  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread. Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum. Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

Before proceeding any further, please read and get acquainted with the following topic: HOW TO GET HELP IN THIS FORUM - everyone must read this, where the conditions for receiving help here are explained.

Now, let's get to work! :)

The "Addition.txt" log you posted is incomplete. Please re-post it in your next reply.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: S.pmddBy.com Highjacker

Unread postby phillip245 » April 19th, 2017, 8:52 am

mal thanks for the quick reply on my problem. I have tried a few different things that my friends have suggested. the logs I have sent you may be out of date now. I wonder if I should send you new logs. the redirect seems to happens only in chrome. I am using IE to reply to you now. The two files were to big to send together ,if I am asked to send files that are to big can I send them separately to you. I have run hitman Pro, combo fix after this file was done, I hope that your time looking at the first file has not been a waste of your time.

Thank You
Phillip

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-04-2017
Ran by Phillip (16-04-2017 18:42:25)
Running from C:\Users\Phillip\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-11-25 22:10:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4193585031-2840196977-3773957042-500 - Administrator - Disabled)
Guest (S-1-5-21-4193585031-2840196977-3773957042-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4193585031-2840196977-3773957042-1001 - Limited - Enabled)
Phillip (S-1-5-21-4193585031-2840196977-3773957042-1002 - Administrator - Enabled) => C:\Users\Phillip

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.8 - ASUS)
ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0014 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS WebStorage (HKLM\...\ASUS WebStorage) (Version: 2.0.36.1260 - eCareme Technologies, Inc.)
ATI AVIVO64 Codecs (Version: 10.12.0.00122 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{D0528577-31BF-2ABC-D7FC-E443EBF8B40A}) (Version: 3.0.758.0 - ATI Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0003 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
calibre (HKLM-x32\...\{8162FB74-BE08-4525-9241-DAB991F90147}) (Version: 2.81.0 - Kovid Goyal)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
ccc-core-static (x32 Version: 2010.0122.858.16002 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Cisco VideoGuard Player (HKLM-x32\...\{28c1da00-d362-464b-bdee-90ef5358f8d7}) (Version: 6.8 - Cisco Systems, Inc)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.18.65 - Conexant)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.8) (Version: 5.0.1.8 - Coupons.com Incorporated)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3509a - CyberLink Corp.)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Dropbox (HKLM-x32\...\Dropbox) (Version: 23.4.19 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
dupeGuru (HKLM\...\{C11DACBD-8863-4AA4-94AD-708602F6F7EF}) (Version: 3.9.1 - Hardcoded Software)
ETDWare PS/2-x64 7.0.5.10_WHQL (HKLM\...\Elantech) (Version: 7.0.5.10 - ELAN Microelectronics Corp.)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)
GB Manager (HKLM-x32\...\{A67539A1-0696-498F-832E-ACEA50886C80}) (Version: 1.20.0000 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.2.183.13 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
GrabIt 1.7.4 Beta 2 (build 1014) (HKLM-x32\...\GrabIt_is1) (Version: - Ilan Shemes)
GTK2-Runtime (HKLM-x32\...\GTK2-Runtime) (Version: 2.24.10-2012-10-10-ash - Alexander Shaduri)
Hamster Free EbookConverter (HKLM-x32\...\{441AC599-200D-4E04-B274-C6B7B50C281D}_is1) (Version: 1.0.0.13 - HamsterSoft)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.14.11 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.33.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Live Add-in 1.3 (HKLM-x32\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95120000-0120-0409-0000-0000000FF1CE}) (Version: 12.0.6414.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4193585031-2840196977-3773957042-1002\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Newsbin for NewsDemon (HKLM\...\Newsbin6) (Version: 6.72 - DJI Interprises, LLC)
Pan (HKLM-x32\...\{99B11F20-86C9-4BD3-8A34-DA4EAE276188}) (Version: 2.1.7 - pan.rebelbase.com)
RAR File Open Knife - Free Opener (HKLM-x32\...\RAR File Open Knife - Free Opener) (Version: 7 - Philipp Winterberg)
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - )
Silicon Laboratories CP210x VCP Drivers for Windows 7 (HKLM-x32\...\{4CCD24F6-8665-457B-8467-2E232F1CC0B4}) (Version: 5.40.24 - Silicon Laboratories, Inc.)
USB2.0 UVC VGA WebCam (HKLM\...\USB2.0 UVC VGA WebCam) (Version: 5.8.54000.205 - Sonix)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.0 - ASUS)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4193585031-2840196977-3773957042-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Phillip\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileCoAuthLib64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4193585031-2840196977-3773957042-1002_Classes\CLSID\{F09690BD-582D-4439-B6ED-5C2545D2F424}\InprocServer32 -> C:\Windows\system32\kernel32.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02F0A926-339E-4DF3-B9C6-230D076AEE56} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {09272D54-B571-430C-AD41-61C62BAD9DF6} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] ()
Task: {2B3862ED-DC96-41D0-9BC7-21FD8C40F857} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e92ab36a59e7 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-25] (Google Inc.)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {3C588659-CB96-428A-9A26-1671A8ECF255} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-12] (Dropbox, Inc.)
Task: {3F2F99A8-B806-4761-8CDD-93259BD63197} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {4E6C1ED0-9CEE-4DA1-8B05-57A87F4E28D2} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-12] (Dropbox, Inc.)
Task: {5F94DC91-F97B-4A22-8DA4-3192AB31D3D8} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-04] ()
Task: {607592B6-301E-4EF2-9211-AEC0148369A6} - System32\Tasks\SafeZone scheduled Autoupdate 1458733531 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {82EF36E8-EE2E-4E54-A8CF-4AB8B57EA287} - System32\Tasks\GoogleUpdateTaskMachineCore1d1e92ab3177dc0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-25] (Google Inc.)
Task: {9C4AB184-EE61-4B8F-99BF-229154BB8089} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {A2BA485D-BE18-483C-A0D6-4B490582E44F} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {A98A7772-E0DA-4CCB-96AA-9C2C10A5FD5C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-04] (AVAST Software)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {C8F84BE2-F5CB-47D1-9060-E378900630AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-25] (Google Inc.)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {E0FFA851-29E9-4AC6-AE58-B3D96D5394BB} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {E2792AB7-9482-4691-A28C-967800B9696D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4193585031-2840196977-3773957042-1002
Task: {EEE8E8CC-380D-4DFF-A11C-028A72A43E28} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {F2A3EEC6-ECD7-4614-93F2-0085DF64D3B2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-25] (Google Inc.)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FF4D0B6E-EDB9-4B2E-9E66-6BD9B6DA9534} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-16] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl

==================== Loaded Modules (Whitelisted) ==============

2009-11-27 01:29 - 2009-11-27 01:29 - 00148752 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-02-26 09:49 - 2010-02-26 09:49 - 00029968 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3617.20553__0d0f4b69e50e559b\SqliteShared.dll
2010-02-26 09:49 - 2010-02-26 09:49 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2017-04-13 21:03 - 2016-10-21 22:07 - 00075776 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2017-04-04 08:22 - 2017-04-04 08:22 - 00162024 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-04-04 08:22 - 2017-04-04 08:22 - 00790544 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-04-04 08:22 - 2017-04-04 08:22 - 00275776 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2017-03-29 17:16 - 2017-03-29 04:47 - 02885464 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-03-29 17:16 - 2017-03-29 04:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll
2017-04-04 08:22 - 2017-04-04 08:22 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-04-04 08:22 - 2017-04-04 08:22 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-04-16 08:28 - 2017-04-16 08:28 - 05917184 _____ () C:\Program Files\AVAST Software\Avast\defs\17041600\algo.dll
2017-04-04 08:22 - 2017-04-04 08:22 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-04-04 08:22 - 2017-04-04 08:22 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2016-06-30 06:57 - 2016-06-30 06:57 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-04-04 08:22 - 2017-04-04 08:22 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-04-14 16:53 - 2017-04-13 19:30 - 00870720 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-04-07 18:59 - 2017-03-20 14:10 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-04-07 18:59 - 2017-03-20 14:10 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-04-07 18:59 - 2017-03-20 14:10 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-04-07 18:59 - 2017-04-13 19:34 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-04-07 18:59 - 2017-03-20 14:11 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-04-07 18:59 - 2017-03-20 14:10 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-04-14 16:53 - 2017-03-20 14:10 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-04-14 16:53 - 2017-03-20 14:11 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-04-14 16:53 - 2017-03-20 14:10 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-04-07 18:59 - 2017-03-20 14:13 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-04-07 18:59 - 2017-04-13 19:34 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-04-07 18:59 - 2017-03-20 14:13 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-04-14 16:53 - 2017-03-20 14:10 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-04-14 16:53 - 2017-03-20 14:13 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-04-07 18:59 - 2017-03-20 14:13 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-04-07 18:59 - 2017-04-13 19:34 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-04-07 18:59 - 2017-03-20 14:13 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-04-07 18:59 - 2017-04-13 19:34 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-04-07 18:59 - 2017-03-20 14:13 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-04-07 18:59 - 2017-03-20 14:13 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-04-07 18:59 - 2017-03-20 14:13 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-04-07 18:59 - 2017-03-20 14:13 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-04-07 18:59 - 2017-03-20 14:13 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-04-07 18:59 - 2017-03-20 14:13 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-04-07 18:59 - 2017-03-20 14:13 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-04-07 18:59 - 2017-03-20 14:12 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-04-07 18:59 - 2017-04-13 19:34 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-04-07 18:59 - 2017-03-20 14:13 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-04-07 18:59 - 2017-03-20 14:11 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-04-14 16:53 - 2017-04-13 19:34 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-04-07 18:59 - 2017-03-20 14:13 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-04-07 18:59 - 2017-04-13 19:34 - 00053072 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-04-07 18:59 - 2017-04-13 19:34 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-04-07 18:59 - 2017-04-13 19:34 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-04-07 18:59 - 2017-04-13 19:34 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-04-07 18:59 - 2017-04-13 19:34 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-04-07 18:59 - 2017-03-20 14:13 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-04-07 18:59 - 2017-04-13 19:34 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-04-14 16:53 - 2017-03-20 14:08 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-04-14 16:53 - 2017-04-13 19:33 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-04-07 18:59 - 2017-04-13 19:34 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-04-14 16:53 - 2017-03-20 14:17 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-04-14 16:53 - 2017-03-20 14:17 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-04-14 16:53 - 2017-04-13 19:33 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-04-07 18:59 - 2017-04-13 19:34 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2017-04-16 10:19 - 00000888 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 v1.ff.avast.com
127.0.0.1 vlcproxy.ff.avast.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4193585031-2840196977-3773957042-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.114.81.1 - 75.114.81.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk => C:\Windows\pss\SRS Premium Sound.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: EeeStorageBackup => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe MySyncFolder
MSCONFIG\startupreg: ETDWare => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: OneDrive => "C:\Users\Phillip\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
MSCONFIG\startupreg: Setwallpaper => c:\programdata\SetWallpaper.cmd
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: VideoGuardMonitor => "C:\Users\Phillip\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{56DF5966-7ACC-4645-9981-5A87390AD45C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{42661680-E3C0-4708-BA2B-D4EF5EB19E9A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F05F66FE-4F44-483A-9191-D0F886B96C50}] => (Allow) svchost.exe
FirewallRules: [{D1DADC6F-60AE-4138-997C-AA4B4962F926}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{F3F998E9-1A31-4851-815A-7908AA11B8DA}] => (Allow) C:\Program Files\Newsbin\newsbinpro64.exe
FirewallRules: [{DC299F70-D651-4634-80EF-7C6EEFCA2AE4}] => (Allow) C:\Program Files\Newsbin\newsbinpro64.exe
FirewallRules: [{298DB852-C9EB-4843-B7A3-98309AB8BF17}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe
FirewallRules: [{C6943E5E-42CA-4A96-AF05-1CD6B7CAF3DF}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{B165B4D9-D674-4B4E-ADD9-D8FA5EDBBA12}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{51BAAF75-E2E0-4450-9396-7DCD187536EB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2017 12:28:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x580a668e
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23714, time stamp: 0x58bf87bb
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0x81c
Faulting application start time: 0x01d2b6ce4c88245b
Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: a81b9adf-22c1-11e7-b1b9-485b3908ab67

Error: (04/16/2017 12:27:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at FreemakeUtilsService.Statistics.Manager.ApplyNewTargetsConfigs()
at FreemakeUtilsService.Statistics.Manager.TargetsConfigSyncCompleted(System.Object, System.EventArgs)
at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (04/16/2017 10:29:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x580a668e
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23714, time stamp: 0x58bf87bb
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0xb6c
Faulting application start time: 0x01d2b6bdd2c06947
Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 1d4dc602-22b1-11e7-9f70-485b3908ab67

Error: (04/16/2017 10:29:27 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at FreemakeUtilsService.Statistics.Manager.ApplyNewTargetsConfigs()
at FreemakeUtilsService.Statistics.Manager.TargetsConfigSyncCompleted(System.Object, System.EventArgs)
at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (04/16/2017 10:22:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x580a668e
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23714, time stamp: 0x58bf87bb
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0xb74
Faulting application start time: 0x01d2b6bcca09906d
Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 16ba69a7-22b0-11e7-b8ce-485b3908ab67

Error: (04/16/2017 10:22:02 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at FreemakeUtilsService.Statistics.Manager.ApplyNewTargetsConfigs()
at FreemakeUtilsService.Statistics.Manager.TargetsConfigSyncCompleted(System.Object, System.EventArgs)
at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (04/16/2017 10:02:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 57.0.2987.133, time stamp: 0x58db385a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x1e18
Faulting application start time: 0x01d2b6ba0a2d38f8
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: unknown
Report Id: 48c7cd73-22ad-11e7-bffd-485b3908ab67

Error: (04/16/2017 10:00:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 57.0.2987.133, time stamp: 0x58db385a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000002
Faulting process id: 0x1a08
Faulting application start time: 0x01d2b6b9bdc763c9
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: unknown
Report Id: fd25104a-22ac-11e7-bffd-485b3908ab67

Error: (04/16/2017 09:56:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 57.0.2987.133, time stamp: 0x58db385a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x14c8
Faulting application start time: 0x01d2b6b934649158
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: unknown
Report Id: 724870e3-22ac-11e7-bffd-485b3908ab67

Error: (04/16/2017 09:54:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 57.0.2987.133, time stamp: 0x58db385a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x1068
Faulting application start time: 0x01d2b6b90061ad97
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: unknown
Report Id: 3e95e6e7-22ac-11e7-bffd-485b3908ab67


System errors:
=============
Error: (04/16/2017 12:28:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Freemake Improver service terminated unexpectedly. It has done this 1 time(s).

Error: (04/16/2017 10:29:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Freemake Improver service terminated unexpectedly. It has done this 1 time(s).

Error: (04/16/2017 10:27:58 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {3EB3C877-1F16-487C-9050-104DBCD66683} did not register with DCOM within the required timeout.

Error: (04/16/2017 10:26:15 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/16/2017 10:25:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/16/2017 10:25:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/16/2017 10:25:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/16/2017 10:25:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/16/2017 10:25:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/16/2017 10:25:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.


CodeIntegrity:
===================================
Date: 2016-08-30 09:50:09.367
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 09:50:09.133
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-29 12:02:10.585
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-29 12:02:10.414
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-29 09:45:55.974
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-29 09:45:55.755
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-25 09:34:14.944
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-25 09:34:14.726
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-20 17:27:37.992
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-20 17:27:37.774
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 66%
Total physical RAM: 3948.54 MB
Available physical RAM: 1331.24 MB
Total Virtual: 7895.27 MB
Available Virtual: 4733.01 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:38.38 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:334.67 GB) (Free:334.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 76692CA8)
Partition 1: (Not Active) - (Size=14.6 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=334.7 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================
phillip245
Regular Member
 
Posts: 18
Joined: April 16th, 2017, 6:17 pm

Re: S.pmddBy.com Highjacker

Unread postby mAL_rEm018 » April 19th, 2017, 1:22 pm

Hi Phillip,

phillip245 wrote:The two files were to big to send together ,if I am asked to send files that are to big can I send them separately to you

Yes, now that I've replied to your topic you can post each log seperately. If a log doesn't fit in one post, then you will have to seperate it into sections and after make sure that you posted everything.

phillip245 wrote:I have tried a few different things that my friends have suggested. the logs I have sent you may be out of date now.

Thank you for letting me know. I will ask that while we work together you refrain from running tools other than those I specify. I ask this for the safety of your computer.

phillip245 wrote:I wonder if I should send you new logs.

Yes, please post a fresh set of FRST logs and we'll go from there. :)

  • Right-click on FRST64.exe and select Run as administrator.
  • The tool might update. Please allow it to do so.
  • Select Scan.
  • When the scan is over two windows will open, FRST.txt and Addition.txt.
  • Please post the contents of both logs in your next reply.


-----------------------------------------
In your next reply, I would like to see..
  • FRST.txt
  • Addition.txt

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: S.pmddBy.com Highjacker

Unread postby phillip245 » April 19th, 2017, 2:29 pm

mAL thank you for your patience here is the file

Thank you
Phillip

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2017 01
Ran by Phillip (administrator) on PHILLIP-PC (19-04-2017 14:23:27)
Running from C:\Users\Phillip\Desktop
Loaded Profiles: Phillip (Available Profiles: Phillip)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_25_0_0_148_ActiveX.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-04] (AVAST Software)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ADSMTray] => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe [272952 2009-06-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28330072 2017-04-13] (Dropbox, Inc.)
HKU\S-1-5-21-4193585031-2840196977-3773957042-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> none
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-04] (AVAST Software)
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll [2007-06-15] ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll [2007-06-01] ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-04-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll [2007-06-15] ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-01] ()
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{5ECC4103-727E-46DE-B93F-803ECD7B1A49}: [DhcpNameServer] 75.114.81.1 75.114.81.2

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4193585031-2840196977-3773957042-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-4193585031-2840196977-3773957042-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/en-ca?checklang=1
HKU\S-1-5-21-4193585031-2840196977-3773957042-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-4193585031-2840196977-3773957042-1002 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4193585031-2840196977-3773957042-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4193585031-2840196977-3773957042-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08] (Microsoft Corporation)
BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner64.dll [2010-02-26] (Google Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-04] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04] (Microsoft Corp.)
BHO-x32: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner.dll [2010-02-26] (Google Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-04] (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-08] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-08] (Microsoft Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-4193585031-2840196977-3773957042-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-30]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://msn.ca/
CHR StartupUrls: Default -> "hxxp://www.msn.com/en-ca?checklang=1"
CHR Profile: C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default [2017-04-19]
CHR Extension: (http://www.theweathernetwork.com/weather/usfl) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\aidnpjefmpijoekpkaghfgemkkegeepc [2015-11-25]
CHR Extension: (Google Docs) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-25]
CHR Extension: (Google Drive) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-11-25]
CHR Extension: (YouTube) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-25]
CHR Extension: (Adblock Plus) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-21]
CHR Extension: (Google Search) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-25]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2015-11-25]
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2015-12-10]
CHR Extension: (Protect My Choices) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgloanjhdcenjgiafkpbehddcnonlic [2017-03-15]
CHR Extension: (Google Hangouts) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-02-11]
CHR Extension: (Office Online) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2016-11-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-25]
CHR Extension: (Chrome Media Router) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-31]
CHR Profile: C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-01-22]
CHR Profile: C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-22]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-04] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-12] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-12] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-04-13] (Dropbox, Inc.)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [107520 2016-10-21] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2016-10-21] (Ellora Assets Corp.) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-04] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-04] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [127112 2017-04-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-04] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-04] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-04] (AVAST Software)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2017-04-17] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-19] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 tmlwf; no ImagePath
U3 tmwfp; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-19 14:23 - 2017-04-19 14:23 - 00022868 _____ C:\Users\Phillip\Desktop\FRST.txt
2017-04-19 14:23 - 2017-04-19 14:23 - 00000000 ____D C:\Users\Phillip\Desktop\FRST-OlderVersion
2017-04-19 14:15 - 2017-04-19 14:15 - 00276008 _____ C:\Windows\Minidump\041917-21528-01.dmp
2017-04-19 14:05 - 2017-04-19 14:05 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-04-19 09:39 - 2017-04-19 09:39 - 00000000 ____D C:\Users\Phillip\AppData\LocalLow\Adobe
2017-04-18 08:56 - 2017-04-18 08:56 - 05774688 _____ (Zemana Ltd. ) C:\Users\Phillip\Downloads\Zemana.AntiMalware.Setup.exe
2017-04-17 13:06 - 2017-04-17 13:06 - 00035040 _____ C:\Users\Phillip\Desktop\combo 1.txt
2017-04-17 12:39 - 2017-04-17 12:39 - 00035034 _____ C:\ComboFix.txt
2017-04-17 12:39 - 2017-04-17 12:39 - 00016712 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP113.SYS
2017-04-17 12:12 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2017-04-17 12:12 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2017-04-17 12:12 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-04-17 12:12 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-04-17 12:12 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-04-17 12:12 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2017-04-17 12:12 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2017-04-17 12:12 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2017-04-17 12:08 - 2017-04-17 12:39 - 00000000 ____D C:\Qoobox
2017-04-17 12:08 - 2017-04-17 12:36 - 00000000 ____D C:\Windows\erdnt
2017-04-17 12:04 - 2017-04-17 12:04 - 05659609 ____R (Swearware) C:\Users\Phillip\Downloads\ComboFix.exe
2017-04-17 10:53 - 2017-04-17 10:53 - 00284232 _____ C:\Windows\Minidump\041717-16068-01.dmp
2017-04-17 10:53 - 2017-04-17 10:53 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-04-17 10:51 - 2017-04-17 10:51 - 00004976 _____ C:\Windows\system32\.crusader
2017-04-17 10:42 - 2017-04-17 10:42 - 00001899 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-04-17 10:42 - 2017-04-17 10:42 - 00000000 ____D C:\Program Files\HitmanPro
2017-04-17 10:41 - 2017-04-17 10:41 - 11583584 _____ (SurfRight B.V.) C:\Users\Phillip\Downloads\HitmanPro_x64.exe
2017-04-17 10:23 - 2017-04-17 10:26 - 00703604 _____ C:\TDSSKiller.3.1.0.12_17.04.2017_10.23.41_log.txt
2017-04-17 10:20 - 2017-04-17 10:22 - 00203046 _____ C:\TDSSKiller.3.1.0.12_17.04.2017_10.20.53_log.txt
2017-04-17 09:22 - 2017-04-17 10:30 - 00002590 _____ C:\Users\Phillip\Desktop\Rkill.txt
2017-04-17 09:22 - 2017-04-17 09:22 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Phillip\Downloads\rkill.exe
2017-04-17 09:16 - 2017-04-17 09:19 - 00202880 _____ C:\TDSSKiller.3.1.0.12_17.04.2017_09.16.55_log.txt
2017-04-17 09:15 - 2017-04-17 09:15 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Phillip\Downloads\tdsskiller.exe
2017-04-16 19:13 - 2017-04-16 19:13 - 00045401 _____ C:\Users\Phillip\Desktop\Number 2 scan.txt
2017-04-16 18:40 - 2017-04-19 14:23 - 00000000 ____D C:\FRST
2017-04-16 18:37 - 2017-04-19 14:23 - 02424832 _____ (Farbar) C:\Users\Phillip\Desktop\FRST64.exe
2017-04-16 10:24 - 2017-04-16 10:27 - 00260516 _____ C:\Windows\ntbtlog.txt
2017-04-16 09:59 - 2017-04-16 09:59 - 00002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-16 09:58 - 2017-04-16 09:58 - 01129376 _____ (Google Inc.) C:\Users\Phillip\Downloads\ChromeSetup.exe
2017-04-16 09:46 - 2017-04-16 09:46 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\Browsers
2017-04-16 09:46 - 2017-04-16 09:46 - 00000000 ____D C:\$AV_ASW
2017-04-15 20:48 - 2017-04-15 20:49 - 00000000 ____D C:\Users\Phillip\Documents\Kindle
2017-04-15 20:47 - 2013-12-15 10:34 - 41929941 _____ C:\Users\Phillip\Documents\STALINGRAD - Victory On The Volga (Images of War) By Nik Cornish ABEE.pdf
2017-04-15 20:35 - 2017-01-29 20:55 - 41441494 ____R C:\Users\Phillip\Documents\Consumer_Reports_New_Car_Buying_Guide_Spring_2017.pdf
2017-04-15 16:50 - 2017-04-15 16:50 - 00000000 ____D C:\Users\Phillip\Downloads\winds of war
2017-04-15 16:48 - 2017-04-15 16:48 - 00000906 _____ C:\Users\Phillip\Desktop\Downloads.lnk
2017-04-15 16:39 - 2017-04-15 17:13 - 00000000 ____D C:\Users\Phillip\.cr3
2017-04-15 16:38 - 2017-04-15 16:39 - 00000000 ____D C:\Users\Phillip\cr3
2017-04-15 16:38 - 2017-04-15 16:38 - 07955398 _____ C:\Users\Phillip\Documents\cr3-win32-qt-opengl-3.3.61.zip
2017-04-15 10:38 - 2017-04-15 10:38 - 02041884 _____ C:\Users\Phillip\Downloads\Shadow Commander_ The Epic Stor - Mike Guardia.epub
2017-04-14 18:55 - 2017-04-14 18:55 - 01581245 _____ C:\Users\Phillip\Documents\duplicates.dupeguru
2017-04-14 16:54 - 2017-04-14 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-04-14 10:09 - 2017-04-14 10:29 - 00000000 ____D C:\Users\Phillip\Documents\Phillips library
2017-04-14 09:39 - 2017-04-14 09:39 - 00001098 _____ C:\Users\Public\Desktop\dupeGuru.lnk
2017-04-14 09:39 - 2017-04-14 09:39 - 00000000 ____D C:\Users\Phillip\AppData\Local\Hardcoded Software
2017-04-14 09:39 - 2017-04-14 09:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dupeGuru
2017-04-14 09:39 - 2017-04-14 09:39 - 00000000 ____D C:\Program Files\Hardcoded Software
2017-04-14 09:35 - 2017-04-14 09:36 - 17460736 _____ C:\Users\Phillip\Downloads\dupeguru_win64_3.9.1.msi
2017-04-14 08:24 - 2017-04-14 08:24 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\IsolatedStorage
2017-04-14 08:24 - 2017-04-14 08:24 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\DigitalVolcano
2017-04-14 08:24 - 2017-04-14 08:24 - 00000000 ____D C:\ProgramData\IsolatedStorage
2017-04-14 08:15 - 2017-04-14 08:15 - 13391688 _____ (DigitalVolcano Software Ltd) C:\Users\Phillip\Downloads\DuplicateCleanerPro4_setup.exe
2017-04-13 21:57 - 2017-04-13 21:57 - 00001018 _____ C:\Users\Public\Desktop\WinMerge.lnk
2017-04-13 21:57 - 2017-04-13 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge
2017-04-13 21:56 - 2017-04-13 21:57 - 00000000 ____D C:\Program Files (x86)\WinMerge
2017-04-13 21:52 - 2017-04-13 21:52 - 06433055 _____ (hxxp://winmerge.org ) C:\Users\Phillip\Downloads\WinMerge-2.14.0-Setup.exe
2017-04-13 21:41 - 2017-04-13 21:41 - 00000000 ____D C:\Users\Phillip\Downloads\duplicate_files_deleter
2017-04-13 21:04 - 2017-04-13 21:04 - 00000000 ____D C:\Program Files\WinPcap
2017-04-13 21:03 - 2017-04-13 21:07 - 00000000 ____D C:\Users\Phillip\Documents\Freemake
2017-04-13 21:03 - 2017-04-13 21:04 - 00000000 ____D C:\ProgramData\Freemake
2017-04-13 21:03 - 2017-04-13 21:03 - 00001338 _____ C:\Users\Public\Desktop\Freemake Video Downloader.lnk
2017-04-13 21:03 - 2017-04-13 21:03 - 00000000 ____D C:\Users\Phillip\Desktop\Freemake Shared
2017-04-13 21:03 - 2017-04-13 21:03 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2017-04-13 21:03 - 2017-04-13 21:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2017-04-13 21:03 - 2017-04-13 21:03 - 00000000 ____D C:\Program Files (x86)\Freemake
2017-04-13 21:00 - 2017-04-13 21:01 - 18796032 _____ ( ) C:\Users\Phillip\Downloads\FreemakeVideoDownloaderFull.exe
2017-04-13 19:22 - 2017-04-13 19:22 - 00046408 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-04-13 10:20 - 2017-04-13 10:20 - 63918174 _____ C:\Users\Phillip\Downloads\Blossoms in the Wind The Human Legacy of the Kamikaze.pdf
2017-04-12 11:40 - 2017-03-27 14:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-04-12 11:40 - 2017-03-27 13:28 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-04-12 11:40 - 2017-03-25 15:39 - 20284416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-04-12 11:40 - 2017-03-25 15:07 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-04-12 11:40 - 2017-03-25 15:06 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-04-12 11:40 - 2017-03-25 14:55 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-04-12 11:40 - 2017-03-25 14:52 - 02289152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-04-12 11:40 - 2017-03-25 14:51 - 01313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-04-12 11:40 - 2017-03-25 14:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-04-12 11:40 - 2017-03-25 14:46 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-04-12 11:40 - 2017-03-25 14:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-04-12 11:40 - 2017-03-25 14:10 - 02898432 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-04-12 11:40 - 2017-03-25 13:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-04-12 11:40 - 2017-03-25 13:52 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-04-12 11:40 - 2017-03-25 13:41 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-04-12 11:40 - 2017-03-25 13:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-04-12 11:40 - 2017-03-25 12:59 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-04-12 11:40 - 2017-03-25 12:57 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-04-12 11:40 - 2017-03-25 12:28 - 15259136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-04-12 11:40 - 2017-03-25 12:27 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-04-12 11:40 - 2017-03-25 12:24 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-04-12 11:40 - 2017-03-25 12:10 - 01546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-04-12 11:40 - 2017-03-24 18:50 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-04-12 11:40 - 2017-03-24 18:42 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-04-12 11:40 - 2017-03-22 11:32 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-04-12 11:40 - 2017-03-22 11:17 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-12 11:40 - 2017-03-22 11:15 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-12 11:40 - 2017-03-22 11:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-04-12 11:40 - 2017-03-14 11:34 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-04-12 11:40 - 2017-03-14 11:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-04-12 11:40 - 2017-03-10 12:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-12 11:40 - 2017-03-10 12:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-12 11:40 - 2017-03-10 12:00 - 03219968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-04-12 11:40 - 2017-03-08 16:20 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-04-12 11:40 - 2017-03-08 16:10 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-04-12 11:40 - 2017-03-08 00:37 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-04-12 11:40 - 2017-03-08 00:36 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-04-12 11:40 - 2017-03-08 00:36 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-04-12 11:40 - 2017-03-08 00:36 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-04-12 11:40 - 2017-03-08 00:36 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-04-12 11:40 - 2017-03-08 00:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-04-12 11:40 - 2017-03-08 00:33 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-04-12 11:40 - 2017-03-08 00:26 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-04-12 11:40 - 2017-03-08 00:26 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-04-12 11:40 - 2017-03-08 00:24 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-04-12 11:40 - 2017-03-08 00:22 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-04-12 11:40 - 2017-03-07 12:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-12 11:40 - 2017-03-07 12:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-12 11:40 - 2017-03-07 10:05 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-04-12 11:40 - 2017-03-03 21:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-12 11:40 - 2017-03-03 21:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-12 11:40 - 2017-03-03 21:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-12 11:40 - 2017-03-03 21:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-04-12 11:40 - 2017-02-14 12:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-04-12 11:40 - 2017-02-14 12:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-04-12 11:40 - 2017-02-09 12:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-04-12 11:40 - 2017-02-09 12:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-04-12 11:40 - 2017-02-09 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-12 11:39 - 2017-03-25 14:48 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-04-12 11:39 - 2017-03-25 14:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-04-12 11:39 - 2017-03-25 14:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-04-12 11:39 - 2017-03-25 14:46 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-04-12 11:39 - 2017-03-25 14:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-04-12 11:39 - 2017-03-25 14:46 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-04-12 11:39 - 2017-03-25 14:46 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-04-12 11:39 - 2017-03-25 14:46 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-04-12 11:39 - 2017-03-25 14:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-04-12 11:39 - 2017-03-25 14:45 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-04-12 11:39 - 2017-03-25 14:45 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-04-12 11:39 - 2017-03-25 14:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-04-12 11:39 - 2017-03-25 14:45 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-04-12 11:39 - 2017-03-25 14:45 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-04-12 11:39 - 2017-03-25 14:45 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-04-12 11:39 - 2017-03-25 14:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-04-12 11:39 - 2017-03-25 14:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-04-12 11:39 - 2017-03-25 14:44 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-04-12 11:39 - 2017-03-25 14:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-04-12 11:39 - 2017-03-25 14:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-04-12 11:39 - 2017-03-25 14:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-04-12 11:39 - 2017-03-25 14:14 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-04-12 11:39 - 2017-03-25 14:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-04-12 11:39 - 2017-03-25 14:13 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-04-12 11:39 - 2017-03-25 14:13 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-04-12 11:39 - 2017-03-25 14:04 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-04-12 11:39 - 2017-03-25 14:02 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-04-12 11:39 - 2017-03-25 13:57 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-04-12 11:39 - 2017-03-25 13:56 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-04-12 11:39 - 2017-03-25 13:56 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-04-12 11:39 - 2017-03-25 13:56 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-04-12 11:39 - 2017-03-25 13:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-12 11:39 - 2017-03-25 13:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-04-12 11:39 - 2017-03-25 13:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-12 11:39 - 2017-03-25 13:29 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-04-12 11:39 - 2017-03-25 13:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-04-12 11:39 - 2017-03-25 13:23 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-04-12 11:39 - 2017-03-25 13:20 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-04-12 11:39 - 2017-03-25 13:19 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-04-12 11:39 - 2017-03-25 13:17 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-04-12 11:39 - 2017-03-25 13:06 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-04-12 11:39 - 2017-03-25 13:00 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-04-12 11:39 - 2017-03-25 12:57 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-04-12 11:39 - 2017-03-25 12:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-04-12 11:39 - 2017-03-22 11:32 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-04-12 11:39 - 2017-03-22 11:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-04-12 11:39 - 2017-03-22 11:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-04-12 11:39 - 2017-03-22 11:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-04-12 11:39 - 2017-03-22 11:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-04-12 11:39 - 2017-03-22 11:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-04-12 11:39 - 2017-03-22 11:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-04-12 11:39 - 2017-03-22 11:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-04-12 11:39 - 2017-03-22 11:15 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-04-12 11:39 - 2017-03-22 11:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-04-12 11:39 - 2017-03-22 11:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-04-12 11:39 - 2017-03-22 11:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-04-12 11:39 - 2017-03-14 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-04-12 11:39 - 2017-03-10 12:31 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-04-12 11:39 - 2017-03-10 12:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-12 11:39 - 2017-03-10 12:31 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-04-12 11:39 - 2017-03-10 12:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-04-12 11:39 - 2017-03-10 12:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-04-12 11:39 - 2017-03-10 12:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-04-12 11:39 - 2017-03-10 12:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-04-12 11:39 - 2017-03-10 11:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-04-12 11:39 - 2017-03-08 00:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-04-12 11:39 - 2017-03-08 00:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-04-12 11:39 - 2017-03-08 00:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-04-12 11:39 - 2017-03-08 00:00 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-04-12 11:39 - 2017-03-07 23:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-04-12 11:39 - 2017-03-07 23:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-04-12 11:39 - 2017-03-07 23:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-04-12 11:39 - 2017-03-07 23:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-04-12 11:39 - 2017-03-07 23:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-04-12 11:39 - 2017-03-07 23:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-04-12 11:39 - 2017-03-07 23:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-04-12 11:39 - 2017-03-07 23:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-04-12 11:39 - 2017-03-07 23:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-04-12 11:39 - 2017-03-07 23:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-04-12 11:39 - 2017-03-07 23:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-04-12 11:39 - 2017-03-07 23:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-04-12 11:39 - 2017-03-07 23:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-12 11:39 - 2017-03-07 23:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-12 11:39 - 2017-03-07 23:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-12 11:39 - 2017-03-07 23:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-12 11:39 - 2017-02-11 12:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-04-12 11:39 - 2017-02-11 12:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-04-12 11:39 - 2016-03-23 18:40 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-04-12 11:39 - 2016-03-23 18:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-04-08 08:23 - 2017-04-08 08:23 - 00276008 _____ C:\Windows\Minidump\040817-27580-01.dmp
2017-04-04 08:23 - 2017-04-04 08:22 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-04-01 18:53 - 2017-04-01 18:53 - 11061478 _____ C:\Users\Phillip\Downloads\Video.MOV
2017-03-31 08:45 - 2017-04-14 19:33 - 00004431 _____ C:\Users\Phillip\Documents\newsbin.nbi.bak
2017-03-31 08:35 - 2017-03-31 08:35 - 00000000 ____D C:\Users\Phillip\Documents\Temp
2017-03-31 08:35 - 2017-03-31 08:35 - 00000000 ____D C:\Users\Phillip\Documents\Import
2017-03-31 08:35 - 2017-03-31 08:35 - 00000000 ____D C:\Users\Phillip\Documents\Images
2017-03-31 08:35 - 2017-03-31 08:35 - 00000000 ____D C:\Users\Phillip\Documents\Chunks
2017-03-21 23:57 - 2017-03-21 23:57 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-03-21 23:57 - 2017-03-21 23:57 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-03-21 23:57 - 2017-03-21 23:57 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-03-20 00:48 - 2017-03-20 00:48 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2017-03-20 00:48 - 2017-03-20 00:48 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110_clr0400.dll
2017-03-20 00:48 - 2017-03-20 00:48 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2017-03-20 00:48 - 2017-03-20 00:48 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110_clr0400.dll
2017-03-20 00:41 - 2017-03-20 00:41 - 00030400 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2017-03-20 00:41 - 2017-03-20 00:41 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr110_clr0400.dll
2017-03-20 00:41 - 2017-03-20 00:41 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2017-03-20 00:41 - 2017-03-20 00:41 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcp110_clr0400.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-19 14:19 - 2016-11-12 08:34 - 00000000 ___RD C:\Users\Phillip\Dropbox
2017-04-19 14:16 - 2016-11-12 08:31 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-04-19 14:15 - 2017-02-08 10:00 - 523685609 _____ C:\Windows\MEMORY.DMP
2017-04-19 14:15 - 2015-12-22 15:31 - 00000000 ____D C:\Windows\Minidump
2017-04-19 14:15 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-19 13:00 - 2009-07-14 00:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-19 13:00 - 2009-07-14 00:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-19 09:43 - 2016-11-12 08:31 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-04-18 08:47 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2017-04-17 19:21 - 2015-11-25 18:29 - 00000000 ____D C:\Users\Phillip\AppData\Local\Google
2017-04-17 12:32 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2017-04-17 10:53 - 2016-07-25 05:54 - 00000000 ____D C:\Users\Phillip
2017-04-17 10:51 - 2015-12-03 20:00 - 00000000 ____D C:\ProgramData\HitmanPro
2017-04-16 10:20 - 2009-07-29 01:20 - 00000000 ____D C:\Windows\log
2017-04-16 10:06 - 2015-12-03 19:47 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-16 09:59 - 2010-02-26 09:41 - 00002273 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-16 09:53 - 2016-02-19 22:12 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-16 09:53 - 2016-02-19 22:12 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-16 09:53 - 2016-02-19 22:12 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-16 09:53 - 2010-02-26 10:03 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-16 09:46 - 2016-12-30 13:28 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-04-15 18:18 - 2009-07-14 01:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-15 18:18 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-04-15 16:57 - 2017-03-03 18:15 - 00000000 ____D C:\Users\Phillip\Downloads\GrabIt Downloads
2017-04-15 16:50 - 2017-03-03 17:15 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\GrabIt
2017-04-15 16:35 - 2015-11-25 21:48 - 00000000 ____D C:\Users\Phillip\Documents\Calibre Library
2017-04-14 19:33 - 2017-02-26 10:07 - 00000000 ____D C:\Users\Phillip\AppData\Local\Newsbin
2017-04-14 19:33 - 2017-02-26 10:06 - 00004431 _____ C:\Users\Phillip\Documents\newsbin.nbi.old
2017-04-14 19:33 - 2017-02-26 10:06 - 00004431 _____ C:\Users\Phillip\Documents\newsbin.nbi
2017-04-14 16:54 - 2016-11-12 08:31 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-04-13 10:18 - 2017-02-20 18:34 - 00000985 _____ C:\Users\Phillip\Desktop\GrabIt.lnk
2017-04-13 10:18 - 2017-02-20 18:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GrabIt
2017-04-13 10:18 - 2017-02-20 18:34 - 00000000 ____D C:\Program Files (x86)\GrabIt
2017-04-13 08:03 - 2017-01-23 08:46 - 00478752 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-13 07:47 - 2015-11-29 16:54 - 00000000 ____D C:\Windows\system32\MRT
2017-04-13 07:43 - 2015-11-29 16:54 - 148601744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-04-13 07:39 - 2015-12-16 22:21 - 00765700 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-04-12 11:26 - 2017-01-05 10:13 - 00000000 ____D C:\Users\Phillip\Documents\RBC US
2017-04-11 17:35 - 2016-07-28 19:49 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d1e92ab36a59e7
2017-04-11 17:35 - 2016-07-28 19:49 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1e92ab3177dc0
2017-04-08 08:09 - 2017-03-15 15:18 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-04-04 20:06 - 2016-03-23 07:45 - 00003896 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458733531
2017-04-04 08:22 - 2017-03-15 15:18 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-04-04 08:22 - 2017-03-15 15:18 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-04-04 08:22 - 2017-03-15 15:18 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-04-04 08:22 - 2017-03-15 15:18 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-04-04 08:22 - 2016-03-23 07:45 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 00127112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-03-31 14:11 - 2017-03-03 17:31 - 00000000 ____D C:\Users\Phillip\.pan2
2017-03-31 08:37 - 2017-02-26 10:07 - 00000000 ____D C:\Users\Phillip\Documents\Newsbin
2017-03-29 20:11 - 2015-11-25 20:27 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\calibre

==================== Files in the root of some directories =======

2017-02-20 18:40 - 2017-02-20 18:40 - 0000292 _____ () C:\Users\Phillip\AppData\Local\HamsterBookConverter.cfg
2017-03-03 17:53 - 2017-03-03 17:53 - 0000703 _____ () C:\Users\Phillip\AppData\Local\recently-used.xbel
2010-02-26 09:56 - 2009-09-10 13:06 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-02-26 09:36 - 2010-02-26 09:36 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-02-26 09:35 - 2010-02-26 09:36 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-06 19:07

==================== End of FRST.txt ============================
phillip245
Regular Member
 
Posts: 18
Joined: April 16th, 2017, 6:17 pm

Re: S.pmddBy.com Highjacker

Unread postby phillip245 » April 19th, 2017, 2:30 pm

mAL here is the addition

Thank You
Phillip

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2017 01
Ran by Phillip (19-04-2017 14:24:35)
Running from C:\Users\Phillip\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-11-25 22:10:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4193585031-2840196977-3773957042-500 - Administrator - Disabled)
Guest (S-1-5-21-4193585031-2840196977-3773957042-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4193585031-2840196977-3773957042-1001 - Limited - Enabled)
Phillip (S-1-5-21-4193585031-2840196977-3773957042-1002 - Administrator - Enabled) => C:\Users\Phillip

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.8 - ASUS)
ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0014 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS WebStorage (HKLM\...\ASUS WebStorage) (Version: 2.0.36.1260 - eCareme Technologies, Inc.)
ATI AVIVO64 Codecs (Version: 10.12.0.00122 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{D0528577-31BF-2ABC-D7FC-E443EBF8B40A}) (Version: 3.0.758.0 - ATI Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0003 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
calibre (HKLM-x32\...\{8162FB74-BE08-4525-9241-DAB991F90147}) (Version: 2.81.0 - Kovid Goyal)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
ccc-core-static (x32 Version: 2010.0122.858.16002 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Cisco VideoGuard Player (HKLM-x32\...\{28c1da00-d362-464b-bdee-90ef5358f8d7}) (Version: 6.8 - Cisco Systems, Inc)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.18.65 - Conexant)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.8) (Version: 5.0.1.8 - Coupons.com Incorporated)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3509a - CyberLink Corp.)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Dropbox (HKLM-x32\...\Dropbox) (Version: 23.4.19 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
dupeGuru (HKLM\...\{C11DACBD-8863-4AA4-94AD-708602F6F7EF}) (Version: 3.9.1 - Hardcoded Software)
ETDWare PS/2-x64 7.0.5.10_WHQL (HKLM\...\Elantech) (Version: 7.0.5.10 - ELAN Microelectronics Corp.)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)
GB Manager (HKLM-x32\...\{A67539A1-0696-498F-832E-ACEA50886C80}) (Version: 1.20.0000 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.2.183.13 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
GrabIt 1.7.4 Beta 2 (build 1014) (HKLM-x32\...\GrabIt_is1) (Version: - Ilan Shemes)
GTK2-Runtime (HKLM-x32\...\GTK2-Runtime) (Version: 2.24.10-2012-10-10-ash - Alexander Shaduri)
Hamster Free EbookConverter (HKLM-x32\...\{441AC599-200D-4E04-B274-C6B7B50C281D}_is1) (Version: 1.0.0.13 - HamsterSoft)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.18.284 - SurfRight B.V.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.14.11 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.33.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Live Add-in 1.3 (HKLM-x32\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95120000-0120-0409-0000-0000000FF1CE}) (Version: 12.0.6414.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4193585031-2840196977-3773957042-1002\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Newsbin for NewsDemon (HKLM\...\Newsbin6) (Version: 6.72 - DJI Interprises, LLC)
Pan (HKLM-x32\...\{99B11F20-86C9-4BD3-8A34-DA4EAE276188}) (Version: 2.1.7 - pan.rebelbase.com)
RAR File Open Knife - Free Opener (HKLM-x32\...\RAR File Open Knife - Free Opener) (Version: 7 - Philipp Winterberg)
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - )
Silicon Laboratories CP210x VCP Drivers for Windows 7 (HKLM-x32\...\{4CCD24F6-8665-457B-8467-2E232F1CC0B4}) (Version: 5.40.24 - Silicon Laboratories, Inc.)
USB2.0 UVC VGA WebCam (HKLM\...\USB2.0 UVC VGA WebCam) (Version: 5.8.54000.205 - Sonix)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.0 - ASUS)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4193585031-2840196977-3773957042-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Phillip\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileCoAuthLib64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4193585031-2840196977-3773957042-1002_Classes\CLSID\{F09690BD-582D-4439-B6ED-5C2545D2F424}\InprocServer32 -> C:\Windows\system32\kernel32.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02F0A926-339E-4DF3-B9C6-230D076AEE56} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {09272D54-B571-430C-AD41-61C62BAD9DF6} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] ()
Task: {2B3862ED-DC96-41D0-9BC7-21FD8C40F857} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e92ab36a59e7 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-25] (Google Inc.)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {3C588659-CB96-428A-9A26-1671A8ECF255} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-12] (Dropbox, Inc.)
Task: {3F2F99A8-B806-4761-8CDD-93259BD63197} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {4E6C1ED0-9CEE-4DA1-8B05-57A87F4E28D2} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-12] (Dropbox, Inc.)
Task: {5F94DC91-F97B-4A22-8DA4-3192AB31D3D8} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-04] ()
Task: {607592B6-301E-4EF2-9211-AEC0148369A6} - System32\Tasks\SafeZone scheduled Autoupdate 1458733531 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {82EF36E8-EE2E-4E54-A8CF-4AB8B57EA287} - System32\Tasks\GoogleUpdateTaskMachineCore1d1e92ab3177dc0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-25] (Google Inc.)
Task: {9C4AB184-EE61-4B8F-99BF-229154BB8089} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {A2BA485D-BE18-483C-A0D6-4B490582E44F} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {A98A7772-E0DA-4CCB-96AA-9C2C10A5FD5C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-04] (AVAST Software)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {C8F84BE2-F5CB-47D1-9060-E378900630AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-25] (Google Inc.)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {E0FFA851-29E9-4AC6-AE58-B3D96D5394BB} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {E2792AB7-9482-4691-A28C-967800B9696D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4193585031-2840196977-3773957042-1002
Task: {EEE8E8CC-380D-4DFF-A11C-028A72A43E28} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {F2A3EEC6-ECD7-4614-93F2-0085DF64D3B2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-25] (Google Inc.)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FF4D0B6E-EDB9-4B2E-9E66-6BD9B6DA9534} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-16] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl

==================== Loaded Modules (Whitelisted) ==============

2009-11-27 01:29 - 2009-11-27 01:29 - 00148752 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-02-26 09:49 - 2010-02-26 09:49 - 00029968 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3617.20553__0d0f4b69e50e559b\SqliteShared.dll
2010-02-26 09:49 - 2010-02-26 09:49 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2017-04-04 08:22 - 2017-04-04 08:22 - 00162024 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-04-04 08:22 - 2017-04-04 08:22 - 00790544 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-04-04 08:22 - 2017-04-04 08:22 - 00275776 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2017-04-04 08:22 - 2017-04-04 08:22 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-04-04 08:22 - 2017-04-04 08:22 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-04-19 12:55 - 2017-04-19 12:55 - 06021752 _____ () C:\Program Files\AVAST Software\Avast\defs\17041902\algo.dll
2017-04-04 08:22 - 2017-04-04 08:22 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-04-04 08:22 - 2017-04-04 08:22 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2016-06-30 06:57 - 2016-06-30 06:57 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-04-04 08:22 - 2017-04-04 08:22 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-04-14 16:53 - 2017-04-13 19:30 - 00870720 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-04-07 18:59 - 2017-03-20 14:10 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-04-07 18:59 - 2017-03-20 14:10 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-04-07 18:59 - 2017-03-20 14:10 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-04-07 18:59 - 2017-04-13 19:34 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-04-07 18:59 - 2017-03-20 14:11 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-04-07 18:59 - 2017-03-20 14:10 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-04-14 16:53 - 2017-03-20 14:10 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-04-14 16:53 - 2017-03-20 14:11 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-04-14 16:53 - 2017-03-20 14:10 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-04-07 18:59 - 2017-03-20 14:13 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-04-07 18:59 - 2017-04-13 19:34 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-04-07 18:59 - 2017-03-20 14:13 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-04-14 16:53 - 2017-03-20 14:10 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-04-14 16:53 - 2017-03-20 14:13 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-04-07 18:59 - 2017-03-20 14:13 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-04-07 18:59 - 2017-04-13 19:34 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-04-07 18:59 - 2017-03-20 14:13 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-04-07 18:59 - 2017-04-13 19:34 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-04-07 18:59 - 2017-03-20 14:13 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-04-07 18:59 - 2017-03-20 14:13 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-04-07 18:59 - 2017-03-20 14:13 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-04-07 18:59 - 2017-03-20 14:13 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-04-07 18:59 - 2017-03-20 14:13 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-04-07 18:59 - 2017-03-20 14:13 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-04-07 18:59 - 2017-03-20 14:13 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-04-07 18:59 - 2017-03-20 14:12 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-04-07 18:59 - 2017-04-13 19:34 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-04-07 18:59 - 2017-03-20 14:13 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-04-07 18:59 - 2017-03-20 14:11 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-04-14 16:53 - 2017-04-13 19:34 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-04-07 18:59 - 2017-03-20 14:13 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-04-07 18:59 - 2017-04-13 19:34 - 00053072 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-04-07 18:59 - 2017-04-13 19:34 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-04-07 18:59 - 2017-04-13 19:34 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-04-07 18:59 - 2017-04-13 19:34 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-04-07 18:59 - 2017-04-13 19:34 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-04-07 18:59 - 2017-03-20 14:13 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-04-07 18:59 - 2017-04-13 19:34 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-04-14 16:53 - 2017-03-20 14:08 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-04-14 16:53 - 2017-04-13 19:33 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-04-07 18:59 - 2017-04-13 19:34 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-04-14 16:53 - 2017-03-20 14:17 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-04-14 16:53 - 2017-03-20 14:17 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-04-14 16:53 - 2017-04-13 19:33 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-04-07 18:59 - 2017-04-13 19:34 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-04-14 16:53 - 2017-04-13 19:33 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2017-04-17 12:32 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4193585031-2840196977-3773957042-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.114.81.1 - 75.114.81.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk => C:\Windows\pss\SRS Premium Sound.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: EeeStorageBackup => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe MySyncFolder
MSCONFIG\startupreg: ETDWare => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: OneDrive => "C:\Users\Phillip\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
MSCONFIG\startupreg: ProductUpdater => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
MSCONFIG\startupreg: Setwallpaper => c:\programdata\SetWallpaper.cmd
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: VideoGuardMonitor => "C:\Users\Phillip\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{56DF5966-7ACC-4645-9981-5A87390AD45C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{42661680-E3C0-4708-BA2B-D4EF5EB19E9A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F05F66FE-4F44-483A-9191-D0F886B96C50}] => (Allow) svchost.exe
FirewallRules: [{D1DADC6F-60AE-4138-997C-AA4B4962F926}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{F3F998E9-1A31-4851-815A-7908AA11B8DA}] => (Allow) C:\Program Files\Newsbin\newsbinpro64.exe
FirewallRules: [{DC299F70-D651-4634-80EF-7C6EEFCA2AE4}] => (Allow) C:\Program Files\Newsbin\newsbinpro64.exe
FirewallRules: [{298DB852-C9EB-4843-B7A3-98309AB8BF17}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe
FirewallRules: [{C6943E5E-42CA-4A96-AF05-1CD6B7CAF3DF}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{B165B4D9-D674-4B4E-ADD9-D8FA5EDBBA12}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{51BAAF75-E2E0-4450-9396-7DCD187536EB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

17-04-2017 10:49:29 Checkpoint by HitmanPro
17-04-2017 10:51:03 Checkpoint by HitmanPro

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/19/2017 02:16:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x580a668e
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23714, time stamp: 0x58bf87bb
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0x848
Faulting application start time: 0x01d2b93903b7f9a3
Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 57f5b03c-252c-11e7-a0b3-485b3908ab67

Error: (04/19/2017 02:16:29 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at FreemakeUtilsService.Statistics.Manager.ApplyNewTargetsConfigs()
at FreemakeUtilsService.Statistics.Manager.TargetsConfigSyncCompleted(System.Object, System.EventArgs)
at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (04/19/2017 08:42:43 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SRCHBXEX.DLL".Error in manifest or policy file "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SRCHBXEX.DLL" on line 2.
Invalid Xml syntax.

Error: (04/19/2017 08:32:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x580a668e
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23714, time stamp: 0x58bf87bb
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0x88c
Faulting application start time: 0x01d2b908f532d732
Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 51d17475-24fc-11e7-a4eb-485b3908ab67

Error: (04/19/2017 08:32:42 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at FreemakeUtilsService.Statistics.Manager.ApplyNewTargetsConfigs()
at FreemakeUtilsService.Statistics.Manager.TargetsConfigSyncCompleted(System.Object, System.EventArgs)
at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (04/18/2017 08:51:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18639, time stamp: 0x58d6bb0d
Faulting module name: jscript9.dll, version: 11.0.9600.18639, time stamp: 0x58d6bfcf
Exception code: 0xc0000005
Fault offset: 0x000e0ebe
Faulting process id: 0x15d8
Faulting application start time: 0x01d2b8a6b5947de6
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\Windows\SysWOW64\jscript9.dll
Report Id: 54945c05-249a-11e7-a923-485b3908ab67

Error: (04/18/2017 08:48:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18639, time stamp: 0x58d6bb0d
Faulting module name: jscript9.dll, version: 11.0.9600.18639, time stamp: 0x58d6bfcf
Exception code: 0xc0000005
Fault offset: 0x0002136b
Faulting process id: 0xb04
Faulting application start time: 0x01d2b8a55597818b
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\Windows\SysWOW64\jscript9.dll
Report Id: f0748a94-2499-11e7-a923-485b3908ab67

Error: (04/18/2017 08:38:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18639, time stamp: 0x58d6bb0d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x850f8000
Faulting process id: 0x19f8
Faulting application start time: 0x01d2b8a2c588cf6e
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: unknown
Report Id: 8e9a4234-2498-11e7-a923-485b3908ab67

Error: (04/18/2017 08:20:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18639 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 12e8

Start Time: 01d2b89016a1357b

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (04/18/2017 08:54:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18639, time stamp: 0x58d6bb0d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x4a896600
Faulting process id: 0xbb4
Faulting application start time: 0x01d2b8426707cbdd
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: unknown
Report Id: 2e24f891-2436-11e7-99ef-485b3908ab67


System errors:
=============
Error: (04/19/2017 02:17:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Freemake Improver service terminated unexpectedly. It has done this 1 time(s).

Error: (04/19/2017 02:15:51 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8007b12b10, 0xfffffa8007b12df0, 0xfffff800031998c0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041917-21528-01.

Error: (04/19/2017 02:15:41 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:11:51 PM on ‎19/‎04/‎2017 was unexpected.

Error: (04/19/2017 02:04:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Freemake Improver service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/19/2017 02:04:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Freemake Improver service to connect.

Error: (04/19/2017 12:53:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Freemake Improver service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/19/2017 12:53:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Freemake Improver service to connect.

Error: (04/19/2017 11:30:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Freemake Improver service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/19/2017 11:30:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Freemake Improver service to connect.

Error: (04/19/2017 10:07:17 AM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.


CodeIntegrity:
===================================
Date: 2017-04-17 12:26:51.726
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-17 12:26:51.492
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-30 09:50:09.367
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 09:50:09.133
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-29 12:02:10.585
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-29 12:02:10.414
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-29 09:45:55.974
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-29 09:45:55.755
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-25 09:34:14.944
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-25 09:34:14.726
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 56%
Total physical RAM: 3948.54 MB
Available physical RAM: 1736.65 MB
Total Virtual: 7895.27 MB
Available Virtual: 5564.28 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:36.65 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:334.67 GB) (Free:334.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 76692CA8)
Partition 1: (Not Active) - (Size=14.6 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=334.7 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================
phillip245
Regular Member
 
Posts: 18
Joined: April 16th, 2017, 6:17 pm

Re: S.pmddBy.com Highjacker

Unread postby mAL_rEm018 » April 20th, 2017, 6:52 am

Hi Phillip,

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

Your antivirus is disabled. Please follow the steps below to re-enable Avast!
  • Right-click on the Avast! icon, located in your system tray.
  • Hover your mouse over avast! shields control.
  • Click on Enable all shields (3 disabled).

Please navigate to the following location and post the "Combofix.txt" log in your next reply.
C:\ComboFix.txt


Backup your registry using TCRB
  • Please download TCRB to your Desktop.
  • Open Tweaking.com Registry Backup.
  • Click on the Backup Registry tab and ensure that all options are checked.
  • Press on Backup Now.
  • Wait until the backup is complete and exit the program.

Next..

Adwcleaner
  • Please download AdwCleaner to your Desktop.
  • Close all your programs and right-click AdwCleaner.exe and select Run as administrator.
  • Click on Scan.
  • After the scan is over, select Logfile.
  • A notepad window will open. Please copy/paste the contents in your next reply.
    Note: do not select Clean at this point


I'd like you to run a search using FRST..

  • Double click Frst.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;Istartsurf;kelkoopartners;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wordinator;WordSurfer

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... SearchReg.txt
    • Please post it in your next reply.


-----------------------------------------
In your next reply, I would like to see..
  • Did you encounter any problem while following my instructions?
  • ComboFix.txt
  • Adwcleaner report
  • SearchReg.txt
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: S.pmddBy.com Highjacker

Unread postby phillip245 » April 20th, 2017, 8:35 am

mAl checked avast it says all 3 are on. wiil post the rest later no time this AM

Thanks
Phillip






ComboFix 17-04-16.01 - Phillip 17/04/2017 12:17:52.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3949.2570 [GMT -4:00]
Running from: c:\users\Phillip\Downloads\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Phillip\AppData\Roaming\LocalLow
c:\users\Phillip\AppData\Roaming\LocalLow\GBTemp\svrver.ini
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2017-03-17 to 2017-04-17 )))))))))))))))))))))))))))))))
.
.
2017-04-17 16:27 . 2017-04-17 16:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-04-17 14:53 . 2017-04-17 14:53 54736 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2017-04-17 14:42 . 2017-04-17 14:42 -------- d-----w- c:\program files\HitmanPro
2017-04-16 22:40 . 2017-04-16 22:44 -------- d-----w- C:\FRST
2017-04-16 13:46 . 2017-04-16 13:46 -------- d-----w- C:\$AV_ASW
2017-04-16 13:46 . 2017-04-16 13:46 -------- d-----w- c:\users\Phillip\AppData\Roaming\Browsers
2017-04-15 20:39 . 2017-04-15 21:13 -------- d-----w- c:\users\Phillip\.cr3
2017-04-15 20:38 . 2017-04-15 20:39 -------- d-----w- c:\users\Phillip\cr3
2017-04-14 13:39 . 2017-04-14 13:39 -------- d-----w- c:\users\Phillip\AppData\Local\Hardcoded Software
2017-04-14 13:39 . 2017-04-14 13:39 -------- d-----w- c:\program files\Hardcoded Software
2017-04-14 12:24 . 2017-04-14 12:24 -------- d-----w- c:\users\Phillip\AppData\Roaming\IsolatedStorage
2017-04-14 12:24 . 2017-04-14 12:24 -------- d-----w- c:\programdata\IsolatedStorage
2017-04-14 12:24 . 2017-04-14 12:24 -------- d-----w- c:\users\Phillip\AppData\Roaming\DigitalVolcano
2017-04-14 01:56 . 2017-04-14 01:57 -------- d-----w- c:\program files (x86)\WinMerge
2017-04-14 01:04 . 2017-04-14 01:04 -------- d-----w- c:\program files\WinPcap
2017-04-14 01:03 . 2017-04-14 01:04 -------- d-----w- c:\programdata\Freemake
2017-04-14 01:03 . 2017-04-14 01:03 -------- d-----w- c:\program files (x86)\Freemake
2017-04-13 23:22 . 2017-04-13 23:22 46408 ----a-w- c:\windows\system32\DbxSvc.exe
2017-04-12 15:39 . 2017-03-25 18:48 499200 ----a-w- c:\windows\SysWow64\vbscript.dll
2017-04-04 12:23 . 2017-04-04 12:22 399944 ----a-w- c:\windows\system32\aswBoot.exe
2017-03-22 03:57 . 2017-03-22 03:57 45672 ----a-w- c:\windows\system32\drivers\dbx-stable.sys
2017-03-22 03:57 . 2017-03-22 03:57 45672 ----a-w- c:\windows\system32\drivers\dbx-dev.sys
2017-03-22 03:57 . 2017-03-22 03:57 45672 ----a-w- c:\windows\system32\drivers\dbx-canary.sys
2017-03-20 04:48 . 2017-03-20 04:48 28352 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
2017-03-20 04:48 . 2017-03-20 04:48 19112 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll
2017-03-20 04:48 . 2017-03-20 04:48 19112 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll
2017-03-20 04:48 . 2017-03-20 04:48 19112 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll
2017-03-20 04:41 . 2017-03-20 04:41 30400 ----a-w- c:\windows\system32\aspnet_counters.dll
2017-03-20 04:41 . 2017-03-20 04:41 19112 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2017-03-20 04:41 . 2017-03-20 04:41 19112 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2017-03-20 04:41 . 2017-03-20 04:41 19112 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-04-16 14:06 . 2015-12-03 23:47 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-04-16 13:53 . 2016-02-20 02:12 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-04-16 13:53 . 2016-02-20 02:12 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-04-13 11:43 . 2015-11-29 20:54 148601744 -c--a-w- c:\windows\system32\MRT.exe
2017-04-04 12:22 . 2015-11-25 23:11 164064 ----a-w- c:\windows\system32\drivers\aswStm.sys
2017-04-04 12:22 . 2015-11-25 23:11 556784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2017-04-04 12:22 . 2015-11-25 23:11 339696 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2017-04-04 12:22 . 2015-11-25 23:11 75704 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-04-04 12:22 . 2015-11-25 23:11 38296 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-04-04 12:22 . 2015-11-25 23:11 127112 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2017-04-04 12:22 . 2015-11-25 23:11 101152 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2017-04-04 12:22 . 2015-11-25 23:11 1005048 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2017-04-04 12:22 . 2016-03-23 11:45 32600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2017-04-04 12:22 . 2017-03-15 19:18 48528 ----a-w- c:\windows\system32\drivers\aswbuniva.sys
2017-04-04 12:22 . 2017-03-15 19:18 334088 ----a-w- c:\windows\system32\drivers\aswbloga.sys
2017-04-04 12:22 . 2017-03-15 19:18 307736 ----a-w- c:\windows\system32\drivers\aswbidsdrivera.sys
2017-04-04 12:22 . 2017-03-15 19:18 189768 ----a-w- c:\windows\system32\drivers\aswbidsha.sys
2017-03-08 04:21 . 2017-04-12 15:39 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2017-02-22 23:42 . 2017-03-15 19:33 84712 ----a-w- c:\windows\system32\CompatTelRunner.exe
2017-02-22 23:37 . 2017-03-15 19:33 1285632 ----a-w- c:\windows\system32\aeinv.dll
2017-02-18 14:05 . 2017-03-15 19:33 1609216 ----a-w- c:\windows\system32\appraiser.dll
2017-02-18 14:05 . 2017-03-15 19:33 646656 ----a-w- c:\windows\system32\generaltel.dll
2017-02-11 15:58 . 2017-03-15 22:51 462848 ----a-w- c:\windows\system32\drivers\srv.sys
2017-02-11 15:58 . 2017-03-15 22:51 405504 ----a-w- c:\windows\system32\drivers\srv2.sys
2017-02-11 15:58 . 2017-03-15 22:51 168960 ----a-w- c:\windows\system32\drivers\srvnet.sys
2017-02-10 16:32 . 2017-03-15 22:51 803328 ----a-w- c:\windows\system32\usp10.dll
2017-02-10 16:17 . 2017-03-15 22:51 628736 ----a-w- c:\windows\SysWow64\usp10.dll
2017-02-10 14:33 . 2017-03-15 22:51 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2017-02-09 16:32 . 2017-03-15 22:51 40960 ----a-w- c:\windows\system32\WcsPlugInService.dll
2017-02-09 16:31 . 2017-03-15 22:51 625664 ----a-w- c:\windows\system32\mscms.dll
2017-02-09 16:31 . 2017-03-15 22:51 250880 ----a-w- c:\windows\system32\icm32.dll
2017-02-09 16:14 . 2017-03-15 22:51 481792 ----a-w- c:\windows\SysWow64\mscms.dll
2017-02-09 16:14 . 2017-03-15 22:51 215040 ----a-w- c:\windows\SysWow64\icm32.dll
2017-02-09 15:51 . 2017-03-15 22:51 32768 ----a-w- c:\windows\SysWow64\WcsPlugInService.dll
2017-02-09 14:06 . 2017-03-15 22:51 1648128 ----a-w- c:\windows\system32\DWrite.dll
2017-02-09 14:06 . 2017-03-15 22:51 1180160 ----a-w- c:\windows\system32\FntCache.dll
2017-02-06 16:14 . 2017-03-15 22:51 733696 ----a-w- c:\windows\HelpPane.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-02-26 13:41 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt01]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-04-13 23:27 236360 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt02]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-04-13 23:27 236360 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt03]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2017-04-13 23:27 236360 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt04]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-04-13 23:27 236360 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt05]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-04-13 23:27 236360 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt06]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-04-13 23:27 236360 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt07]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-04-13 23:27 236360 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt08]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-04-13 23:27 236360 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt09]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2017-04-13 23:27 236360 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt10]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-04-13 23:27 236360 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2017-01-27 13:57 2094304 ----a-w- c:\users\Phillip\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2017-01-27 13:57 2094304 ----a-w- c:\users\Phillip\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2017-01-27 13:57 2094304 ----a-w- c:\users\Phillip\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2017-01-27 13:57 2094304 ----a-w- c:\users\Phillip\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2017-01-27 13:57 2094304 ----a-w- c:\users\Phillip\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ADSMTray"="c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2009-06-24 272952]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]
"Dropbox"="c:\program files (x86)\Dropbox\Client\Dropbox.exe" [2017-04-13 28330072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
IME File REG_SZ IMSC12.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 dbupdate;Dropbox Update Service (dbupdate);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 dbupdatem;Dropbox Update Service (dbupdatem);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R3 dbx;dbx;c:\windows\system32\DRIVERS\dbx.sys;c:\windows\SYSNATIVE\DRIVERS\dbx.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe;c:\programdata\Partner\Partner.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys;c:\windows\SYSNATIVE\DRIVERS\silabenm.sys [x]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys;c:\windows\SYSNATIVE\DRIVERS\silabser.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswbidsh;aswbidsh;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys [x]
S0 aswblog;aswblog;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 DbxSvc;DbxSvc;c:\windows\system32\DbxSvc.exe;c:\windows\SYSNATIVE\DbxSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2016-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-20 13:53]
.
2017-04-17 c:\windows\Tasks\DropboxUpdateTaskMachineCore.job
- c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-12 12:31]
.
2017-04-17 c:\windows\Tasks\DropboxUpdateTaskMachineUA.job
- c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-12 12:31]
.
2016-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-26 22:10]
.
2016-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-26 22:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-02-26 13:41 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt01]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-04-13 23:27 286024 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt02]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-04-13 23:27 286024 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt03]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2017-04-13 23:27 286024 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt04]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-04-13 23:27 286024 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt05]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-04-13 23:27 286024 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt06]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-04-13 23:27 286024 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt07]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-04-13 23:27 286024 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt08]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-04-13 23:27 286024 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt09]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2017-04-13 23:27 286024 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt10]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-04-13 23:27 286024 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2017-01-27 13:57 2170584 ----a-w- c:\users\Phillip\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2017-01-27 13:57 2170584 ----a-w- c:\users\Phillip\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2017-01-27 13:57 2170584 ----a-w- c:\users\Phillip\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2017-01-27 13:57 2170584 ----a-w- c:\users\Phillip\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2017-01-27 13:57 2170584 ----a-w- c:\users\Phillip\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-04-04 12:22 1529352 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-04-04 12:22 1529352 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-04-04 213824]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 75.114.81.1 75.114.81.2
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-97220679.sys
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\48.0.2564.109\Installer\chrmstp.exe
Toolbar-Locked - (no file)
AddRemove-Coupon Printer for Windows5.0.1.8 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4193585031-2840196977-3773957042-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*P%C**]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-4193585031-2840196977-3773957042-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*P%C**\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_25_0_0_148_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_25_0_0_148_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_25_0_0_148_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_25_0_0_148_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_148.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.25"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_148.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_148.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_148.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2017-04-17 12:39:32 - machine was rebooted
ComboFix-quarantined-files.txt 2017-04-17 16:39
.
Pre-Run: 40,525,348,864 bytes free
Post-Run: 40,016,896,000 bytes free
.
- - End Of File - - 3F207D85D8BB53450C2103533036B8B1
phillip245
Regular Member
 
Posts: 18
Joined: April 16th, 2017, 6:17 pm

Re: S.pmddBy.com Highjacker

Unread postby phillip245 » April 20th, 2017, 7:39 pm

mAL here is the Adwcleaner file the rest is to follow.

Thanks
Phillip


# AdwCleaner v6.045 - Logfile created 20/04/2017 at 19:28:38
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-19.2 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Phillip - PHILLIP-PC
# Running from : C:\Users\Phillip\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

Service Found: Partner Service
Service Found: partner service


***** [ Folders ] *****

Folder Found: C:\Users\Phillip\Desktop\freemake shared
Folder Found: C:\ProgramData\Partner
Folder Found: C:\ProgramData\Application Data\Partner
Folder Found: C:\Users\Phillip\AppData\Roaming\browsers


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found: HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Key Found: HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found: [x64] HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Key Found: [x64] HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found: HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Value Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
Key Found: HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found: [C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - cmclajginlihohopoeofghddnhpplhom

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [3230 Bytes] - [20/04/2017 19:13:33]
C:\AdwCleaner\AdwCleaner[S1].txt - [3126 Bytes] - [20/04/2017 19:28:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3199 Bytes] ##########
phillip245
Regular Member
 
Posts: 18
Joined: April 16th, 2017, 6:17 pm

Re: S.pmddBy.com Highjacker

Unread postby phillip245 » April 20th, 2017, 8:46 pm

mL I did not have any problem other than "AV" showing that it was active and working but I did see on the files that it was disabled. hope this is what you asked for.
Later
Thanks
Phillip


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-04-2017
Ran by Phillip (administrator) on PHILLIP-PC (20-04-2017 19:58:48)
Running from C:\Users\Phillip\Desktop
Loaded Profiles: Phillip (Available Profiles: Phillip)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler64.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_25_0_0_148_ActiveX.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-04] (AVAST Software)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ADSMTray] => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe [272952 2009-06-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28344776 2017-04-17] (Dropbox, Inc.)
HKU\S-1-5-21-4193585031-2840196977-3773957042-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> none
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-04] (AVAST Software)
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll [2007-06-15] ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll [2007-06-01] ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll [2007-06-15] ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-01] ()
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{5ECC4103-727E-46DE-B93F-803ECD7B1A49}: [DhcpNameServer] 75.114.81.1 75.114.81.2

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4193585031-2840196977-3773957042-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-4193585031-2840196977-3773957042-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/en-ca?checklang=1
HKU\S-1-5-21-4193585031-2840196977-3773957042-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-4193585031-2840196977-3773957042-1002 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4193585031-2840196977-3773957042-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4193585031-2840196977-3773957042-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08] (Microsoft Corporation)
BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner64.dll [2010-02-26] (Google Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-04] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04] (Microsoft Corp.)
BHO-x32: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner.dll [2010-02-26] (Google Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-04] (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-08] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-08] (Microsoft Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-4193585031-2840196977-3773957042-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-30]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://msn.ca/
CHR StartupUrls: Default -> "hxxp://www.msn.com/en-ca?checklang=1"
CHR Profile: C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default [2017-04-20]
CHR Extension: (http://www.theweathernetwork.com/weather/usfl) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\aidnpjefmpijoekpkaghfgemkkegeepc [2015-11-25]
CHR Extension: (Google Docs) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-25]
CHR Extension: (Google Drive) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-11-25]
CHR Extension: (YouTube) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-25]
CHR Extension: (Adblock Plus) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-21]
CHR Extension: (Google Search) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-25]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2015-11-25]
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2015-12-10]
CHR Extension: (Protect My Choices) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgloanjhdcenjgiafkpbehddcnonlic [2017-03-15]
CHR Extension: (Google Hangouts) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-02-11]
CHR Extension: (Office Online) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2016-11-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-25]
CHR Extension: (Chrome Media Router) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-20]
CHR Profile: C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-01-22]
CHR Profile: C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-22]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-04] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-12] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-12] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [48944 2017-04-17] (Dropbox, Inc.)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [107520 2016-10-21] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2016-10-21] (Ellora Assets Corp.) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-04] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-04] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [127112 2017-04-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-04] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-04] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-04] (AVAST Software)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2017-04-17] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-19] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 tmlwf; no ImagePath
U3 tmwfp; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-20 19:10 - 2017-04-20 19:28 - 00000000 ____D C:\AdwCleaner
2017-04-20 19:03 - 2017-04-20 19:03 - 04089296 _____ C:\Users\Phillip\Desktop\AdwCleaner.exe
2017-04-20 19:00 - 2017-04-20 19:00 - 00000207 _____ C:\Windows\tweaking.com-regbackup-PHILLIP-PC-Windows-7-Home-Premium-(64-bit).dat
2017-04-20 19:00 - 2017-04-20 19:00 - 00000000 ____D C:\RegBackup
2017-04-20 18:12 - 2017-04-20 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-04-20 18:10 - 2017-04-20 18:10 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-04-20 08:33 - 2017-04-20 08:33 - 00002241 _____ C:\Users\Phillip\Desktop\Tweaking.com - Registry Backup.lnk
2017-04-20 08:33 - 2017-04-20 08:33 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-04-20 08:33 - 2017-04-20 08:33 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-04-20 08:31 - 2017-04-20 08:33 - 00018143 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2017-04-20 08:28 - 2017-04-20 08:28 - 05766144 _____ (Tweaking.com) C:\Users\Phillip\Desktop\tweaking.com_registry_backup_setup.exe
2017-04-19 14:24 - 2017-04-19 14:27 - 00044077 _____ C:\Users\Phillip\Desktop\Addition.txt
2017-04-19 14:23 - 2017-04-20 20:00 - 00022802 _____ C:\Users\Phillip\Desktop\FRST.txt
2017-04-19 14:23 - 2017-04-20 19:52 - 00000000 ____D C:\Users\Phillip\Desktop\FRST-OlderVersion
2017-04-19 14:15 - 2017-04-19 14:15 - 00276008 _____ C:\Windows\Minidump\041917-21528-01.dmp
2017-04-19 09:39 - 2017-04-19 09:39 - 00000000 ____D C:\Users\Phillip\AppData\LocalLow\Adobe
2017-04-18 08:56 - 2017-04-18 08:56 - 05774688 _____ (Zemana Ltd. ) C:\Users\Phillip\Downloads\Zemana.AntiMalware.Setup.exe
2017-04-17 13:06 - 2017-04-17 13:06 - 00035040 _____ C:\Users\Phillip\Desktop\combo 1.txt
2017-04-17 12:39 - 2017-04-17 12:39 - 00035034 _____ C:\ComboFix.txt
2017-04-17 12:39 - 2017-04-17 12:39 - 00016712 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP113.SYS
2017-04-17 12:12 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2017-04-17 12:12 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2017-04-17 12:12 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-04-17 12:12 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-04-17 12:12 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-04-17 12:12 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2017-04-17 12:12 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2017-04-17 12:12 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2017-04-17 12:08 - 2017-04-17 12:39 - 00000000 ____D C:\Qoobox
2017-04-17 12:08 - 2017-04-17 12:36 - 00000000 ____D C:\Windows\erdnt
2017-04-17 12:04 - 2017-04-17 12:04 - 05659609 ____R (Swearware) C:\Users\Phillip\Downloads\ComboFix.exe
2017-04-17 11:14 - 2017-04-17 11:14 - 00048944 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-04-17 10:53 - 2017-04-17 10:53 - 00284232 _____ C:\Windows\Minidump\041717-16068-01.dmp
2017-04-17 10:53 - 2017-04-17 10:53 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-04-17 10:51 - 2017-04-17 10:51 - 00004976 _____ C:\Windows\system32\.crusader
2017-04-17 10:42 - 2017-04-17 10:42 - 00001899 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-04-17 10:42 - 2017-04-17 10:42 - 00000000 ____D C:\Program Files\HitmanPro
2017-04-17 10:41 - 2017-04-17 10:41 - 11583584 _____ (SurfRight B.V.) C:\Users\Phillip\Downloads\HitmanPro_x64.exe
2017-04-17 10:23 - 2017-04-17 10:26 - 00703604 _____ C:\TDSSKiller.3.1.0.12_17.04.2017_10.23.41_log.txt
2017-04-17 10:20 - 2017-04-17 10:22 - 00203046 _____ C:\TDSSKiller.3.1.0.12_17.04.2017_10.20.53_log.txt
2017-04-17 09:22 - 2017-04-17 10:30 - 00002590 _____ C:\Users\Phillip\Desktop\Rkill.txt
2017-04-17 09:22 - 2017-04-17 09:22 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Phillip\Downloads\rkill.exe
2017-04-17 09:16 - 2017-04-17 09:19 - 00202880 _____ C:\TDSSKiller.3.1.0.12_17.04.2017_09.16.55_log.txt
2017-04-17 09:15 - 2017-04-17 09:15 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Phillip\Downloads\tdsskiller.exe
2017-04-16 18:40 - 2017-04-20 19:58 - 00000000 ____D C:\FRST
2017-04-16 18:37 - 2017-04-20 19:52 - 02424832 _____ (Farbar) C:\Users\Phillip\Desktop\FRST64.exe
2017-04-16 10:24 - 2017-04-16 10:27 - 00260516 _____ C:\Windows\ntbtlog.txt
2017-04-16 09:59 - 2017-04-19 14:31 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-16 09:58 - 2017-04-16 09:58 - 01129376 _____ (Google Inc.) C:\Users\Phillip\Downloads\ChromeSetup.exe
2017-04-16 09:46 - 2017-04-16 09:46 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\Browsers
2017-04-16 09:46 - 2017-04-16 09:46 - 00000000 ____D C:\$AV_ASW
2017-04-15 20:48 - 2017-04-15 20:49 - 00000000 ____D C:\Users\Phillip\Documents\Kindle
2017-04-15 20:47 - 2013-12-15 10:34 - 41929941 _____ C:\Users\Phillip\Documents\STALINGRAD - Victory On The Volga (Images of War) By Nik Cornish ABEE.pdf
2017-04-15 20:35 - 2017-01-29 20:55 - 41441494 ____R C:\Users\Phillip\Documents\Consumer_Reports_New_Car_Buying_Guide_Spring_2017.pdf
2017-04-15 16:50 - 2017-04-15 16:50 - 00000000 ____D C:\Users\Phillip\Downloads\winds of war
2017-04-15 16:48 - 2017-04-15 16:48 - 00000906 _____ C:\Users\Phillip\Desktop\Downloads.lnk
2017-04-15 16:39 - 2017-04-15 17:13 - 00000000 ____D C:\Users\Phillip\.cr3
2017-04-15 16:38 - 2017-04-15 16:39 - 00000000 ____D C:\Users\Phillip\cr3
2017-04-15 16:38 - 2017-04-15 16:38 - 07955398 _____ C:\Users\Phillip\Documents\cr3-win32-qt-opengl-3.3.61.zip
2017-04-15 10:38 - 2017-04-15 10:38 - 02041884 _____ C:\Users\Phillip\Downloads\Shadow Commander_ The Epic Stor - Mike Guardia.epub
2017-04-14 18:55 - 2017-04-14 18:55 - 01581245 _____ C:\Users\Phillip\Documents\duplicates.dupeguru
2017-04-14 10:09 - 2017-04-14 10:29 - 00000000 ____D C:\Users\Phillip\Documents\Phillips library
2017-04-14 09:39 - 2017-04-14 09:39 - 00001098 _____ C:\Users\Public\Desktop\dupeGuru.lnk
2017-04-14 09:39 - 2017-04-14 09:39 - 00000000 ____D C:\Users\Phillip\AppData\Local\Hardcoded Software
2017-04-14 09:39 - 2017-04-14 09:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dupeGuru
2017-04-14 09:39 - 2017-04-14 09:39 - 00000000 ____D C:\Program Files\Hardcoded Software
2017-04-14 09:35 - 2017-04-14 09:36 - 17460736 _____ C:\Users\Phillip\Downloads\dupeguru_win64_3.9.1.msi
2017-04-14 08:24 - 2017-04-14 08:24 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\IsolatedStorage
2017-04-14 08:24 - 2017-04-14 08:24 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\DigitalVolcano
2017-04-14 08:24 - 2017-04-14 08:24 - 00000000 ____D C:\ProgramData\IsolatedStorage
2017-04-14 08:15 - 2017-04-14 08:15 - 13391688 _____ (DigitalVolcano Software Ltd) C:\Users\Phillip\Downloads\DuplicateCleanerPro4_setup.exe
2017-04-13 21:57 - 2017-04-13 21:57 - 00001018 _____ C:\Users\Public\Desktop\WinMerge.lnk
2017-04-13 21:57 - 2017-04-13 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge
2017-04-13 21:56 - 2017-04-13 21:57 - 00000000 ____D C:\Program Files (x86)\WinMerge
2017-04-13 21:52 - 2017-04-13 21:52 - 06433055 _____ (hxxp://winmerge.org ) C:\Users\Phillip\Downloads\WinMerge-2.14.0-Setup.exe
2017-04-13 21:41 - 2017-04-13 21:41 - 00000000 ____D C:\Users\Phillip\Downloads\duplicate_files_deleter
2017-04-13 21:04 - 2017-04-13 21:04 - 00000000 ____D C:\Program Files\WinPcap
2017-04-13 21:03 - 2017-04-13 21:07 - 00000000 ____D C:\Users\Phillip\Documents\Freemake
2017-04-13 21:03 - 2017-04-13 21:04 - 00000000 ____D C:\ProgramData\Freemake
2017-04-13 21:03 - 2017-04-13 21:03 - 00001338 _____ C:\Users\Public\Desktop\Freemake Video Downloader.lnk
2017-04-13 21:03 - 2017-04-13 21:03 - 00000000 ____D C:\Users\Phillip\Desktop\Freemake Shared
2017-04-13 21:03 - 2017-04-13 21:03 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2017-04-13 21:03 - 2017-04-13 21:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2017-04-13 21:03 - 2017-04-13 21:03 - 00000000 ____D C:\Program Files (x86)\Freemake
2017-04-13 21:00 - 2017-04-13 21:01 - 18796032 _____ ( ) C:\Users\Phillip\Downloads\FreemakeVideoDownloaderFull.exe
2017-04-13 10:20 - 2017-04-13 10:20 - 63918174 _____ C:\Users\Phillip\Downloads\Blossoms in the Wind The Human Legacy of the Kamikaze.pdf
2017-04-12 11:40 - 2017-03-27 14:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-04-12 11:40 - 2017-03-27 13:28 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-04-12 11:40 - 2017-03-25 15:39 - 20284416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-04-12 11:40 - 2017-03-25 15:07 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-04-12 11:40 - 2017-03-25 15:06 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-04-12 11:40 - 2017-03-25 14:55 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-04-12 11:40 - 2017-03-25 14:52 - 02289152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-04-12 11:40 - 2017-03-25 14:51 - 01313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-04-12 11:40 - 2017-03-25 14:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-04-12 11:40 - 2017-03-25 14:46 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-04-12 11:40 - 2017-03-25 14:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-04-12 11:40 - 2017-03-25 14:10 - 02898432 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-04-12 11:40 - 2017-03-25 13:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-04-12 11:40 - 2017-03-25 13:52 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-04-12 11:40 - 2017-03-25 13:41 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-04-12 11:40 - 2017-03-25 13:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-04-12 11:40 - 2017-03-25 12:59 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-04-12 11:40 - 2017-03-25 12:57 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-04-12 11:40 - 2017-03-25 12:28 - 15259136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-04-12 11:40 - 2017-03-25 12:27 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-04-12 11:40 - 2017-03-25 12:24 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-04-12 11:40 - 2017-03-25 12:10 - 01546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-04-12 11:40 - 2017-03-24 18:50 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-04-12 11:40 - 2017-03-24 18:42 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-04-12 11:40 - 2017-03-22 11:32 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-04-12 11:40 - 2017-03-22 11:17 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-12 11:40 - 2017-03-22 11:15 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-12 11:40 - 2017-03-22 11:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-04-12 11:40 - 2017-03-14 11:34 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-04-12 11:40 - 2017-03-14 11:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-04-12 11:40 - 2017-03-10 12:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-12 11:40 - 2017-03-10 12:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-12 11:40 - 2017-03-10 12:00 - 03219968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-04-12 11:40 - 2017-03-08 16:20 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-04-12 11:40 - 2017-03-08 16:10 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-04-12 11:40 - 2017-03-08 00:37 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-04-12 11:40 - 2017-03-08 00:36 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-04-12 11:40 - 2017-03-08 00:36 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-04-12 11:40 - 2017-03-08 00:36 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-04-12 11:40 - 2017-03-08 00:36 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-04-12 11:40 - 2017-03-08 00:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-04-12 11:40 - 2017-03-08 00:33 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-04-12 11:40 - 2017-03-08 00:26 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-04-12 11:40 - 2017-03-08 00:26 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-04-12 11:40 - 2017-03-08 00:24 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-04-12 11:40 - 2017-03-08 00:22 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-04-12 11:40 - 2017-03-07 12:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-12 11:40 - 2017-03-07 12:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-12 11:40 - 2017-03-07 10:05 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-04-12 11:40 - 2017-03-03 21:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-12 11:40 - 2017-03-03 21:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-12 11:40 - 2017-03-03 21:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-12 11:40 - 2017-03-03 21:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-04-12 11:40 - 2017-02-14 12:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-04-12 11:40 - 2017-02-14 12:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-04-12 11:40 - 2017-02-09 12:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-04-12 11:40 - 2017-02-09 12:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-04-12 11:40 - 2017-02-09 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-12 11:40 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-12 11:39 - 2017-03-25 14:48 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-04-12 11:39 - 2017-03-25 14:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-04-12 11:39 - 2017-03-25 14:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-04-12 11:39 - 2017-03-25 14:46 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-04-12 11:39 - 2017-03-25 14:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-04-12 11:39 - 2017-03-25 14:46 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-04-12 11:39 - 2017-03-25 14:46 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-04-12 11:39 - 2017-03-25 14:46 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-04-12 11:39 - 2017-03-25 14:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-04-12 11:39 - 2017-03-25 14:45 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-04-12 11:39 - 2017-03-25 14:45 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-04-12 11:39 - 2017-03-25 14:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-04-12 11:39 - 2017-03-25 14:45 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-04-12 11:39 - 2017-03-25 14:45 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-04-12 11:39 - 2017-03-25 14:45 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-04-12 11:39 - 2017-03-25 14:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-04-12 11:39 - 2017-03-25 14:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-04-12 11:39 - 2017-03-25 14:44 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-04-12 11:39 - 2017-03-25 14:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-04-12 11:39 - 2017-03-25 14:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-04-12 11:39 - 2017-03-25 14:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-04-12 11:39 - 2017-03-25 14:14 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-04-12 11:39 - 2017-03-25 14:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-04-12 11:39 - 2017-03-25 14:13 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-04-12 11:39 - 2017-03-25 14:13 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-04-12 11:39 - 2017-03-25 14:04 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-04-12 11:39 - 2017-03-25 14:02 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-04-12 11:39 - 2017-03-25 13:57 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-04-12 11:39 - 2017-03-25 13:56 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-04-12 11:39 - 2017-03-25 13:56 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-04-12 11:39 - 2017-03-25 13:56 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-04-12 11:39 - 2017-03-25 13:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-12 11:39 - 2017-03-25 13:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-04-12 11:39 - 2017-03-25 13:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-12 11:39 - 2017-03-25 13:29 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-04-12 11:39 - 2017-03-25 13:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-04-12 11:39 - 2017-03-25 13:23 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-04-12 11:39 - 2017-03-25 13:20 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-04-12 11:39 - 2017-03-25 13:19 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-04-12 11:39 - 2017-03-25 13:17 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-04-12 11:39 - 2017-03-25 13:06 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-04-12 11:39 - 2017-03-25 13:00 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-04-12 11:39 - 2017-03-25 12:57 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-04-12 11:39 - 2017-03-25 12:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-04-12 11:39 - 2017-03-22 11:32 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-04-12 11:39 - 2017-03-22 11:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-04-12 11:39 - 2017-03-22 11:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-04-12 11:39 - 2017-03-22 11:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-04-12 11:39 - 2017-03-22 11:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-04-12 11:39 - 2017-03-22 11:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-04-12 11:39 - 2017-03-22 11:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-04-12 11:39 - 2017-03-22 11:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-04-12 11:39 - 2017-03-22 11:15 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-04-12 11:39 - 2017-03-22 11:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-04-12 11:39 - 2017-03-22 11:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-04-12 11:39 - 2017-03-22 11:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-04-12 11:39 - 2017-03-14 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-04-12 11:39 - 2017-03-10 12:31 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-04-12 11:39 - 2017-03-10 12:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-12 11:39 - 2017-03-10 12:31 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-04-12 11:39 - 2017-03-10 12:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-04-12 11:39 - 2017-03-10 12:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-04-12 11:39 - 2017-03-10 12:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-04-12 11:39 - 2017-03-10 12:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-04-12 11:39 - 2017-03-10 11:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-04-12 11:39 - 2017-03-08 00:22 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-12 11:39 - 2017-03-08 00:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-04-12 11:39 - 2017-03-08 00:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-04-12 11:39 - 2017-03-08 00:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-04-12 11:39 - 2017-03-08 00:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-04-12 11:39 - 2017-03-08 00:00 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-04-12 11:39 - 2017-03-07 23:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-04-12 11:39 - 2017-03-07 23:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-04-12 11:39 - 2017-03-07 23:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-04-12 11:39 - 2017-03-07 23:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-04-12 11:39 - 2017-03-07 23:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-04-12 11:39 - 2017-03-07 23:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-04-12 11:39 - 2017-03-07 23:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-04-12 11:39 - 2017-03-07 23:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-04-12 11:39 - 2017-03-07 23:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-04-12 11:39 - 2017-03-07 23:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-04-12 11:39 - 2017-03-07 23:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-04-12 11:39 - 2017-03-07 23:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-04-12 11:39 - 2017-03-07 23:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-12 11:39 - 2017-03-07 23:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-12 11:39 - 2017-03-07 23:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-12 11:39 - 2017-03-07 23:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-12 11:39 - 2017-02-11 12:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-04-12 11:39 - 2017-02-11 12:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-04-12 11:39 - 2016-03-23 18:40 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-04-12 11:39 - 2016-03-23 18:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-04-08 08:23 - 2017-04-08 08:23 - 00276008 _____ C:\Windows\Minidump\040817-27580-01.dmp
2017-04-04 08:23 - 2017-04-04 08:22 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-04-01 18:53 - 2017-04-01 18:53 - 11061478 _____ C:\Users\Phillip\Downloads\Video.MOV
2017-03-31 08:45 - 2017-04-14 19:33 - 00004431 _____ C:\Users\Phillip\Documents\newsbin.nbi.bak
2017-03-31 08:35 - 2017-03-31 08:35 - 00000000 ____D C:\Users\Phillip\Documents\Temp
2017-03-31 08:35 - 2017-03-31 08:35 - 00000000 ____D C:\Users\Phillip\Documents\Import
2017-03-31 08:35 - 2017-03-31 08:35 - 00000000 ____D C:\Users\Phillip\Documents\Images
2017-03-31 08:35 - 2017-03-31 08:35 - 00000000 ____D C:\Users\Phillip\Documents\Chunks
2017-03-22 17:21 - 2017-03-22 17:21 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-03-22 17:21 - 2017-03-22 17:21 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-03-22 17:21 - 2017-03-22 17:21 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-20 19:43 - 2016-11-12 08:31 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-04-20 18:35 - 2009-07-14 00:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-20 18:35 - 2009-07-14 00:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-20 18:28 - 2016-11-12 08:34 - 00000000 ___RD C:\Users\Phillip\Dropbox
2017-04-20 18:26 - 2016-11-12 08:31 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-04-20 18:26 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-20 18:18 - 2017-03-15 15:18 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-04-20 18:12 - 2016-11-12 08:31 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-04-19 18:35 - 2016-02-18 21:43 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\Google
2017-04-19 14:31 - 2010-02-26 09:41 - 00002197 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-19 14:15 - 2017-02-08 10:00 - 523685609 _____ C:\Windows\MEMORY.DMP
2017-04-19 14:15 - 2015-12-22 15:31 - 00000000 ____D C:\Windows\Minidump
2017-04-18 08:47 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2017-04-17 19:21 - 2015-11-25 18:29 - 00000000 ____D C:\Users\Phillip\AppData\Local\Google
2017-04-17 12:32 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2017-04-17 10:53 - 2016-07-25 05:54 - 00000000 ____D C:\Users\Phillip
2017-04-17 10:51 - 2015-12-03 20:00 - 00000000 ____D C:\ProgramData\HitmanPro
2017-04-16 10:20 - 2009-07-29 01:20 - 00000000 ____D C:\Windows\log
2017-04-16 10:06 - 2015-12-03 19:47 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-16 09:53 - 2016-02-19 22:12 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-16 09:53 - 2016-02-19 22:12 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-16 09:53 - 2016-02-19 22:12 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-16 09:53 - 2010-02-26 10:03 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-16 09:46 - 2016-12-30 13:28 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-04-15 18:18 - 2009-07-14 01:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-15 18:18 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-04-15 16:57 - 2017-03-03 18:15 - 00000000 ____D C:\Users\Phillip\Downloads\GrabIt Downloads
2017-04-15 16:50 - 2017-03-03 17:15 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\GrabIt
2017-04-15 16:35 - 2015-11-25 21:48 - 00000000 ____D C:\Users\Phillip\Documents\Calibre Library
2017-04-14 19:33 - 2017-02-26 10:07 - 00000000 ____D C:\Users\Phillip\AppData\Local\Newsbin
2017-04-14 19:33 - 2017-02-26 10:06 - 00004431 _____ C:\Users\Phillip\Documents\newsbin.nbi.old
2017-04-14 19:33 - 2017-02-26 10:06 - 00004431 _____ C:\Users\Phillip\Documents\newsbin.nbi
2017-04-13 10:18 - 2017-02-20 18:34 - 00000985 _____ C:\Users\Phillip\Desktop\GrabIt.lnk
2017-04-13 10:18 - 2017-02-20 18:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GrabIt
2017-04-13 10:18 - 2017-02-20 18:34 - 00000000 ____D C:\Program Files (x86)\GrabIt
2017-04-13 08:03 - 2017-01-23 08:46 - 00478752 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-13 07:47 - 2015-11-29 16:54 - 00000000 ____D C:\Windows\system32\MRT
2017-04-13 07:43 - 2015-11-29 16:54 - 148601744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-04-13 07:39 - 2015-12-16 22:21 - 00765700 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-04-12 11:26 - 2017-01-05 10:13 - 00000000 ____D C:\Users\Phillip\Documents\RBC US
2017-04-11 17:35 - 2016-07-28 19:49 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d1e92ab36a59e7
2017-04-11 17:35 - 2016-07-28 19:49 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1e92ab3177dc0
2017-04-04 20:06 - 2016-03-23 07:45 - 00003896 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458733531
2017-04-04 08:22 - 2017-03-15 15:18 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-04-04 08:22 - 2017-03-15 15:18 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-04-04 08:22 - 2017-03-15 15:18 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-04-04 08:22 - 2017-03-15 15:18 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-04-04 08:22 - 2016-03-23 07:45 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 00127112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-04-04 08:22 - 2015-11-25 19:11 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-03-31 14:11 - 2017-03-03 17:31 - 00000000 ____D C:\Users\Phillip\.pan2
2017-03-31 08:37 - 2017-02-26 10:07 - 00000000 ____D C:\Users\Phillip\Documents\Newsbin
2017-03-29 20:11 - 2015-11-25 20:27 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\calibre

==================== Files in the root of some directories =======

2017-02-20 18:40 - 2017-02-20 18:40 - 0000292 _____ () C:\Users\Phillip\AppData\Local\HamsterBookConverter.cfg
2017-03-03 17:53 - 2017-03-03 17:53 - 0000703 _____ () C:\Users\Phillip\AppData\Local\recently-used.xbel
2010-02-26 09:56 - 2009-09-10 13:06 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-02-26 09:36 - 2010-02-26 09:36 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-02-26 09:35 - 2010-02-26 09:36 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-06 19:07

==================== End of FRST.txt ============================
phillip245
Regular Member
 
Posts: 18
Joined: April 16th, 2017, 6:17 pm

Re: S.pmddBy.com Highjacker

Unread postby mAL_rEm018 » April 21st, 2017, 8:32 am

Hi Phillip,

Please be careful when following my instructions. I asked you to run a search using FRST, not a scan. Here are the instructions again:

  • Double click Frst.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;Istartsurf;kelkoopartners;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wordinator;WordSurfer

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... SearchReg.txt
    • Please post it in your next reply.


-----------------------------------------
In your next reply, I would like to see..
  • SearchReg.txt
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: S.pmddBy.com Highjacker

Unread postby phillip245 » April 21st, 2017, 8:50 am

mAL: thanks for keeping on the straight I read things some time and assume they are correct . I believe this is the right file.

Thanks
Phillip


Farbar Recovery Scan Tool (x64) Version: 20-04-2017
Ran by Phillip (21-04-2017 08:44:34)
Running from C:\Users\Phillip\Desktop
Boot Mode: Normal

================== Search Registry: "babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;Istartsurf;kelkoopartners;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wordinator;WordSurfer" ===========


===================== Search result for "babylon" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

====== End of Search ======
phillip245
Regular Member
 
Posts: 18
Joined: April 16th, 2017, 6:17 pm

Re: S.pmddBy.com Highjacker

Unread postby mAL_rEm018 » April 22nd, 2017, 4:26 am

Hi Phillip,

PUP (Potentially Unwanted Programs)
  • Coupon Printer for Windows
  • Freemake Video Downloader

Potentially Unwanted Programs (PUP) are software that have unpredictable behaviour and/or might have been installed on your computer without your direct consent. You might have installed them willingly, in which case feel free to keep them. However, if you did not I advise you to remove them by following the instructions below...


Removing a program in Windows 7
  • Click the Star Menu and select Control Panel.
  • Click Programs, then Programs and Features.
  • Select the following programs:
    • Coupon Printer for Windows
    • Freemake Video Downloader
  • Select Uninstall.
  • When prompted select Yes.
  • Answer any questions attentively.
  • When the process is finished, please restart your computer.
Note: you can only remove one program at a time.

Next..

Adwcleaner
  • Close all your programs and right-click AdwCleaner.exe and select Run as administrator.
  • Click on Scan.
  • After the scan is over, uncheck the following entry (Only if you wish to keep Freemake Video Downloader)
    Folder Found: C:\Users\Phillip\Desktop\freemake shared
  • Select Clean.
  • Note: All programs will be closed and your computer will be rebooted, therefore I advise you to save any unsaved work.
  • A notepad window will open. Please copy/paste the contents in your next reply.



-----------------------------------------
In your next reply, I would like to see..
  • Did you encounter any problem while following my instructions?
  • Did you keep or remove the programs mentioned?
  • Adwcleaner report
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: S.pmddBy.com Highjacker

Unread postby phillip245 » April 22nd, 2017, 8:46 am

mAL: I did not have any concerns with deleting ◦Coupon Printer for Windows, when I deleted ◦Freemake Video Downloader from Control Panel it would not delete it all I went to the directory and deleted it manually.
2) I did not keep Free make downloader.
3) Is there a You tube video downloader you would recommend.

Thanks
Phillip

# AdwCleaner v6.045 - Logfile created 22/04/2017 at 08:23:55
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-22.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Phillip - PHILLIP-PC
# Running from : C:\Users\Phillip\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: Partner Service


***** [ Folders ] *****

[-] Folder deleted: C:\Users\Phillip\Desktop\freemake shared
[-] Folder deleted: C:\ProgramData\Partner
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Partner
[-] Folder deleted: C:\Users\Phillip\AppData\Roaming\browsers


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\services\partner service
[-] Key deleted: HKLM\SOFTWARE\Classes\kt_bho.KettleBho
[-] Key deleted: HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\kt_bho.KettleBho
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll


***** [ Web browsers ] *****

[-] [C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: cmclajginlihohopoeofghddnhpplhom


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3204 Bytes] - [22/04/2017 08:23:55]
C:\AdwCleaner\AdwCleaner[S0].txt - [3230 Bytes] - [20/04/2017 19:13:33]
C:\AdwCleaner\AdwCleaner[S1].txt - [3302 Bytes] - [20/04/2017 19:28:38]
C:\AdwCleaner\AdwCleaner[S2].txt - [3376 Bytes] - [22/04/2017 08:21:31]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3496 Bytes] ##########
phillip245
Regular Member
 
Posts: 18
Joined: April 16th, 2017, 6:17 pm

Re: S.pmddBy.com Highjacker

Unread postby mAL_rEm018 » April 22nd, 2017, 9:30 pm

Hi Phillip,

phillip245 wrote:Is there a You tube video downloader you would recommend.

I don't know of any good Youtube downloader, but I will say that most of them are usually bundled with adware and PUPs. I would stay away from those types of programs if I were you.


Please run the following fix..

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.
Code: Select all
CreateRestorePoint:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4193585031-2840196977-3773957042-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-4193585031-2840196977-3773957042-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [107520 2016-10-21] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2016-10-21] (Ellora Assets Corp.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 tmlwf; no ImagePath
U3 tmwfp; no ImagePath
2017-04-13 21:03 - 2017-04-13 21:07 - 00000000 ____D C:\Users\Phillip\Documents\Freemake
2017-04-13 21:03 - 2017-04-13 21:04 - 00000000 ____D C:\ProgramData\Freemake
2017-04-13 21:03 - 2017-04-13 21:03 - 00001338 _____ C:\Users\Public\Desktop\Freemake Video Downloader.lnk
2017-04-13 21:03 - 2017-04-13 21:03 - 00000000 ____D C:\Users\Phillip\Desktop\Freemake Shared
2017-04-13 21:03 - 2017-04-13 21:03 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2017-04-13 21:03 - 2017-04-13 21:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2017-04-13 21:03 - 2017-04-13 21:03 - 00000000 ____D C:\Program Files (x86)\Freemake
2017-04-13 21:00 - 2017-04-13 21:01 - 18796032 _____ ( ) C:\Users\Phillip\Downloads\FreemakeVideoDownloaderFull.exe
2010-02-26 09:56 - 2009-09-10 13:06 - 0131368 _____ () C:\ProgramData\FullRemove.exe
Task: {02F0A926-339E-4DF3-B9C6-230D076AEE56} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {E2792AB7-9482-4691-A28C-967800B9696D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4193585031-2840196977-3773957042-1002
Task: {EEE8E8CC-380D-4DFF-A11C-028A72A43E28} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]

Hosts:
EmptyTemp:
CMD: ipconfig /flushdns

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Next..


Please disable your Antivirus as shown in the following topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Close all opened programs, open your browser and go to the following link: ESET Online Scanner.
  • Click on the SCAN NOW button under ESET Online Scanner.
    • Depending on which browser you are using, you might be prompted to download an executable file.
    • Please save it to your desktop.
    • Right-click on esetonlinescanner_enu.exe and select Run as administrator.
    • If you agree to the Terms of use, select Accept to continue.
  • Please check the following option:
    • Enable detection of potentially unwanted applications
  • Select Advanced settings and ensure that the following options are checked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Make sure that the following option is NOT checked: => Very important!
    • Clean threats automatically
  • Click Scan and the process will now begin. Please do not use your computer while the scan is running.
  • Once the scan is completed, click Copy to clipboard.
  • Open the Start menu and type notepad.exe in the search programs and files box.
  • Press Enter. A blank Notepad page should open, paste the contents inside the window.
  • Save the file as ESETScan.txt.
  • Please copy/paste the contents of ESETScan.txt in your next reply.
  • You can now safely close the program.
    Do not forget to re-activate your Antivirus at this point.


-----------------------------------------
In your next reply, I would like to see..
  • Did you encounter any problem while following my instructions?
  • fixlog.txt
  • ESETScan.txt
  • How is your computer behaving?
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 299 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware