Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection by Trojan-PoweLike!bat via bogus Firefox update


  • This topic is locked This topic is locked
18 replies to this topic

#1 swan36fc

swan36fc

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 13 October 2016 - 10:06 AM

This occurred on on FRI, Oct 7.  I run Windows 7.  McAfee detects this Trojan and deletes it every few seconds.

 

Farbar log from last night is pasted below; addition file attached.

 

Thanks!!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-10-2016
Ran by Alex (administrator) on ALEX-PC (12-10-2016 19:57:01)
Running from C:\Users\Alex\Downloads
Loaded Profiles: Alex & UpdatusUser (Available Profiles: Alex & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
() C:\Program Files\Cambridge Audio\USB Audio 2 Driver\cpl.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Dropbox, Inc.) C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Acer Inc.) C:\Program Files (x86)\Acer\clear.fi Client\ExtractDeviceIcon.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\makecab.exe
() C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officec2rclient.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-02-09] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [iRiver Updater] => \Updater.exe [212992 2004-07-01] (Moodlogic)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [337440 2013-12-04] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [244080 2015-08-20] (McAfee, Inc.)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\Run: [SoftAuto.exe] => C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe [405504 2008-08-12] (Creative Technology Ltd)
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\Run: [Dropbox Update] => C:\Users\Alex\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1402792 2016-08-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\Run: [**zvhcwhfhzv<*>] => "C:\Windows\system32\mshta.exe" javascript:R4QzUp="eUL9hOmi";W9I=new%20ActiveXObject("WScript.Shell");Tr8HWat="T";F6i8cm=W9I.RegRead("HKCU\\software\\rpts\\uyddzvkx");uQcAwyU8="Ze";eval(F6i8cm);obY1Bo (the data entry has 9 more characters). <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\Run: [**nsufv<*>] => "C:\Users\Alex\AppData\Local\7b50\77f1.lnk" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\MountPoints2: {173e13cf-0089-11e2-b043-806e6f6e6963} - E:\unlock.exe autoplay=true
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\MountPoints2: {8ebb0b21-c064-11e0-bcb7-f80f411af283} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\MountPoints2: {f0f80b30-f0c0-11e1-8409-f80f411af283} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Acer.scr [456224 2010-07-29] ()
HKU\S-1-5-21-1282236500-1533785801-392934604-1003\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1282236500-1533785801-392934604-1003\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\S-1-5-21-1282236500-1533785801-392934604-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Acer.scr [456224 2010-07-29] ()
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1402792 2016-08-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8127.lnk [2016-10-11]
ShortcutTarget: 8127.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-10-06]
ShortcutTarget: Dropbox.lnk -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CA Panel Autostart.lnk [2016-10-01]
ShortcutTarget: CA Panel Autostart.lnk -> C:\Program Files\Cambridge Audio\USB Audio 2 Driver\cpl.exe ()
BootExecute: autocheck autochk * bootdelete
GroupPolicyScripts-x32: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{3580D70A-C806-4F28-902C-DAE39CDB2602}: [DhcpNameServer] 208.180.42.68 208.180.42.100

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-1282236500-1533785801-392934604-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKU\S-1-5-21-1282236500-1533785801-392934604-1001 - (No Name) - {6d474053-6aea-476f-af1a-840e7bbd0edb} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtC0A0FtBzztA0B0DyC0EtN0D0Tzu0SzztDzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtD0DtB0D0AyEyCtG0ByD0C0DtGyD0D0DzztGyE0EtCzztGtC0FyDyC0A0C0D0DyEtCyB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0F0EtCtA0F0AyEtGtD0A0ByCtGzytC0ByCtGyC0CyEzztGyCtAtAyE0ByE0EzytAtCyEzz2Q&cr=169463379&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtC0A0FtBzztA0B0DyC0EtN0D0Tzu0SzztDzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtD0DtB0D0AyEyCtG0ByD0C0DtGyD0D0DzztGyE0EtCzztGtC0FyDyC0A0C0D0DyEtCyB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0F0EtCtA0F0AyEtGtD0A0ByCtGzytC0ByCtGyC0CyEzztGyCtAtAyE0ByE0EzytAtCyEzz2Q&cr=169463379&ir=
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1282236500-1533785801-392934604-1001 -> DefaultScope {A13C856D-6924-42A2-9CDA-81376381E1E3} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B014US662D20131009&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1282236500-1533785801-392934604-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtC0A0FtBzztA0B0DyC0EtN0D0Tzu0SzztDzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtD0DtB0D0AyEyCtG0ByD0C0DtGyD0D0DzztGyE0EtCzztGtC0FyDyC0A0C0D0DyEtCyB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0F0EtCtA0F0AyEtGtD0A0ByCtGzytC0ByCtGyC0CyEzztGyCtAtAyE0ByE0EzytAtCyEzz2Q&cr=169463379&ir=
SearchScopes: HKU\S-1-5-21-1282236500-1533785801-392934604-1001 -> {A13C856D-6924-42A2-9CDA-81376381E1E3} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B014US662D20131009&p={SearchTerms}
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-08-16] (Microsoft Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20161010220631.dll [2016-10-10] (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-08-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2016-07-26] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14] (CANON INC.)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20161010220632.dll [2016-10-10] (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL [2016-08-09] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-1282236500-1533785801-392934604-1001 -> No Name - {6D474053-6AEA-476F-AF1A-840E7BBD0EDB} -  No File
Toolbar: HKU\S-1-5-21-1282236500-1533785801-392934604-1001 -> No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
Toolbar: HKU\S-1-5-21-1282236500-1533785801-392934604-1001 -> No Name - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} -  No File
Toolbar: HKU\S-1-5-21-1282236500-1533785801-392934604-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKU\S-1-5-21-1282236500-1533785801-392934604-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: sse0r1b1.default-1395320717338
FF ProfilePath: C:\Users\Alex\AppData\Roaming\MP3-Xtreme\Profiles\s552zv9g.default [2016-03-16]
FF Extension: (Artwork Extras) - C:\Program Files (x86)\MP3-Xtreme 5.0\extensions\albumart@songbirdnest.com [2012-02-23] [not signed]
FF Extension: (Chromibird) - C:\Program Files (x86)\MP3-Xtreme 5.0\extensions\cb@cb [2012-02-23] [not signed]
FF Extension: (Search) - C:\Program Files (x86)\MP3-Xtreme 5.0\extensions\extendedlibrary@mp3x [2012-02-23] [not signed]
FF Extension: (Video Downloader) - C:\Program Files (x86)\MP3-Xtreme 5.0\extensions\ft@ft [2012-02-23] [not signed]
FF Extension: (gonzo) - C:\Program Files (x86)\MP3-Xtreme 5.0\extensions\gonzo@songbirdnest.com [2012-02-23] [not signed]
FF Extension: (Purple Rain) - C:\Program Files (x86)\MP3-Xtreme 5.0\extensions\purplerain@songbirdnest.com [2012-02-23] [not signed]
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\sse0r1b1.default-1395320717338 [2016-10-11]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\sse0r1b1.default-1395320717338 -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\sse0r1b1.default-1395320717338 -> Google
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: (McAfee ScriptScan for Firefox) - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2016-10-10] [not signed]
FF HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\Firefox\Extensions: [uc@uc.com] - C:\Program Files (x86)\Unfriend Checker\FF => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2014-04-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-01-26] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-01-26] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-11-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1282236500-1533785801-392934604-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll [2012-08-28] (Amazon.com, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default [2016-10-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3192560 2016-07-26] (Microsoft Corporation)
R2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [928272 2016-08-31] (Garmin Ltd. or its subsidiaries)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [127520 2013-12-04] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [262544 2016-10-10] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [208936 2015-08-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2016-10-10] (McAfee, Inc.)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 causbaudio; C:\Windows\System32\DRIVERS\causbaudio_x64.sys [251296 2016-10-01] ()
S3 causbaudioks; C:\Windows\System32\DRIVERS\causbaudioks_x64.sys [52640 2016-10-01] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2016-10-11] ()
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2016-10-10] (McAfee, Inc.)
R3 mfeaacsk; C:\Windows\System32\drivers\mfeaacsk.sys [64416 2016-10-10] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2016-10-10] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2016-10-10] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2016-10-10] (McAfee, Inc.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [66080 2016-10-10] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [114880 2016-10-10] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2016-10-10] (McAfee, Inc.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2008-05-06] (Western Digital Technologies) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-11 18:49 - 2016-10-11 18:49 - 00003352 ____N C:\bootsqm.dat
2016-10-11 18:48 - 2016-10-11 18:48 - 00000000 __SHD C:\found.000
2016-10-11 18:26 - 2016-10-12 19:58 - 00029450 _____ C:\Users\Alex\Downloads\FRST.txt
2016-10-11 18:25 - 2016-10-12 19:57 - 00000000 ____D C:\FRST
2016-10-11 18:24 - 2016-10-11 18:25 - 02407424 _____ (Farbar) C:\Users\Alex\Downloads\FRST64.exe
2016-10-11 07:22 - 2016-10-11 07:22 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2016-10-11 07:15 - 2016-10-11 07:15 - 00050988 _____ C:\Windows\system32\.crusader
2016-10-11 06:52 - 2016-10-11 07:20 - 00000000 ____D C:\ProgramData\HitmanPro
2016-10-11 06:51 - 2016-10-11 06:52 - 11579432 _____ (SurfRight B.V.) C:\Users\Alex\Downloads\hitmanpro_x64.exe
2016-10-11 06:41 - 2016-10-12 19:45 - 00000000 ____D C:\Users\Alex\AppData\Local\7b50
2016-10-11 06:39 - 2016-10-11 06:43 - 00000000 ____D C:\Users\Alex\AppData\Local\0000000000000
2016-10-10 22:15 - 2016-10-12 19:45 - 00000000 ____D C:\QUARANTINE
2016-10-10 22:06 - 2016-10-10 22:04 - 00875928 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2016-10-10 22:06 - 2016-10-10 22:04 - 00496888 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfefirek.sys
2016-10-10 22:06 - 2016-10-10 22:04 - 00412440 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeaack.sys
2016-10-10 22:06 - 2016-10-10 22:04 - 00347800 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeavfk.sys
2016-10-10 22:06 - 2016-10-10 22:04 - 00122928 _____ (McAfee, Inc.) C:\Windows\system32\MfeOtlkAddin.dll
2016-10-10 22:06 - 2016-10-10 22:04 - 00114880 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mferkdet.sys
2016-10-10 22:06 - 2016-10-10 22:04 - 00066080 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeplk.sys
2016-10-10 22:06 - 2016-10-10 22:04 - 00064416 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeaacsk.sys
2016-10-10 22:06 - 2016-10-10 22:04 - 00052688 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeclnk.sys
2016-10-10 22:06 - 2016-10-10 22:03 - 00094600 _____ (McAfee, Inc.) C:\Windows\SysWOW64\MfeOtlkAddin.dll
2016-10-10 22:06 - 2016-10-10 22:03 - 00025088 _____ (McAfee, Inc.) C:\Windows\SysWOW64\MFEOtlk.dll
2016-10-10 22:04 - 2016-10-10 22:04 - 00344704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfewfpk.sys
2016-10-10 22:04 - 2016-10-10 22:04 - 00254792 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2016-10-10 22:04 - 2016-10-10 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-10-10 21:59 - 2016-10-10 21:59 - 00000000 ____D C:\Users\Alex\Downloads\VSE880LMLRP6
2016-10-10 21:51 - 2016-10-10 21:53 - 45738925 _____ C:\Users\Alex\Downloads\VSE880LMLRP6.zip
2016-10-08 20:03 - 2016-10-08 20:03 - 01362227 _____ C:\nanosigs_1_20161008_082433.xml
2016-10-08 20:03 - 2016-10-08 20:03 - 00000734 _____ C:\catalog.xml
2016-10-08 16:00 - 2016-10-08 16:00 - 00000000 ____D C:\Users\Alex\AppData\Roaming\10ac
2016-10-06 20:40 - 2016-10-06 20:40 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-01 10:51 - 2012-09-06 11:06 - 00126976 _____ (Thesycon GmbH) C:\ProgramData\CNED978.tmp
2016-10-01 10:42 - 2016-10-01 10:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cambridge Audio
2016-10-01 10:42 - 2016-10-01 10:42 - 00000000 ____D C:\Program Files\Cambridge Audio
2016-10-01 10:42 - 2016-10-01 10:34 - 00251296 _____ () C:\Windows\system32\Drivers\causbaudio_x64.sys
2016-10-01 10:42 - 2016-10-01 10:34 - 00052640 _____ () C:\Windows\system32\Drivers\causbaudioks_x64.sys
2016-10-01 10:33 - 2016-10-01 10:34 - 00000000 ____D C:\Users\Alex\Downloads\usb2.0-driver-v1.67.0-1383042402
2016-10-01 10:33 - 2016-10-01 10:34 - 00000000 ____D C:\Users\Alex\Desktop\USB2.0 driver v1.67.0
2016-10-01 09:14 - 2016-10-01 09:14 - 02874376 _____ C:\Users\Alex\Downloads\usb2.0-driver-v1.67.0-1383042402.zip
2016-10-01 08:42 - 2016-10-01 08:42 - 00000000 ____D C:\Users\Alex\Downloads\USB2.0 driver v3.26.0
2016-10-01 08:42 - 2016-10-01 08:42 - 00000000 ____D C:\Users\Alex\Desktop\USB2.0 driver v3.26.0
2016-10-01 08:41 - 2016-10-01 08:41 - 02238708 _____ C:\Users\Alex\Downloads\USB2.0 driver v3.26.0.zip
2016-09-29 21:41 - 2016-09-29 21:48 - 146496630 _____ C:\Users\Alex\Downloads\Kansas - The Prelude Implicit.zip
2016-09-29 21:32 - 2016-09-29 21:40 - 105716318 _____ C:\Users\Alex\Downloads\The Beatles - Live At The Hollywood Bowl (Remastered Deluxe).zip
2016-09-28 22:32 - 2016-10-10 22:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-20 17:16 - 2016-08-05 10:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-09-20 17:16 - 2016-08-05 10:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-09-14 16:52 - 2016-09-01 14:26 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-09-14 16:52 - 2016-09-01 13:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-09-14 16:52 - 2016-08-31 22:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-09-14 16:52 - 2016-08-31 22:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-09-14 16:52 - 2016-08-31 21:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-09-14 16:52 - 2016-08-31 21:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-09-14 16:52 - 2016-08-31 21:46 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-09-14 16:52 - 2016-08-31 21:46 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-09-14 16:52 - 2016-08-31 21:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-09-14 16:52 - 2016-08-31 21:34 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-09-14 16:52 - 2016-08-31 21:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-09-14 16:52 - 2016-08-31 21:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-09-14 16:52 - 2016-08-31 21:26 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-09-14 16:52 - 2016-08-31 21:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-09-14 16:52 - 2016-08-31 21:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-09-14 16:52 - 2016-08-31 21:23 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-09-14 16:52 - 2016-08-31 21:08 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-09-14 16:52 - 2016-08-31 20:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-09-14 16:52 - 2016-08-31 20:57 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-09-14 16:52 - 2016-08-31 20:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-09-14 16:52 - 2016-08-31 20:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-09-14 16:52 - 2016-08-31 20:48 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-09-14 16:52 - 2016-08-31 20:45 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-09-14 16:52 - 2016-08-31 20:34 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-09-14 16:52 - 2016-08-31 20:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-09-14 16:52 - 2016-08-31 20:29 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-09-14 16:52 - 2016-08-31 20:29 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-09-14 16:52 - 2016-08-31 20:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-09-14 16:52 - 2016-08-31 20:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-09-14 16:52 - 2016-08-31 19:45 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-14 16:52 - 2016-08-31 19:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-09-14 16:52 - 2016-08-31 19:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-09-14 16:52 - 2016-08-31 19:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-09-14 16:52 - 2016-08-31 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-09-14 16:52 - 2016-08-31 19:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-09-14 16:52 - 2016-08-31 19:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-09-14 16:52 - 2016-08-31 19:24 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-14 16:52 - 2016-08-31 19:24 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-14 16:52 - 2016-08-31 19:24 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-09-14 16:52 - 2016-08-31 19:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-09-14 16:52 - 2016-08-31 19:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-09-14 16:52 - 2016-08-31 19:16 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-09-14 16:52 - 2016-08-31 19:15 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-09-14 16:52 - 2016-08-31 19:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-09-14 16:52 - 2016-08-31 19:11 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-09-14 16:52 - 2016-08-31 19:11 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-09-14 16:52 - 2016-08-31 19:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-14 16:52 - 2016-08-31 19:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-09-14 16:52 - 2016-08-31 19:06 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-14 16:52 - 2016-08-31 19:03 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-09-14 16:52 - 2016-08-31 18:59 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-09-14 16:52 - 2016-08-31 18:51 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-09-14 16:52 - 2016-08-31 18:50 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-09-14 16:52 - 2016-08-31 18:47 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-09-14 16:52 - 2016-08-31 18:46 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-09-14 16:52 - 2016-08-31 18:44 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-09-14 16:52 - 2016-08-31 18:42 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-09-14 16:52 - 2016-08-31 18:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-09-14 16:52 - 2016-08-31 18:29 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-09-14 16:52 - 2016-08-31 18:28 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-14 16:52 - 2016-08-31 18:27 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-09-14 16:52 - 2016-08-31 18:26 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-09-14 16:52 - 2016-08-31 18:15 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-14 16:52 - 2016-08-31 18:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-14 16:52 - 2016-08-31 17:58 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-14 16:52 - 2016-08-31 17:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-14 16:52 - 2016-08-12 11:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-14 16:52 - 2016-08-12 11:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-14 16:52 - 2016-08-12 11:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-14 16:50 - 2016-09-02 10:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-09-14 16:50 - 2016-09-02 10:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-14 16:50 - 2016-09-02 10:35 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-09-14 16:50 - 2016-09-02 10:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-09-14 16:50 - 2016-09-02 10:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-14 16:50 - 2016-09-02 10:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-14 16:50 - 2016-09-02 10:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-09-14 16:50 - 2016-09-02 10:31 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-09-14 16:50 - 2016-09-02 10:31 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-09-14 16:50 - 2016-09-02 10:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-09-14 16:50 - 2016-09-02 10:31 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-09-14 16:50 - 2016-09-02 10:31 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-14 16:50 - 2016-09-02 10:31 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-09-14 16:50 - 2016-09-02 10:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-09-14 16:50 - 2016-09-02 10:31 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-09-14 16:50 - 2016-09-02 10:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-09-14 16:50 - 2016-09-02 10:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-09-14 16:50 - 2016-09-02 10:18 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:02 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-09-14 16:50 - 2016-09-02 10:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-09-14 16:50 - 2016-09-02 10:02 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-09-14 16:50 - 2016-09-02 09:58 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-09-14 16:50 - 2016-09-02 09:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-09-14 16:50 - 2016-09-02 09:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-14 16:50 - 2016-09-02 09:54 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-14 16:50 - 2016-09-02 09:54 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-14 16:50 - 2016-09-02 09:53 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-09-14 16:50 - 2016-09-02 09:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-09-14 16:50 - 2016-09-02 09:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-09-14 16:50 - 2016-09-02 09:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-09-14 16:50 - 2016-09-02 09:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-09-14 16:50 - 2016-09-02 09:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-09-14 16:50 - 2016-09-02 09:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 09:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-09-14 16:49 - 2016-09-02 10:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-09-14 16:49 - 2016-09-02 10:30 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-09-14 16:49 - 2016-09-02 10:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-09-14 16:49 - 2016-09-02 10:30 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-09-14 16:49 - 2016-09-02 10:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-09-14 16:49 - 2016-09-02 10:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-09-14 16:49 - 2016-09-02 10:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-09-14 16:49 - 2016-09-02 10:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-09-14 16:49 - 2016-09-02 10:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-09-14 16:49 - 2016-09-02 10:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-09-14 16:49 - 2016-09-02 10:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-09-14 16:49 - 2016-09-02 09:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-09-14 16:49 - 2016-09-02 09:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-09-14 16:49 - 2016-08-16 12:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-14 16:49 - 2016-08-15 21:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-14 16:49 - 2016-08-15 21:35 - 03218432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-14 16:49 - 2016-08-06 10:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-14 16:49 - 2016-08-06 10:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-13 07:08 - 2016-09-13 19:20 - 00000000 ____D C:\Users\Alex\Desktop\Cypress-Fairbanks ISD docs

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-12 19:57 - 2013-06-18 20:56 - 00000000 ___RD C:\Users\Alex\Dropbox
2016-10-12 19:56 - 2012-03-29 19:14 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-12 19:56 - 2012-03-29 19:14 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-12 19:56 - 2012-03-29 19:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-12 19:56 - 2012-02-27 07:56 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-12 19:56 - 2011-09-08 22:49 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-12 19:56 - 2011-04-13 04:33 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-12 19:53 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-12 19:53 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-12 19:49 - 2011-08-05 21:34 - 00000000 ____D C:\Users\Alex\AppData\Local\Adobe
2016-10-12 19:43 - 2014-02-08 13:50 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-12 19:41 - 2011-04-28 09:39 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-12 19:40 - 2014-02-08 13:50 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-12 19:39 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-11 21:05 - 2011-08-05 21:41 - 00000000 ____D C:\ProgramData\clear.fi
2016-10-11 21:02 - 2015-06-16 17:51 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1282236500-1533785801-392934604-1001UA.job
2016-10-11 19:02 - 2011-08-06 12:52 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Audacity
2016-10-11 19:01 - 2011-04-28 09:53 - 00000000 ____D C:\ProgramData\Temp
2016-10-11 07:15 - 2011-08-06 19:01 - 00000000 ____D C:\Users\Alex\Documents\PC Files
2016-10-11 06:29 - 2015-01-31 20:37 - 00468386 _____ C:\Windows\ntbtlog.txt
2016-10-11 06:23 - 2016-05-01 13:59 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-10-11 06:22 - 2013-01-29 08:09 - 00009349 _____ C:\Windows\wininit.ini
2016-10-11 06:02 - 2013-03-13 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-11 06:02 - 2013-03-13 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-11 06:02 - 2009-07-13 23:45 - 00517744 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-11 06:01 - 2013-03-13 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-11 00:02 - 2015-06-16 17:51 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1282236500-1533785801-392934604-1001Core.job
2016-10-10 22:08 - 2011-04-13 04:17 - 00000000 ____D C:\ProgramData\McAfee
2016-10-10 22:04 - 2011-04-13 04:17 - 00000000 ____D C:\Program Files\Common Files\mcafee
2016-10-10 22:02 - 2011-04-13 04:17 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-10-10 21:54 - 2011-08-05 21:34 - 00122488 _____ C:\Users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-10 21:50 - 2015-04-26 10:13 - 00000000 ____D C:\ProgramData\Panda Security URL Filtering
2016-10-10 21:49 - 2015-04-26 10:11 - 00000000 ____D C:\Program Files (x86)\Panda Security
2016-10-10 21:49 - 2015-04-26 10:08 - 00000000 ____D C:\ProgramData\Panda Security
2016-10-10 21:47 - 2015-04-26 10:12 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Panda Security
2016-10-10 21:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-10-10 20:43 - 2015-04-26 10:13 - 00000000 ____D C:\ProgramData\panda_url_filtering
2016-10-09 17:39 - 2011-08-12 21:47 - 00000000 ____D C:\Users\Alex\AppData\Roaming\foobar2000
2016-10-07 12:24 - 2011-08-05 21:43 - 00000000 ____D C:\Users\Alex\AppData\Local\ElevatedDiagnostics
2016-10-07 11:38 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-10-07 08:29 - 2012-10-14 09:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-06 20:37 - 2013-06-18 20:52 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Dropbox
2016-10-04 19:13 - 2009-07-14 00:13 - 00006206 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-30 16:43 - 2014-02-08 13:50 - 00002159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-30 14:24 - 2015-06-16 17:51 - 00000000 ____D C:\Users\Alex\AppData\Local\Dropbox
2016-09-29 21:30 - 2016-08-22 13:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2016-09-18 06:52 - 2014-03-20 21:49 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-09-18 06:50 - 2014-03-20 21:46 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-09-17 23:55 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT
2016-09-17 23:46 - 2011-08-07 05:43 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-17 13:11 - 2011-08-06 12:38 - 00000000 ____D C:\Program Files (x86)\Squeezebox
2016-09-16 08:13 - 2013-03-28 06:39 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-16 08:13 - 2009-07-14 00:08 - 00032638 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-09-13 07:52 - 2016-06-13 23:04 - 00000000 ____D C:\Users\Alex\Desktop\CS Application Docs
2016-09-13 07:09 - 2016-07-18 21:15 - 00000000 ____D C:\Users\Alex\Desktop\Conroe ISDDocs
2016-09-13 04:28 - 2013-01-26 12:54 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-09-13 04:27 - 2013-01-26 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-09-13 04:26 - 2015-07-06 07:15 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask

==================== Files in the root of some directories =======

1995-06-23 16:41 - 1995-06-23 16:41 - 0001398 _____ () C:\Program Files (x86)\BIBLE.ICO
2005-03-29 16:25 - 2005-03-29 16:25 - 0389120 _____ () C:\Program Files (x86)\CLASSICS.EXE
2009-05-14 10:39 - 2009-05-14 10:39 - 0009400 _____ () C:\Program Files (x86)\COPYRITE.TXT
2006-09-19 15:40 - 2006-09-19 15:40 - 0186985 _____ () C:\Program Files (x86)\help.chm
2010-10-25 16:44 - 2010-10-25 16:44 - 0010307 _____ () C:\Program Files (x86)\JawsInstructions.doc
2010-10-22 09:03 - 2010-10-22 09:03 - 0007343 _____ () C:\Program Files (x86)\JawsInstructions.txt
2010-10-28 14:46 - 2010-10-28 14:46 - 0151552 _____ () C:\Program Files (x86)\JawsPlugin.exe
2011-10-01 15:52 - 2011-10-01 15:52 - 0184083 _____ () C:\Program Files (x86)\LABELS.TWP
2009-05-15 07:09 - 2009-05-15 07:09 - 0014484 _____ () C:\Program Files (x86)\License Agreement.rtf
2009-05-14 11:13 - 2009-05-14 11:13 - 3267072 _____ () C:\Program Files (x86)\Manual.doc
2010-04-05 10:50 - 2010-04-05 10:50 - 0467744 _____ () C:\Program Files (x86)\Manual.pdf
1999-10-11 09:21 - 1999-10-11 09:21 - 0000742 _____ () C:\Program Files (x86)\READINGS.NT
1999-10-11 09:21 - 1999-10-11 09:21 - 0000742 _____ () C:\Program Files (x86)\READINGS.OT
2005-02-18 11:44 - 2005-02-18 11:44 - 0483966 _____ () C:\Program Files (x86)\SERMON.BMP
2010-10-12 06:42 - 2010-10-12 06:42 - 0023040 _____ () C:\Program Files (x86)\Setting Up Verse Search To Work With Speech.doc
1999-10-11 09:22 - 1999-10-11 09:22 - 0153958 _____ () C:\Program Files (x86)\TIME.BMP
1998-04-13 05:28 - 1998-04-13 05:28 - 1790878 _____ () C:\Program Files (x86)\TIMELINE.BMP
1995-09-26 08:53 - 1995-09-26 08:53 - 0004331 _____ () C:\Program Files (x86)\VERSES.WCM
2005-02-16 11:03 - 2005-02-16 11:03 - 0006513 _____ () C:\Program Files (x86)\verses10.wcm
2003-02-07 16:42 - 2003-02-07 16:42 - 0006414 _____ () C:\Program Files (x86)\VERSES6.WCM
2005-02-16 11:03 - 2005-02-16 11:03 - 0006116 _____ () C:\Program Files (x86)\verses9.wcm
2005-03-23 15:39 - 2005-03-23 15:39 - 0032256 _____ () C:\Program Files (x86)\versesXP.dot
2011-11-03 08:34 - 2011-11-03 08:34 - 0516096 _____ () C:\Program Files (x86)\VSWIN.exe
2005-02-18 16:35 - 2005-02-18 16:35 - 0000692 _____ () C:\Program Files (x86)\vswin.exe.manifest
2002-08-22 14:03 - 2002-08-22 14:03 - 0200757 _____ (Business Resource Software, Inc.) C:\Program Files (x86)\webupdate.exe
2002-05-14 09:17 - 2002-05-14 09:17 - 0184375 _____ (Business Resource Software, Inc.) C:\Program Files (x86)\webupdate2.exe
2000-10-26 13:52 - 2000-10-26 13:52 - 0004096 _____ () C:\Program Files (x86)\wpid.dlf
2009-01-07 16:44 - 2009-01-07 16:44 - 0000068 _____ () C:\Program Files (x86)\wuid.dlf
2015-07-18 16:20 - 2015-07-18 16:20 - 0000132 _____ () C:\Users\Alex\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-01-19 09:32 - 2013-01-19 09:36 - 0016952 ____T (Un4seen Developments) C:\Users\Alex\AppData\Roaming\Microsoft\1eaadjc.dll
2013-01-19 09:32 - 2013-01-19 09:36 - 0018724 ____T () C:\Users\Alex\AppData\Roaming\Microsoft\bass.dll
2013-01-19 09:32 - 2013-01-19 09:36 - 0014392 ____T (Un4seen Developments) C:\Users\Alex\AppData\Roaming\Microsoft\kfgresk.dll
2013-01-19 09:32 - 2013-01-19 09:36 - 0013984 ____T () C:\Users\Alex\AppData\Roaming\Microsoft\mjcriu.dll
2013-01-19 09:32 - 2013-01-19 09:36 - 0010808 ____T (Un4seen Developments) C:\Users\Alex\AppData\Roaming\Microsoft\peaadje.dll
2013-01-19 09:32 - 2013-01-19 09:36 - 0026200 ____T ((: JOBnik! :) [Arthur Aminov, ISRAEL]) C:\Users\Alex\AppData\Roaming\Microsoft\qwadjb.dll
2013-01-19 09:32 - 2013-01-19 09:36 - 0015416 ____T (Un4seen Developments) C:\Users\Alex\AppData\Roaming\Microsoft\rsaadjd.dll
2013-01-19 09:32 - 2013-01-19 09:36 - 0098360 ____T (Un4seen Developments) C:\Users\Alex\AppData\Roaming\Microsoft\~DFK1a266dd8.tmp
2012-08-21 20:51 - 2012-08-21 20:51 - 0003584 _____ () C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-02 21:43 - 2013-06-29 07:42 - 0007605 _____ () C:\Users\Alex\AppData\Local\resmon.resmoncfg
2011-04-28 09:53 - 2011-08-07 09:15 - 0015700 _____ () C:\ProgramData\ArcadeDeluxe5.log
2016-10-01 10:51 - 2012-09-06 11:06 - 0126976 _____ (Thesycon GmbH) C:\ProgramData\CNED978.tmp

Some files in TEMP:
====================
C:\Users\Alex\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Alex\AppData\Local\Temp\_is7007.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-05 00:44

==================== End of FRST.txt ============================

 

Attached File  Addition 1.txt   67.38KB   1 downloads

 

[Made attachment appear. ~ OB]


Edited by Orange Blossom, 13 October 2016 - 10:59 AM.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 AM

Posted 13 October 2016 - 12:54 PM

Hi swan36fc :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job, and I also have night classes on Mondays and Wednesdays, which means that if you reply during these two days, it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

You've indeed been infected with a fileless malware (Poweliks or one of its variant). This being said, we'll run a first FRST fix, followed by ESET Poweliks Cleaner to get rid of it. Follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Right-click on your Desktop, select New and click on Text Document. Name it fixlist (make sure it's a .txt file) and press on Enter;
  • Open the file you just created and copy/paste the content below in it, then save it (Ctrl + S);
    CloseProcesses:
    CreateRestorePoint:
    
    HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
    HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
    HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\Run: [**zvhcwhfhzv<*>] => "C:\Windows\system32\mshta.exe" javascript:R4QzUp="eUL9hOmi";W9I=new%20ActiveXObject("WScript.Shell");Tr8HWat="T";F6i8cm=W9I.RegRead("HKCU\\software\\rpts\\uyddzvkx");uQcAwyU8="Ze";eval(F6i8cm);obY1Bo (the data entry has 9 more characters). <===== ATTENTION (Value Name with invalid characters)
    HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\Run: [**nsufv<*>] => "C:\Users\Alex\AppData\Local\7b50\77f1.lnk" <===== ATTENTION (Value Name with invalid characters)
    HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\MountPoints2: {173e13cf-0089-11e2-b043-806e6f6e6963} - E:\unlock.exe autoplay=true
    HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\MountPoints2: {8ebb0b21-c064-11e0-bcb7-f80f411af283} - "E:\WD SmartWare.exe" autoplay=true
    HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\MountPoints2: {f0f80b30-f0c0-11e1-8409-f80f411af283} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-1282236500-1533785801-392934604-1003\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
    HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
    Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8127.lnk [2016-10-11]
    
    GroupPolicyScripts-x32: Restriction <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    URLSearchHook: HKU\S-1-5-21-1282236500-1533785801-392934604-1001 - (No Name) - {6d474053-6aea-476f-af1a-840e7bbd0edb} - No File
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtC0A0FtBzztA0B0DyC0EtN0D0Tzu0SzztDzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtD0DtB0D0AyEyCtG0ByD0C0DtGyD0D0DzztGyE0EtCzztGtC0FyDyC0A0C0D0DyEtCyB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0F0EtCtA0F0AyEtGtD0A0ByCtGzytC0ByCtGyC0CyEzztGyCtAtAyE0ByE0EzytAtCyEzz2Q&cr=169463379&ir=
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtC0A0FtBzztA0B0DyC0EtN0D0Tzu0SzztDzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtD0DtB0D0AyEyCtG0ByD0C0DtGyD0D0DzztGyE0EtCzztGtC0FyDyC0A0C0D0DyEtCyB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0F0EtCtA0F0AyEtGtD0A0ByCtGzytC0ByCtGyC0CyEzztGyCtAtAyE0ByE0EzytAtCyEzz2Q&cr=169463379&ir=
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1282236500-1533785801-392934604-1001 -> DefaultScope {A13C856D-6924-42A2-9CDA-81376381E1E3} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B014US662D20131009&p={SearchTerms}
    SearchScopes: HKU\S-1-5-21-1282236500-1533785801-392934604-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtC0A0FtBzztA0B0DyC0EtN0D0Tzu0SzztDzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtD0DtB0D0AyEyCtG0ByD0C0DtGyD0D0DzztGyE0EtCzztGtC0FyDyC0A0C0D0DyEtCyB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0F0EtCtA0F0AyEtGtD0A0ByCtGzytC0ByCtGyC0CyEzztGyCtAtAyE0ByE0EzytAtCyEzz2Q&cr=169463379&ir=
    SearchScopes: HKU\S-1-5-21-1282236500-1533785801-392934604-1001 -> {A13C856D-6924-42A2-9CDA-81376381E1E3} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B014US662D20131009&p={SearchTerms}
    BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File
    BHO-x32: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File
    Toolbar: HKU\S-1-5-21-1282236500-1533785801-392934604-1001 -> No Name - {6D474053-6AEA-476F-AF1A-840E7BBD0EDB} -  No File
    Toolbar: HKU\S-1-5-21-1282236500-1533785801-392934604-1001 -> No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
    Toolbar: HKU\S-1-5-21-1282236500-1533785801-392934604-1001 -> No Name - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} -  No File
    Toolbar: HKU\S-1-5-21-1282236500-1533785801-392934604-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
    
    Task: {52DA0C48-B766-4A03-AAF5-E1F9E033FCFF} - System32\Tasks\{DC86C6AA-A263-4887-A5E9-2B90C66E5DD0} => pcalua.exe -a C:\Users\Alex\Downloads\VSE880LMLRP3\SetupVSE.Exe -d C:\Users\Alex\Downloads\VSE880LMLRP3
    Task: {F3C51FA4-A7C8-4D8E-AF9C-4CBD0ED09AE0} - \Digital Sites -> No File <==== ATTENTION
    
    AlternateDataStreams: C:\Users\Alex\Desktop\IMG_20160718_0001.tif:com.dropbox.attributes [168]
    AlternateDataStreams: C:\Users\Alex\Desktop\IMG_20160718_0002.tif:com.dropbox.attributes [168]
    AlternateDataStreams: C:\Users\Alex\Desktop\IMG_20160718_0003.tif:com.dropbox.attributes [168]
    AlternateDataStreams: C:\Users\Alex\Desktop\IMG_20160718_0004.tif:com.dropbox.attributes [168]
    AlternateDataStreams: C:\Users\Alex\Desktop\IMG_20160718_0005.tif:com.dropbox.attributes [168]
    AlternateDataStreams: C:\Users\Alex\Desktop\IMG_20160718_0006.tif:com.dropbox.attributes [168]
    AlternateDataStreams: C:\Users\Alex\Desktop\Michell A&M DB -Final 5:com.dropbox.attributes [168]
    AlternateDataStreams: C:\Users\Alex\Desktop\Michelle A&M DB Fall 2014:com.dropbox.attributes [168]
    AlternateDataStreams: C:\Users\Alex\Desktop\Michelle A&M Fall 2014 DVB -PPT images:com.dropbox.attributes [168]
    AlternateDataStreams: C:\Users\Alex\Desktop\Michelle DB 10-9-14:com.dropbox.attributes [168]
    AlternateDataStreams: C:\Users\Alex\Desktop\Michelle DB A&M:com.dropbox.attributes [168]
    AlternateDataStreams: C:\Users\Alex\Desktop\Michelle DB PPs:com.dropbox.attributes [168]
    AlternateDataStreams: C:\Users\Alex\Documents\Mike -AGH:com.dropbox.attributes [168]
    AlternateDataStreams: C:\ProgramData\Temp:7BEAD6C2 [390]
    AlternateDataStreams: C:\ProgramData\Temp:DD4DD9B9 [177]
    
    MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
    
    FirewallRules: [{06E0CA61-B504-4B6F-8ECA-B4C743BB920C}] => (Allow) C:\Users\Alex\AppData\Local\Temp\nsg5E90.tmp\CnetInstaller-10598078.exe
    FirewallRules: [{2F2C5B20-653D-41A7-82C2-8423EF6EA166}] => (Allow) C:\Users\Alex\AppData\Local\Temp\nsg5E90.tmp\CnetInstaller-10598078.exe
    FirewallRules: [{B0390CAB-FB7B-4E3A-A44B-A7376248F8AE}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
    FirewallRules: [{1B1F6AFA-33CE-4EBE-9617-AB2DAC2F7219}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
    
    C:\Program Files (x86)\AskPartnerNetwork
    C:\Program Files (x86)\pandasecuritytb
    C:\ProgramData\CNED978.tmp
    C:\Users\Alex\AppData\Local\7b50
    C:\Users\Alex\AppData\Local\0000000000000
    C:\Users\Alex\AppData\Roaming\10ac
    
    EmptyTemp:
    
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;
For ESET Poweliks Cleaner, follow the steps 6 through 10 in the self-help guide below.

http://www.bleepingcomputer.com/virus-removal/remove-poweliks-trojan#eset_poweliks

Once done, copy/paste the content of the log that will be created on your desktop here so I can read it.

After running FRST, ESET Poweliks Cleaner and restart your computer, does McAfee still detects a threat?

Your next reply(ies) should include:
  • Copy/pasted content of FRST's fixlog.txt;
  • Copy/pasted content of ESET Poweliks Cleaner's log;
  • Answer to my question about McAfee's behavior;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 swan36fc

swan36fc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 13 October 2016 - 01:49 PM

Yoan,

 

Understood. Believe me, I am very grateful for your help.  Since McAfee recognized this trojan, my PC has remained off except to run FRST last night, and will remain off except when I run it again per your instructions.  I have no illegal or pirated software, so no problem there.  I should have the logs and answer concerning McAfee for you tomorrow morning. 

 

Thank you so much!

 

swan36fc



#4 swan36fc

swan36fc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 13 October 2016 - 02:20 PM

Yoan,

 

I have read over everything carefully several times and I do have a question.  The instructions ask me to create a text file that I name 'fixlist' and paste the contents of the large box above into it. This file is not mentioned again and nothing indicates how or when it will be used.  Can you explain?  Is it for a later step?

 

Thanks!

swan36fc



#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 AM

Posted 13 October 2016 - 02:25 PM

That file (fixlist.txt) will be used by FRST when you press on the "Fix" button, hence why you need to create it in the same location as the FRST executable :) After running the fix, the file (fixlist.txt) will dissapear, and new one called fixlog.txt will appear instead. And I'll need you to copy/paste the content of this file in your next reply.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 swan36fc

swan36fc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 13 October 2016 - 02:42 PM

Aha :guitar:

 

So, by location you mean: on the desktop -along with the FRST executable, correct? 

Looking back at your instructions, it appears that fixlist.txt needs to be OPEN during the running of fix in FRST, correct?

 

Thanks!

swan36fc



#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 AM

Posted 13 October 2016 - 02:46 PM

So, by location you mean: on the desktop -along with the FRST executable, correct?


Correct.

Looking back at your instructions, it appears that fixlist.txt needs to be OPEN during the running of fix in FRST, correct?


No, it needs to be closed. It isn't explicitely stated though. Usually, when someone asks you to create and save a file, you close it after because it's not needed anymore.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 swan36fc

swan36fc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 13 October 2016 - 02:57 PM

OK, I'm all set.  Thanks again!



#9 swan36fc

swan36fc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 14 October 2016 - 03:43 PM

Yoan,

 

OK, I have completed your suggested fixes.  When I ran the ESET cleaner, it didn't find Trojan-PoweLike!bat. So far, McAfee has not detected Trojan-PoweLike!bat either.  I am pasting the 2 logs below.

 

Thanks!!

swan36fc

 

...............................................................................................................................................................................................................................................

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 13-10-2016
Ran by Alex (14-10-2016 08:35:08) Run:2
Running from C:\Users\Alex\Desktop
Loaded Profiles: Alex (Available Profiles: Alex & UpdatusUser)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\Run: [**zvhcwhfhzv<*>] => "C:\Windows\system32\mshta.exe" javascript:R4QzUp="eUL9hOmi";W9I=new%20ActiveXObject("WScript.Shell");Tr8HWat="T";F6i8cm=W9I.RegRead("HKCU\\software\\rpts\\uyddzvkx");uQcAwyU8="Ze";eval(F6i8cm);obY1Bo (the data entry has 9 more characters). <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\Run: [**nsufv<*>] => "C:\Users\Alex\AppData\Local\7b50\77f1.lnk" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\MountPoints2: {173e13cf-0089-11e2-b043-806e6f6e6963} - E:\unlock.exe autoplay=true
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\MountPoints2: {8ebb0b21-c064-11e0-bcb7-f80f411af283} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\MountPoints2: {f0f80b30-f0c0-11e1-8409-f80f411af283} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1282236500-1533785801-392934604-1003\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8127.lnk [2016-10-11]

GroupPolicyScripts-x32: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-1282236500-1533785801-392934604-1001 - (No Name) - {6d474053-6aea-476f-af1a-840e7bbd0edb} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtC0A0FtBzztA0B0DyC0EtN0D0Tzu0SzztDzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtD0DtB0D0AyEyCtG0ByD0C0DtGyD0D0DzztGyE0EtCzztGtC0FyDyC0A0C0D0DyEtCyB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0F0EtCtA0F0AyEtGtD0A0ByCtGzytC0ByCtGyC0CyEzztGyCtAtAyE0ByE0EzytAtCyEzz2Q&cr=169463379&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtC0A0FtBzztA0B0DyC0EtN0D0Tzu0SzztDzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtD0DtB0D0AyEyCtG0ByD0C0DtGyD0D0DzztGyE0EtCzztGtC0FyDyC0A0C0D0DyEtCyB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0F0EtCtA0F0AyEtGtD0A0ByCtGzytC0ByCtGyC0CyEzztGyCtAtAyE0ByE0EzytAtCyEzz2Q&cr=169463379&ir=
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1282236500-1533785801-392934604-1001 -> DefaultScope {A13C856D-6924-42A2-9CDA-81376381E1E3} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B014US662D20131009&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1282236500-1533785801-392934604-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtC0A0FtBzztA0B0DyC0EtN0D0Tzu0SzztDzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtD0DtB0D0AyEyCtG0ByD0C0DtGyD0D0DzztGyE0EtCzztGtC0FyDyC0A0C0D0DyEtCyB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0F0EtCtA0F0AyEtGtD0A0ByCtGzytC0ByCtGyC0CyEzztGyCtAtAyE0ByE0EzytAtCyEzz2Q&cr=169463379&ir=
SearchScopes: HKU\S-1-5-21-1282236500-1533785801-392934604-1001 -> {A13C856D-6924-42A2-9CDA-81376381E1E3} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B014US662D20131009&p={SearchTerms}
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File
BHO-x32: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File
Toolbar: HKU\S-1-5-21-1282236500-1533785801-392934604-1001 -> No Name - {6D474053-6AEA-476F-AF1A-840E7BBD0EDB} -  No File
Toolbar: HKU\S-1-5-21-1282236500-1533785801-392934604-1001 -> No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
Toolbar: HKU\S-1-5-21-1282236500-1533785801-392934604-1001 -> No Name - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} -  No File
Toolbar: HKU\S-1-5-21-1282236500-1533785801-392934604-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File

Task: {52DA0C48-B766-4A03-AAF5-E1F9E033FCFF} - System32\Tasks\{DC86C6AA-A263-4887-A5E9-2B90C66E5DD0} => pcalua.exe -a C:\Users\Alex\Downloads\VSE880LMLRP3\SetupVSE.Exe -d C:\Users\Alex\Downloads\VSE880LMLRP3
Task: {F3C51FA4-A7C8-4D8E-AF9C-4CBD0ED09AE0} - \Digital Sites -> No File <==== ATTENTION

AlternateDataStreams: C:\Users\Alex\Desktop\IMG_20160718_0001.tif:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Alex\Desktop\IMG_20160718_0002.tif:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Alex\Desktop\IMG_20160718_0003.tif:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Alex\Desktop\IMG_20160718_0004.tif:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Alex\Desktop\IMG_20160718_0005.tif:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Alex\Desktop\IMG_20160718_0006.tif:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Alex\Desktop\Michell A&M DB -Final 5:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Alex\Desktop\Michelle A&M DB Fall 2014:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Alex\Desktop\Michelle A&M Fall 2014 DVB -PPT images:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Alex\Desktop\Michelle DB 10-9-14:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Alex\Desktop\Michelle DB A&M:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Alex\Desktop\Michelle DB PPs:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Alex\Documents\Mike -AGH:com.dropbox.attributes [168]
AlternateDataStreams: C:\ProgramData\Temp:7BEAD6C2 [390]
AlternateDataStreams: C:\ProgramData\Temp:DD4DD9B9 [177]

MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"

FirewallRules: [{06E0CA61-B504-4B6F-8ECA-B4C743BB920C}] => (Allow) C:\Users\Alex\AppData\Local\Temp\nsg5E90.tmp\CnetInstaller-10598078.exe
FirewallRules: [{2F2C5B20-653D-41A7-82C2-8423EF6EA166}] => (Allow) C:\Users\Alex\AppData\Local\Temp\nsg5E90.tmp\CnetInstaller-10598078.exe
FirewallRules: [{B0390CAB-FB7B-4E3A-A44B-A7376248F8AE}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{1B1F6AFA-33CE-4EBE-9617-AB2DAC2F7219}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe

C:\Program Files (x86)\AskPartnerNetwork
C:\Program Files (x86)\pandasecuritytb
C:\ProgramData\CNED978.tmp
C:\Users\Alex\AppData\Local\7b50
C:\Users\Alex\AppData\Local\0000000000000
C:\Users\Alex\AppData\Roaming\10ac

EmptyTemp:
*****************

Processes closed successfully.
Error: Restore point can only be created in normal mode.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => value not found.
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\Software\Microsoft\Windows\CurrentVersion\Run\\**zvhcwhfhzv<*> => value removed successfully
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\Software\Microsoft\Windows\CurrentVersion\Run\\**nsufv<*> => value removed successfully
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{173e13cf-0089-11e2-b043-806e6f6e6963} => key not found.
HKCR\CLSID\{173e13cf-0089-11e2-b043-806e6f6e6963} => key not found.
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ebb0b21-c064-11e0-bcb7-f80f411af283} => key not found.
HKCR\CLSID\{8ebb0b21-c064-11e0-bcb7-f80f411af283} => key not found.
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0f80b30-f0c0-11e1-8409-f80f411af283} => key not found.
HKCR\CLSID\{f0f80b30-f0c0-11e1-8409-f80f411af283} => key not found.
HKU\S-1-5-21-1282236500-1533785801-392934604-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => value not found.
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8127.lnk => not found.
"C:\Windows\SysWOW64\GroupPolicy\Machine" => not found.
HKLM\SOFTWARE\Policies\Google => key not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{6d474053-6aea-476f-af1a-840e7bbd0edb} => value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A13C856D-6924-42A2-9CDA-81376381E1E3} => key not found.
HKCR\CLSID\{A13C856D-6924-42A2-9CDA-81376381E1E3} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => key not found.
HKCR\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => key not found.
HKCR\Wow6432Node\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => key not found.
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6D474053-6AEA-476F-AF1A-840E7BBD0EDB} => value not found.
HKCR\CLSID\{6D474053-6AEA-476F-AF1A-840E7BBD0EDB} => key not found.
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} => value not found.
HKCR\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} => key not found.
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} => value not found.
HKCR\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} => key not found.
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => value not found.
HKCR\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52DA0C48-B766-4A03-AAF5-E1F9E033FCFF} => key not found.
C:\Windows\System32\Tasks\{DC86C6AA-A263-4887-A5E9-2B90C66E5DD0} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DC86C6AA-A263-4887-A5E9-2B90C66E5DD0} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3C51FA4-A7C8-4D8E-AF9C-4CBD0ED09AE0} => key not found.

 

..................................................................................................................................................................................................................................................................................

 

[2016.10.14 15:15:53.940] - Begin
[2016.10.14 15:15:53.955] -
[2016.10.14 15:15:53.955] -     ....................................
[2016.10.14 15:15:53.955] -   ..::::::::::::::::::....................
[2016.10.14 15:15:53.955] -   .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT..    Win32/Poweliks
[2016.10.14 15:15:53.955] -  .::EE::::EE:SS:::::::.EE....EE....TT......   Version: 1.0.0.5
[2016.10.14 15:15:53.955] -  .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT......   Built: Jun 30 2015
[2016.10.14 15:15:53.955] -  .::EE:::::::::::::SS:.EE..........TT......
[2016.10.14 15:15:53.955] -   .::EEEEEE:::SSSSSS::..EEEEEE.....TT.....    Copyright © ESET, spol. s r.o.
[2016.10.14 15:15:53.955] -   ..::::::::::::::::::....................    1992-2015. All rights reserved.
[2016.10.14 15:15:53.955] -     ....................................
[2016.10.14 15:15:53.955] -
[2016.10.14 15:15:53.955] - --------------------------------------------------------------------------------
[2016.10.14 15:15:53.971] -
[2016.10.14 15:15:53.971] - INFO: OS: 6.1.7601 SP1
[2016.10.14 15:15:53.971] - INFO: Product Type: Workstation
[2016.10.14 15:15:53.971] - INFO: WoW64: True
[2016.10.14 15:15:53.971] - INFO: Machine guid: 7AD8EC96-DA38-46AB-A2E6-C9F65E0EE990
[2016.10.14 15:15:53.971] -
[2016.10.14 15:15:53.971] - INFO: Scanning for system infection...
[2016.10.14 15:15:53.971] - --------------------------------------------------------------------------------
[2016.10.14 15:15:53.971] -
[2016.10.14 15:15:53.971] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2016.10.14 15:15:53.971] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2016.10.14 15:15:53.971] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2016.10.14 15:15:53.971] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2016.10.14 15:15:53.971] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]...
[2016.10.14 15:15:53.971] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]...
[2016.10.14 15:15:53.971] - INFO: Processing classes...
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{18113A25-4A4A-3758-80F3-AE1764F6FD4D}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{6C91B92A-BF94-4F4F-BCC3-3AD60D040F29}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{ACF996F1-8EDE-4EED-8A44-7E0D912AE0E6}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{D39F2186-8F07-451F-A32A-25EC8912F1D7}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{E64C0B74-5118-4B04-BC2B-600E1E1D59A2}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{18113A25-4A4A-3758-80F3-AE1764F6FD4D}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{D39F2186-8F07-451F-A32A-25EC8912F1D7}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
[2016.10.14 15:15:53.971] - INFO: Processing clsid [\Registry\User\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}]
[2016.10.14 15:15:53.971] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2016.10.14 15:15:53.971] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2016.10.14 15:15:53.971] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2016.10.14 15:15:53.971] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2016.10.14 15:15:53.971] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2016.10.14 15:15:53.971] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2016.10.14 15:15:53.971] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2016.10.14 15:15:53.971] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2016.10.14 15:15:53.971] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2016.10.14 15:15:53.971] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2016.10.14 15:15:53.971] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2016.10.14 15:15:53.971] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2016.10.14 15:15:53.971] - INFO: (XSW) Scanning for XSW variant...
[2016.10.14 15:15:53.971] - INFO: (XSW) Processing users subkeys...
[2016.10.14 15:15:53.971] - INFO: Win32/Poweliks not found
[2016.10.14 15:16:37.214] - End
 

 



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 AM

Posted 14 October 2016 - 03:50 PM

Good :) Let's run Malwarebytes and EEK to make sure it's completely gone.

0isDeWa.pngMalwarebytes Anti-Malware - Clean Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;
G0tu5D9.pngEmsisoft Emergency Kit
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;
    Egla2gt.png
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
    IgfWDr3.png
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;
And we'll grab a fresh set of FRST logs to check it ourself.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;
Your next reply(ies) should include:
  • Copy/pasted content of the Malwarebytes Anti-Malware clean log;
  • Copy/pasted content of Emsisoft Emergency Kit's clean log;
  • Copy/pasted content of FRST.txt;
  • Copy/pasted content of Addition.txt;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 swan36fc

swan36fc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 14 October 2016 - 06:29 PM

Yoan,

 

OK, all done.  EEK didn't ask for a restart, BTW.  Logs below.

 

Thanks!!

 

..............................................................................................................................................................................................................................................................................

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/14/2016
Scan Time: 4:53 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.10.14.11
Rootkit Database: v2016.09.26.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Alex

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 361409
Time Elapsed: 13 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 11
PUP.Optional.FaceThemes, HKLM\SOFTWARE\CLASSES\APPID\{F85FA3F2-D2C8-4D4D-BB1C-3181E691AF2B}, Quarantined, [9c875d3c643663d38368e393e1216a96],
PUP.Optional.FaceThemes, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{F85FA3F2-D2C8-4D4D-BB1C-3181E691AF2B}, Quarantined, [9c875d3c643663d38368e393e1216a96],
PUP.Optional.FaceThemes, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{F85FA3F2-D2C8-4D4D-BB1C-3181E691AF2B}, Quarantined, [9c875d3c643663d38368e393e1216a96],
PUP.Optional.SelectionLinks, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{300BEC06-B743-4D19-86B9-11DC711D7FFB}, Quarantined, [c0632c6d2c6e3afc4c7f454d2bd704fc],
PUP.Optional.SelectionLinks, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{300BEC06-B743-4D19-86B9-11DC711D7FFB}, Quarantined, [c0632c6d2c6e3afc4c7f454d2bd704fc],
PUP.Optional.SelectionLinks, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{300BEC06-B743-4D19-86B9-11DC711D7FFB}, Quarantined, [c0632c6d2c6e3afc4c7f454d2bd704fc],
PUP.Optional.Iminent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, Quarantined, [051e5a3fb5e557df9393147ca45ed828],
PUP.Optional.Iminent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, Quarantined, [81a27f1a7426de580c1feca442c05da3],
PUP.Optional.InstallCore, HKU\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\InstallCore, Quarantined, [3fe44e4bcecc979fba4edfc8d42f7f81],
PUP.Optional.WeCare, HKU\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\wecarereminder, Quarantined, [51d27326d3c7cf67a97b895e5ca601ff],
Rootkit.Fileless.MTGen, HKU\S-1-5-21-1282236500-1533785801-392934604-1001_Classes\64DD\SHELL\OPEN\COMMAND, Quarantined, [d0538910a8f26dc9704c8776897a629e],

Registry Values: 1
Rootkit.Fileless.MTGen, HKU\S-1-5-21-1282236500-1533785801-392934604-1001_Classes\64dd\SHELL\OPEN\COMMAND, "C:\Windows\system32\mshta.exe" "javascript:YgwG5hb9="HExn";u73i=new ActiveXObject("WScript.Shell");zol6q="H";YlP0g=u73i.RegRead("HKCU\\software\\rpts\\uyddzvkx");Ary69NS="RSnOo0O1";eval(YlP0g);Rg5QbK="8ZpN7X";", Quarantined, [d0538910a8f26dc9704c8776897a629e]

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.InfoAtoms, C:\Program Files (x86)\InfoAtoms, Quarantined, [80a3c1d8e3b748ee71864471e12127d9],
PUP.Optional.Iminent, C:\Program Files (x86)\IMinent Toolbar, Quarantined, [091af6a3069473c3d43df3d3e91917e9],

Files: 6
PUP.Optional.DownLoadAdmin, C:\Users\Alex\Downloads\cbsidlm-tr1_7-Active_Kill_Disk__Hard_Drive_Eraser-10073508.exe, Quarantined, [b07367322179a49210f9e2bd29d830d0],
PUP.Optional.InstallCore, C:\Users\Alex\Downloads\ZipExtractorSetup.exe, Quarantined, [75aeaeeb772338feef20e8af9d674cb4],
PUP.Optional.InstallCore, C:\Users\Alex\Downloads\adobe_flash_setup(1).exe, Quarantined, [ab787128f4a64ee8b03595a7bf42748c],
PUP.Optional.InstallCore, C:\Users\Alex\Downloads\adobe_flash_setup(2).exe, Quarantined, [c16219800c8e90a605e09d9f8e73b050],
PUP.Optional.InstallCore, C:\Users\Alex\Downloads\adobe_flash_setup.exe, Quarantined, [c3601e7b73275adc4c996ad244bd669a],
PUP.Optional.InstallCore, C:\Users\Alex\Downloads\install.exe, Quarantined, [8a99d1c8c4d6f442a3c3a3f3a163ac54],

Physical Sectors: 0
(No malicious items detected)


(end)

 

....................................................................................................................................................................................................................

 

Emsisoft Emergency Kit - Version 11.9
Quarantine log

Date    Source    Event    Detection    
10/14/2016 6:01:46 PM    C:\Program Files (x86)\Common Files\umbrella    Moved to quarantine    Application.AppInstall (A)    
10/14/2016 6:01:46 PM    C:\Users\Alex\AppData\Local\software    Moved to quarantine    Application.AppInstall (A)    
10/14/2016 6:01:46 PM    C:\Program Files (x86)\openit    Moved to quarantine    Application.AppInstall (A)    
10/14/2016 6:01:46 PM    Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR    Moved to quarantine    Setting.DisableTaskMgr (A)    
10/14/2016 6:01:46 PM    Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS    Moved to quarantine    Setting.DisableRegistryTools (A)    
10/14/2016 6:01:46 PM    Value: HKEY_USERS\S-1-5-21-1282236500-1533785801-392934604-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN    Moved to quarantine    Setting.NoRun (A)    
10/14/2016 6:01:45 PM    Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASAPI32    Moved to quarantine    Application.Win32.InstallExt (A)    
10/14/2016 6:01:45 PM    Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASMANCS    Moved to quarantine    Application.Win32.InstallExt (A)    
10/14/2016 6:01:45 PM    Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS    Moved to quarantine    Setting.NoFolderOptions (A)    
10/14/2016 6:01:45 PM    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO    Moved to quarantine    Application.AdReg (A)    
10/14/2016 6:01:45 PM    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO.1    Moved to quarantine    Application.AdReg (A)    
10/14/2016 6:01:45 PM    Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\INFOATOMS    Moved to quarantine    Application.InstallAd (A)    
10/14/2016 6:01:45 PM    Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SEARCHTHEWEBARP    Moved to quarantine    Application.InstallAd (A)    
10/14/2016 6:01:45 PM    C:\Users\Alex\Downloads\cbsidlm-cbsi134-MS_Works_Converter-SEO-10424236.exe    Moved to quarantine    Application.InstallAd (A)    
10/14/2016 6:01:44 PM    C:\Users\Alex\Downloads\shoutoffsetup.exe    Moved to quarantine    Application.Toolbar (A)    
 

.....................................................................................................................................................................................................................................................................................................................................

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-10-2016
Ran by Alex (administrator) on ALEX-PC (14-10-2016 18:08:15)
Running from C:\Users\Alex\Desktop
Loaded Profiles: Alex & UpdatusUser (Available Profiles: Alex & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-02-09] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [iRiver Updater] => \Updater.exe [212992 2004-07-01] (Moodlogic)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [337440 2013-12-04] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [244080 2015-08-20] (McAfee, Inc.)
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\Run: [SoftAuto.exe] => C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe [405504 2008-08-12] (Creative Technology Ltd)
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\Run: [Dropbox Update] => C:\Users\Alex\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1402792 2016-08-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Acer.scr [456224 2010-07-29] ()
HKU\S-1-5-21-1282236500-1533785801-392934604-1003\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1282236500-1533785801-392934604-1003\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\S-1-5-21-1282236500-1533785801-392934604-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Acer.scr [456224 2010-07-29] ()
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1402792 2016-08-31] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-09-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-09-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-09-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-10-06]
ShortcutTarget: Dropbox.lnk -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CA Panel Autostart.lnk [2016-10-01]
ShortcutTarget: CA Panel Autostart.lnk -> C:\Program Files\Cambridge Audio\USB Audio 2 Driver\cpl.exe ()
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{3580D70A-C806-4F28-902C-DAE39CDB2602}: [DhcpNameServer] 208.180.42.68 208.180.42.100

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1282236500-1533785801-392934604-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-1282236500-1533785801-392934604-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-08-16] (Microsoft Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20161010220631.dll [2016-10-10] (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-08-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-09-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2016-07-26] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14] (CANON INC.)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20161010220632.dll [2016-10-10] (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL [2016-08-09] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2016-09-06] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-1282236500-1533785801-392934604-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: sse0r1b1.default-1395320717338
FF ProfilePath: C:\Users\Alex\AppData\Roaming\MP3-Xtreme\Profiles\s552zv9g.default [2016-03-16]
FF Extension: (Artwork Extras) - C:\Program Files (x86)\MP3-Xtreme 5.0\extensions\albumart@songbirdnest.com [2012-02-23] [not signed]
FF Extension: (Chromibird) - C:\Program Files (x86)\MP3-Xtreme 5.0\extensions\cb@cb [2012-02-23] [not signed]
FF Extension: (Search) - C:\Program Files (x86)\MP3-Xtreme 5.0\extensions\extendedlibrary@mp3x [2012-02-23] [not signed]
FF Extension: (Video Downloader) - C:\Program Files (x86)\MP3-Xtreme 5.0\extensions\ft@ft [2012-02-23] [not signed]
FF Extension: (gonzo) - C:\Program Files (x86)\MP3-Xtreme 5.0\extensions\gonzo@songbirdnest.com [2012-02-23] [not signed]
FF Extension: (Purple Rain) - C:\Program Files (x86)\MP3-Xtreme 5.0\extensions\purplerain@songbirdnest.com [2012-02-23] [not signed]
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\sse0r1b1.default-1395320717338 [2016-10-14]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\sse0r1b1.default-1395320717338 -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\sse0r1b1.default-1395320717338 -> Google
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: (McAfee ScriptScan for Firefox) - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2016-10-10] [not signed]
FF HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\Firefox\Extensions: [uc@uc.com] - C:\Program Files (x86)\Unfriend Checker\FF => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2014-04-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-01-26] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-01-26] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-11-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1282236500-1533785801-392934604-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll [2012-08-28] (Amazon.com, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default [2016-10-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3037424 2016-10-04] (Microsoft Corporation)
S2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
S2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [928272 2016-08-31] (Garmin Ltd. or its subsidiaries)
S2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [127520 2013-12-04] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [262544 2016-10-10] (McAfee, Inc.)
S2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [208936 2015-08-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2016-10-10] (McAfee, Inc.)
S2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 causbaudio; C:\Windows\System32\DRIVERS\causbaudio_x64.sys [251296 2016-10-01] ()
S3 causbaudioks; C:\Windows\System32\DRIVERS\causbaudioks_x64.sys [52640 2016-10-01] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 epp; C:\EEK\bin64\epp.sys [116944 2016-06-30] (Emsisoft Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2016-10-11] ()
S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2016-10-10] (McAfee, Inc.)
S3 mfeaacsk; C:\Windows\System32\drivers\mfeaacsk.sys [64416 2016-10-10] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2016-10-10] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2016-10-10] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2016-10-10] (McAfee, Inc.)
S3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [66080 2016-10-10] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [114880 2016-10-10] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2016-10-10] (McAfee, Inc.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2008-05-06] (Western Digital Technologies) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-14 18:08 - 2016-10-14 18:08 - 00021221 _____ C:\Users\Alex\Desktop\FRST.txt
2016-10-14 17:27 - 2016-10-14 18:06 - 00000000 ____D C:\EEK
2016-10-14 16:39 - 2016-10-14 16:52 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-14 16:39 - 2016-10-14 16:39 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-14 16:39 - 2016-10-14 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-14 16:39 - 2016-10-14 16:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-14 16:39 - 2016-10-14 16:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-14 16:39 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-10-14 16:39 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-10-14 16:39 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-10-14 16:31 - 2016-10-14 16:31 - 00000000 ____D C:\Users\Alex\Desktop\Misc pics
2016-10-14 16:29 - 2016-10-14 16:32 - 00000000 ____D C:\Users\Alex\Desktop\Trojan misc
2016-10-14 16:29 - 2016-10-14 16:32 - 00000000 ____D C:\Users\Alex\Desktop\Michelle unsorted
2016-10-14 16:27 - 2016-10-14 16:30 - 00000000 ____D C:\Users\Alex\Desktop\Misc images
2016-10-14 16:13 - 2016-10-14 16:24 - 265811992 _____ C:\Users\Alex\Desktop\EmsisoftEmergencyKit.exe
2016-10-14 16:12 - 2016-10-14 16:13 - 22851472 _____ (Malwarebytes ) C:\Users\Alex\Desktop\mbam-setup-2.2.1.1043.exe
2016-10-13 21:08 - 2016-10-13 21:08 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-13 20:14 - 2016-10-13 13:40 - 00224968 _____ (ESET) C:\Users\Alex\Desktop\ESETPoweliksCleaner.exe
2016-10-11 18:49 - 2016-10-11 18:49 - 00003352 ____N C:\bootsqm.dat
2016-10-11 18:48 - 2016-10-11 18:48 - 00000000 __SHD C:\found.000
2016-10-11 18:25 - 2016-10-14 18:08 - 00000000 ____D C:\FRST
2016-10-11 18:24 - 2016-10-13 20:17 - 02406912 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2016-10-11 07:22 - 2016-10-11 07:22 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2016-10-11 07:15 - 2016-10-11 07:15 - 00050988 _____ C:\Windows\system32\.crusader
2016-10-11 06:52 - 2016-10-11 07:20 - 00000000 ____D C:\ProgramData\HitmanPro
2016-10-11 06:51 - 2016-10-11 06:52 - 11579432 _____ (SurfRight B.V.) C:\Users\Alex\Downloads\hitmanpro_x64.exe
2016-10-10 22:15 - 2016-10-13 20:16 - 00000000 ____D C:\QUARANTINE
2016-10-10 22:06 - 2016-10-10 22:04 - 00875928 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2016-10-10 22:06 - 2016-10-10 22:04 - 00496888 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfefirek.sys
2016-10-10 22:06 - 2016-10-10 22:04 - 00412440 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeaack.sys
2016-10-10 22:06 - 2016-10-10 22:04 - 00347800 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeavfk.sys
2016-10-10 22:06 - 2016-10-10 22:04 - 00122928 _____ (McAfee, Inc.) C:\Windows\system32\MfeOtlkAddin.dll
2016-10-10 22:06 - 2016-10-10 22:04 - 00114880 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mferkdet.sys
2016-10-10 22:06 - 2016-10-10 22:04 - 00066080 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeplk.sys
2016-10-10 22:06 - 2016-10-10 22:04 - 00064416 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeaacsk.sys
2016-10-10 22:06 - 2016-10-10 22:04 - 00052688 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeclnk.sys
2016-10-10 22:06 - 2016-10-10 22:03 - 00094600 _____ (McAfee, Inc.) C:\Windows\SysWOW64\MfeOtlkAddin.dll
2016-10-10 22:06 - 2016-10-10 22:03 - 00025088 _____ (McAfee, Inc.) C:\Windows\SysWOW64\MFEOtlk.dll
2016-10-10 22:04 - 2016-10-10 22:04 - 00344704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfewfpk.sys
2016-10-10 22:04 - 2016-10-10 22:04 - 00254792 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2016-10-10 22:04 - 2016-10-10 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-10-10 21:59 - 2016-10-10 21:59 - 00000000 ____D C:\Users\Alex\Downloads\VSE880LMLRP6
2016-10-10 21:51 - 2016-10-10 21:53 - 45738925 _____ C:\Users\Alex\Downloads\VSE880LMLRP6.zip
2016-10-08 20:03 - 2016-10-08 20:03 - 01362227 _____ C:\nanosigs_1_20161008_082433.xml
2016-10-08 20:03 - 2016-10-08 20:03 - 00000734 _____ C:\catalog.xml
2016-10-01 10:42 - 2016-10-01 10:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cambridge Audio
2016-10-01 10:42 - 2016-10-01 10:42 - 00000000 ____D C:\Program Files\Cambridge Audio
2016-10-01 10:42 - 2016-10-01 10:34 - 00251296 _____ () C:\Windows\system32\Drivers\causbaudio_x64.sys
2016-10-01 10:42 - 2016-10-01 10:34 - 00052640 _____ () C:\Windows\system32\Drivers\causbaudioks_x64.sys
2016-10-01 10:33 - 2016-10-01 10:34 - 00000000 ____D C:\Users\Alex\Downloads\usb2.0-driver-v1.67.0-1383042402
2016-10-01 10:33 - 2016-10-01 10:34 - 00000000 ____D C:\Users\Alex\Desktop\USB2.0 driver v1.67.0
2016-10-01 09:14 - 2016-10-01 09:14 - 02874376 _____ C:\Users\Alex\Downloads\usb2.0-driver-v1.67.0-1383042402.zip
2016-10-01 08:42 - 2016-10-01 08:42 - 00000000 ____D C:\Users\Alex\Downloads\USB2.0 driver v3.26.0
2016-10-01 08:42 - 2016-10-01 08:42 - 00000000 ____D C:\Users\Alex\Desktop\USB2.0 driver v3.26.0
2016-10-01 08:41 - 2016-10-01 08:41 - 02238708 _____ C:\Users\Alex\Downloads\USB2.0 driver v3.26.0.zip
2016-09-29 21:41 - 2016-09-29 21:48 - 146496630 _____ C:\Users\Alex\Downloads\Kansas - The Prelude Implicit.zip
2016-09-29 21:32 - 2016-09-29 21:40 - 105716318 _____ C:\Users\Alex\Downloads\The Beatles - Live At The Hollywood Bowl (Remastered Deluxe).zip
2016-09-28 22:32 - 2016-10-10 22:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-20 17:16 - 2016-08-05 10:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-09-20 17:16 - 2016-08-05 10:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-09-14 16:52 - 2016-09-01 14:26 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-09-14 16:52 - 2016-09-01 13:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-09-14 16:52 - 2016-08-31 22:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-09-14 16:52 - 2016-08-31 22:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-09-14 16:52 - 2016-08-31 21:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-09-14 16:52 - 2016-08-31 21:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-09-14 16:52 - 2016-08-31 21:46 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-09-14 16:52 - 2016-08-31 21:46 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-09-14 16:52 - 2016-08-31 21:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-09-14 16:52 - 2016-08-31 21:34 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-09-14 16:52 - 2016-08-31 21:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-09-14 16:52 - 2016-08-31 21:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-09-14 16:52 - 2016-08-31 21:26 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-09-14 16:52 - 2016-08-31 21:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-09-14 16:52 - 2016-08-31 21:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-09-14 16:52 - 2016-08-31 21:23 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-09-14 16:52 - 2016-08-31 21:08 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-09-14 16:52 - 2016-08-31 20:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-09-14 16:52 - 2016-08-31 20:57 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-09-14 16:52 - 2016-08-31 20:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-09-14 16:52 - 2016-08-31 20:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-09-14 16:52 - 2016-08-31 20:48 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-09-14 16:52 - 2016-08-31 20:45 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-09-14 16:52 - 2016-08-31 20:34 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-09-14 16:52 - 2016-08-31 20:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-09-14 16:52 - 2016-08-31 20:29 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-09-14 16:52 - 2016-08-31 20:29 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-09-14 16:52 - 2016-08-31 20:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-09-14 16:52 - 2016-08-31 20:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-09-14 16:52 - 2016-08-31 19:45 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-14 16:52 - 2016-08-31 19:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-09-14 16:52 - 2016-08-31 19:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-09-14 16:52 - 2016-08-31 19:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-09-14 16:52 - 2016-08-31 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-09-14 16:52 - 2016-08-31 19:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-09-14 16:52 - 2016-08-31 19:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-09-14 16:52 - 2016-08-31 19:24 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-14 16:52 - 2016-08-31 19:24 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-14 16:52 - 2016-08-31 19:24 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-09-14 16:52 - 2016-08-31 19:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-09-14 16:52 - 2016-08-31 19:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-09-14 16:52 - 2016-08-31 19:16 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-09-14 16:52 - 2016-08-31 19:15 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-09-14 16:52 - 2016-08-31 19:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-09-14 16:52 - 2016-08-31 19:11 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-09-14 16:52 - 2016-08-31 19:11 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-09-14 16:52 - 2016-08-31 19:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-14 16:52 - 2016-08-31 19:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-09-14 16:52 - 2016-08-31 19:06 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-14 16:52 - 2016-08-31 19:03 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-09-14 16:52 - 2016-08-31 18:59 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-09-14 16:52 - 2016-08-31 18:51 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-09-14 16:52 - 2016-08-31 18:50 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-09-14 16:52 - 2016-08-31 18:47 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-09-14 16:52 - 2016-08-31 18:46 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-09-14 16:52 - 2016-08-31 18:44 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-09-14 16:52 - 2016-08-31 18:42 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-09-14 16:52 - 2016-08-31 18:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-09-14 16:52 - 2016-08-31 18:29 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-09-14 16:52 - 2016-08-31 18:28 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-14 16:52 - 2016-08-31 18:27 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-09-14 16:52 - 2016-08-31 18:26 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-09-14 16:52 - 2016-08-31 18:15 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-14 16:52 - 2016-08-31 18:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-14 16:52 - 2016-08-31 17:58 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-14 16:52 - 2016-08-31 17:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-14 16:52 - 2016-08-12 11:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-14 16:52 - 2016-08-12 11:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-14 16:52 - 2016-08-12 11:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-14 16:50 - 2016-09-02 10:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-09-14 16:50 - 2016-09-02 10:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-14 16:50 - 2016-09-02 10:35 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-09-14 16:50 - 2016-09-02 10:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-09-14 16:50 - 2016-09-02 10:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-14 16:50 - 2016-09-02 10:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-14 16:50 - 2016-09-02 10:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-09-14 16:50 - 2016-09-02 10:31 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-09-14 16:50 - 2016-09-02 10:31 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-09-14 16:50 - 2016-09-02 10:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-09-14 16:50 - 2016-09-02 10:31 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-09-14 16:50 - 2016-09-02 10:31 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-14 16:50 - 2016-09-02 10:31 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-09-14 16:50 - 2016-09-02 10:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-09-14 16:50 - 2016-09-02 10:31 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-09-14 16:50 - 2016-09-02 10:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-09-14 16:50 - 2016-09-02 10:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-09-14 16:50 - 2016-09-02 10:18 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 10:02 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-09-14 16:50 - 2016-09-02 10:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-09-14 16:50 - 2016-09-02 10:02 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-09-14 16:50 - 2016-09-02 09:58 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-09-14 16:50 - 2016-09-02 09:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-09-14 16:50 - 2016-09-02 09:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-14 16:50 - 2016-09-02 09:54 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-14 16:50 - 2016-09-02 09:54 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-14 16:50 - 2016-09-02 09:53 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-09-14 16:50 - 2016-09-02 09:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-09-14 16:50 - 2016-09-02 09:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-09-14 16:50 - 2016-09-02 09:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-09-14 16:50 - 2016-09-02 09:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-09-14 16:50 - 2016-09-02 09:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-09-14 16:50 - 2016-09-02 09:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 09:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-09-14 16:50 - 2016-09-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-09-14 16:49 - 2016-09-02 10:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-09-14 16:49 - 2016-09-02 10:30 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-09-14 16:49 - 2016-09-02 10:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-09-14 16:49 - 2016-09-02 10:30 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-09-14 16:49 - 2016-09-02 10:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-09-14 16:49 - 2016-09-02 10:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-09-14 16:49 - 2016-09-02 10:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-09-14 16:49 - 2016-09-02 10:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-09-14 16:49 - 2016-09-02 10:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-09-14 16:49 - 2016-09-02 10:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-09-14 16:49 - 2016-09-02 10:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-09-14 16:49 - 2016-09-02 09:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-09-14 16:49 - 2016-09-02 09:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-09-14 16:49 - 2016-08-16 12:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-14 16:49 - 2016-08-15 21:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-14 16:49 - 2016-08-15 21:35 - 03218432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-14 16:49 - 2016-08-06 10:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-14 16:49 - 2016-08-06 10:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-14 18:07 - 2013-06-18 20:56 - 00000000 ___RD C:\Users\Alex\Dropbox
2016-10-14 18:04 - 2015-01-31 20:37 - 00969464 _____ C:\Windows\ntbtlog.txt
2016-10-14 17:25 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-14 17:25 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-14 17:17 - 2011-08-05 21:41 - 00000000 ____D C:\ProgramData\clear.fi
2016-10-14 17:17 - 2011-08-05 21:34 - 00000000 ____D C:\Users\Alex\AppData\Local\Adobe
2016-10-14 17:17 - 2011-04-28 09:39 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-14 17:16 - 2014-02-08 13:50 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-14 17:16 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-14 17:16 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\ModemLogs
2016-10-14 16:24 - 2011-08-12 21:47 - 00000000 ____D C:\Users\Alex\AppData\Roaming\foobar2000
2016-10-14 16:02 - 2015-06-16 17:51 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1282236500-1533785801-392934604-1001UA.job
2016-10-14 15:55 - 2012-03-29 19:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-14 15:41 - 2014-02-08 13:50 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-14 07:58 - 2013-06-18 20:52 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Dropbox
2016-10-14 07:58 - 2009-07-14 00:08 - 00032638 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-10-14 00:02 - 2015-06-16 17:51 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1282236500-1533785801-392934604-1001Core.job
2016-10-13 20:55 - 2012-03-29 19:14 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-13 20:55 - 2012-03-29 19:14 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-13 20:55 - 2012-02-27 07:56 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-13 20:55 - 2011-09-08 22:49 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-13 20:55 - 2011-04-13 04:33 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-13 20:35 - 2011-08-07 07:35 - 00000000 ____D C:\Users\Alex\AppData\LocalLow\Temp
2016-10-13 20:31 - 2014-03-20 21:49 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-10-13 20:25 - 2014-03-20 21:46 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-10-13 20:19 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-10-11 19:02 - 2011-08-06 12:52 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Audacity
2016-10-11 19:01 - 2011-04-28 09:53 - 00000000 ____D C:\ProgramData\Temp
2016-10-11 07:15 - 2011-08-06 19:01 - 00000000 ____D C:\Users\Alex\Documents\PC Files
2016-10-11 06:23 - 2016-05-01 13:59 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-10-11 06:22 - 2013-01-29 08:09 - 00009349 _____ C:\Windows\wininit.ini
2016-10-11 06:02 - 2013-03-13 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-11 06:02 - 2013-03-13 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-11 06:02 - 2009-07-13 23:45 - 00517744 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-11 06:01 - 2013-03-13 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-10 22:08 - 2011-04-13 04:17 - 00000000 ____D C:\ProgramData\McAfee
2016-10-10 22:04 - 2011-04-13 04:17 - 00000000 ____D C:\Program Files\Common Files\mcafee
2016-10-10 22:02 - 2011-04-13 04:17 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-10-10 21:54 - 2011-08-05 21:34 - 00122488 _____ C:\Users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-10 21:50 - 2015-04-26 10:13 - 00000000 ____D C:\ProgramData\Panda Security URL Filtering
2016-10-10 21:49 - 2015-04-26 10:11 - 00000000 ____D C:\Program Files (x86)\Panda Security
2016-10-10 21:49 - 2015-04-26 10:08 - 00000000 ____D C:\ProgramData\Panda Security
2016-10-10 21:47 - 2015-04-26 10:12 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Panda Security
2016-10-10 21:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-10-10 20:43 - 2015-04-26 10:13 - 00000000 ____D C:\ProgramData\panda_url_filtering
2016-10-07 12:24 - 2011-08-05 21:43 - 00000000 ____D C:\Users\Alex\AppData\Local\ElevatedDiagnostics
2016-10-07 11:38 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-10-07 08:29 - 2012-10-14 09:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-04 19:13 - 2009-07-14 00:13 - 00006206 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-30 16:43 - 2014-02-08 13:50 - 00002159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-30 14:24 - 2015-06-16 17:51 - 00000000 ____D C:\Users\Alex\AppData\Local\Dropbox
2016-09-29 21:30 - 2016-08-22 13:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2016-09-17 23:55 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT
2016-09-17 23:46 - 2011-08-07 05:43 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-17 13:11 - 2011-08-06 12:38 - 00000000 ____D C:\Program Files (x86)\Squeezebox
2016-09-16 08:13 - 2013-03-28 06:39 - 00000000 ____D C:\ProgramData\Package Cache

==================== Files in the root of some directories =======

1995-06-23 16:41 - 1995-06-23 16:41 - 0001398 _____ () C:\Program Files (x86)\BIBLE.ICO
2005-03-29 16:25 - 2005-03-29 16:25 - 0389120 _____ () C:\Program Files (x86)\CLASSICS.EXE
2009-05-14 10:39 - 2009-05-14 10:39 - 0009400 _____ () C:\Program Files (x86)\COPYRITE.TXT
2006-09-19 15:40 - 2006-09-19 15:40 - 0186985 _____ () C:\Program Files (x86)\help.chm
2010-10-25 16:44 - 2010-10-25 16:44 - 0010307 _____ () C:\Program Files (x86)\JawsInstructions.doc
2010-10-22 09:03 - 2010-10-22 09:03 - 0007343 _____ () C:\Program Files (x86)\JawsInstructions.txt
2010-10-28 14:46 - 2010-10-28 14:46 - 0151552 _____ () C:\Program Files (x86)\JawsPlugin.exe
2011-10-01 15:52 - 2011-10-01 15:52 - 0184083 _____ () C:\Program Files (x86)\LABELS.TWP
2009-05-15 07:09 - 2009-05-15 07:09 - 0014484 _____ () C:\Program Files (x86)\License Agreement.rtf
2009-05-14 11:13 - 2009-05-14 11:13 - 3267072 _____ () C:\Program Files (x86)\Manual.doc
2010-04-05 10:50 - 2010-04-05 10:50 - 0467744 _____ () C:\Program Files (x86)\Manual.pdf
1999-10-11 09:21 - 1999-10-11 09:21 - 0000742 _____ () C:\Program Files (x86)\READINGS.NT
1999-10-11 09:21 - 1999-10-11 09:21 - 0000742 _____ () C:\Program Files (x86)\READINGS.OT
2005-02-18 11:44 - 2005-02-18 11:44 - 0483966 _____ () C:\Program Files (x86)\SERMON.BMP
2010-10-12 06:42 - 2010-10-12 06:42 - 0023040 _____ () C:\Program Files (x86)\Setting Up Verse Search To Work With Speech.doc
1999-10-11 09:22 - 1999-10-11 09:22 - 0153958 _____ () C:\Program Files (x86)\TIME.BMP
1998-04-13 05:28 - 1998-04-13 05:28 - 1790878 _____ () C:\Program Files (x86)\TIMELINE.BMP
1995-09-26 08:53 - 1995-09-26 08:53 - 0004331 _____ () C:\Program Files (x86)\VERSES.WCM
2005-02-16 11:03 - 2005-02-16 11:03 - 0006513 _____ () C:\Program Files (x86)\verses10.wcm
2003-02-07 16:42 - 2003-02-07 16:42 - 0006414 _____ () C:\Program Files (x86)\VERSES6.WCM
2005-02-16 11:03 - 2005-02-16 11:03 - 0006116 _____ () C:\Program Files (x86)\verses9.wcm
2005-03-23 15:39 - 2005-03-23 15:39 - 0032256 _____ () C:\Program Files (x86)\versesXP.dot
2011-11-03 08:34 - 2011-11-03 08:34 - 0516096 _____ () C:\Program Files (x86)\VSWIN.exe
2005-02-18 16:35 - 2005-02-18 16:35 - 0000692 _____ () C:\Program Files (x86)\vswin.exe.manifest
2002-08-22 14:03 - 2002-08-22 14:03 - 0200757 _____ (Business Resource Software, Inc.) C:\Program Files (x86)\webupdate.exe
2002-05-14 09:17 - 2002-05-14 09:17 - 0184375 _____ (Business Resource Software, Inc.) C:\Program Files (x86)\webupdate2.exe
2000-10-26 13:52 - 2000-10-26 13:52 - 0004096 _____ () C:\Program Files (x86)\wpid.dlf
2009-01-07 16:44 - 2009-01-07 16:44 - 0000068 _____ () C:\Program Files (x86)\wuid.dlf
2015-07-18 16:20 - 2015-07-18 16:20 - 0000132 _____ () C:\Users\Alex\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-01-19 09:32 - 2013-01-19 09:36 - 0016952 ____T (Un4seen Developments) C:\Users\Alex\AppData\Roaming\Microsoft\1eaadjc.dll
2013-01-19 09:32 - 2013-01-19 09:36 - 0018724 ____T () C:\Users\Alex\AppData\Roaming\Microsoft\bass.dll
2013-01-19 09:32 - 2013-01-19 09:36 - 0014392 ____T (Un4seen Developments) C:\Users\Alex\AppData\Roaming\Microsoft\kfgresk.dll
2013-01-19 09:32 - 2013-01-19 09:36 - 0013984 ____T () C:\Users\Alex\AppData\Roaming\Microsoft\mjcriu.dll
2013-01-19 09:32 - 2013-01-19 09:36 - 0010808 ____T (Un4seen Developments) C:\Users\Alex\AppData\Roaming\Microsoft\peaadje.dll
2013-01-19 09:32 - 2013-01-19 09:36 - 0026200 ____T ((: JOBnik! :) [Arthur Aminov, ISRAEL]) C:\Users\Alex\AppData\Roaming\Microsoft\qwadjb.dll
2013-01-19 09:32 - 2013-01-19 09:36 - 0015416 ____T (Un4seen Developments) C:\Users\Alex\AppData\Roaming\Microsoft\rsaadjd.dll
2013-01-19 09:32 - 2013-01-19 09:36 - 0098360 ____T (Un4seen Developments) C:\Users\Alex\AppData\Roaming\Microsoft\~DFK1a266dd8.tmp
2012-08-21 20:51 - 2012-08-21 20:51 - 0003584 _____ () C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-02 21:43 - 2013-06-29 07:42 - 0007605 _____ () C:\Users\Alex\AppData\Local\resmon.resmoncfg
2011-04-28 09:53 - 2011-08-07 09:15 - 0015700 _____ () C:\ProgramData\ArcadeDeluxe5.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-05 00:44

==================== End of FRST.txt ============================

 

................................................................................................................................................................................

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-10-2016
Ran by Alex (14-10-2016 18:09:05)
Running from C:\Users\Alex\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-08-06 02:34:48)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1282236500-1533785801-392934604-500 - Administrator - Disabled)
Alex (S-1-5-21-1282236500-1533785801-392934604-1001 - Administrator - Enabled) => C:\Users\Alex
Guest (S-1-5-21-1282236500-1533785801-392934604-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1282236500-1533785801-392934604-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-1282236500-1533785801-392934604-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan Enterprise Antispyware Module (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ablebits.com Merge Tables Wizard for Microsoft Excel (HKLM-x32\...\{0B4DE455-5969-42A0-BF23-9C9AE7B14CBA}) (Version: 4.0.32 - Add-in Express Ltd.)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.4 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0825.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Advanced Renamer (HKLM-x32\...\Advanced Renamer_is1) (Version: 3.73 - Hulubulu Software)
Agatha Christie - 4:50 from Paddington (x32 Version: 2.2.0.95 - WildTangent) Hidden
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 3.1.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 3.1.0 - Amazon Services LLC) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CA USB Audio 2 Driver v1.67.0 (HKLM-x32\...\CA USB Audio 2 Driver v1.67.0) (Version: 1.67.0 - Cambridge Audio)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MG2200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2200_series) (Version: 1.00 - Canon Inc.)
Canon MG2200 series On-screen Manual (HKLM-x32\...\Canon MG2200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG2200 series User Registration (HKLM-x32\...\Canon MG2200 series User Registration) (Version:  - Canon Inc.‎)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version:  - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1720.15 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.1720.15 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.7713 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3009 - Acer Incorporated)
Creative Centrale (HKLM-x32\...\Creative Centrale) (Version: 1.17.01 - Creative Technology Ltd.)
Creative Centrale (x32 Version: 1.17.01 - Creative Technology Ltd.) Hidden
Creative Software Update (x32 Version: 1.03.01 - Creative Technology Ltd.) Hidden
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\Dropbox) (Version: 12.4.22 - Dropbox, Inc.)
Easy CD-DA Extractor 12 (HKLM-x32\...\Easy CD-DA Extractor 12) (Version: 12.0 - Poikosoft)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Elevated Installer (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
EZ CD Audio Converter (32-bit) (HKLM-x32\...\EZ CD Audio Converter (32-bit)) (Version: 2.0.4 - Poikosoft)
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Finale PrintMusic 2006 (HKLM-x32\...\Finale PrintMusic 2006) (Version:  - )
Finale PrintMusic 2011 (HKLM-x32\...\Finale PrintMusic 2011) (Version: 2011.a.r1.4 - MakeMusic)
foobar2000 v1.3.7 (HKLM-x32\...\foobar2000) (Version: 1.3.7 - Peter Pawlowski)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin City Navigator NorthAmerica NT 2013.30 Update (HKLM-x32\...\{45C4E2EC-53D5-4190-B1A5-02B9BA732C3A}) (Version: 16.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{5b45c228-dcb1-4a0b-a9de-3b4b683ef15d}) (Version: 4.1.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3014 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)
Ignite (HKLM-x32\...\{9A731246-E02E-44DC-940D-0F8110C1789D}) (Version: 1.2.1 - AIR Music Technology)
Ignite (x32 Version: 1.2.1 - AIR Music Technology) Hidden
iRiver Updater (HKLM-x32\...\MLUpdater) (Version:  - iRiver, Inc.)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Jewel Quest Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manual CanoScan LiDE 60 (HKLM-x32\...\{23B72D50-1C7E-491C-8086-9E060051D316}) (Version:  - )
McAfee Agent (HKLM-x32\...\{EBF3D65F-011E-44D2-8F4F-C74B52682EDD}) (Version: 4.8.0.1500 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.06000 - McAfee, Inc.)
MediaFACE 4.01 (HKLM-x32\...\InstallShield_{7E9E66D5-F9C4-4071-BB11-C87F4C3A6869}) (Version: 4.01 - Fellowes)
MediaFACE 4.01 (x32 Version: 4.01 - Fellowes) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4867.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla)
MP3-Xtreme (HKLM-x32\...\{9382283C-FE06-4F21-BBF0-75999A3D73E9}) (Version: 5.0.12 - MP3-Xtreme)
MP3-Xtreme (HKLM-x32\...\{DD45680C-1F60-4C11-87F3-3C0DC9683CA2}) (Version: 6.3.9 - MP3-Xtreme)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.237 - Barnesandnoble.com)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.8 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7316 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.6684 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4867.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4867.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4867.1003 - Microsoft Corporation) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6045 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden
SlowGold (HKLM-x32\...\SlowGold) (Version:  - )
Spesoft ShoutOff 1.11 (HKLM-x32\...\Spesoft ShoutOff_is1) (Version:  - Spesoft)
StationRipper 2.98.4 (HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\StationRipper) (Version: 2.98.4 - Ratajik Software)
Stellarium 0.13.0 (HKLM-x32\...\Stellarium_is1) (Version: 0.13.0 - Stellarium team)
THE WORD Processor Family of Products (HKLM-x32\...\{4C6F51AD-561D-4C65-A40B-558B6E12A292}) (Version: 7.01.30 - Bible Research Systems)
Torchlight (x32 Version: 2.2.0.95 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3102 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.3.57 - WildTangent) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1282236500-1533785801-392934604-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1282236500-1533785801-392934604-1001_Classes\CLSID\{D39F2186-8F07-451F-A32A-25EC8912F1D7}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Add-in Express\Merge Tables Wizard for Microsoft Excel\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-1282236500-1533785801-392934604-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1282236500-1533785801-392934604-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1282236500-1533785801-392934604-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1282236500-1533785801-392934604-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1282236500-1533785801-392934604-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1282236500-1533785801-392934604-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1282236500-1533785801-392934604-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1282236500-1533785801-392934604-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1282236500-1533785801-392934604-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1282236500-1533785801-392934604-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1282236500-1533785801-392934604-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1282236500-1533785801-392934604-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B23F4D6-CE87-48E3-9519-FB2BEACE04B2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-06-28] (Microsoft Corporation)
Task: {0C442BAF-4E02-410D-A48E-024A168F90FD} - System32\Tasks\Western Digital\SmartWare\____Volume_5568d606_71a4_11e0_a410_806e6f6e6963______Volume_8ebb0b2d_c064_11e0_bcb7_f80f411af283__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe
Task: {12FACF93-E522-469E-AA2D-D5196A586502} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1282236500-1533785801-392934604-1001Core => C:\Users\Alex\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {1D37CA0A-8A76-4A41-B403-3FD01D4F8C21} - System32\Tasks\{1708A020-D035-4D89-8A37-FE0C57D5356E} => C:\Program Files (x86)\PCPitstop\Optimize\PCPOptimize.exe
Task: {2DAAD89F-DF09-4A4A-825A-4E3FCEF4DBF6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-04] (Microsoft Corporation)
Task: {302B9297-6515-4BD6-9F05-622EE5C6308B} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-05-20] (Acer Incorporated)
Task: {3034A23D-2210-4730-8473-8174DAC40021} - System32\Tasks\{71A1DAD5-AE07-4EF3-9C9D-454E6DA5446A} => C:\Program Files (x86)\PCPitstop\Optimize\PCPOptimize.exe
Task: {306E89BD-EE3B-468A-B805-DB768514CEB9} - System32\Tasks\{E41CE514-654A-4A0E-8BBA-2873B7EDCF01} => C:\Program Files (x86)\Paint Shop Pro 6\Psp.exe
Task: {392E4BFB-8E0D-4950-AD0A-2CCAE41ADE6D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-13] (Adobe Systems Incorporated)
Task: {3D52F19D-94B1-4703-B2AE-87F4D6F1EA92} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-06-28] (Microsoft Corporation)
Task: {5E9594DF-5847-4E43-9BAC-FAD2E2BE2BA2} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-02-22] (CyberLink Corp.)
Task: {65782088-3F90-4542-ABCC-BF54D76DD007} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {6EA0607B-780E-41FC-96D3-80B98E7ADC29} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-04] (Microsoft Corporation)
Task: {AD08473E-D06F-4971-87F6-A2099CF95997} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-08-31] ()
Task: {C06F1477-C163-4526-892D-8F5A214A25FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D3AFB8BB-20FA-4920-940F-987A0FB46A3B} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-05-20] (CyberLink)
Task: {E8BF4C5D-2383-4F46-B74A-40F22FBEC7B2} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1282236500-1533785801-392934604-1001UA => C:\Users\Alex\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {EDCB6BE7-11D2-40CB-9A47-2AE61D06389A} - System32\Tasks\AdobeAAMUpdater-1.0-Alex-PC-Alex => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1282236500-1533785801-392934604-1001Core.job => C:\Users\Alex\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1282236500-1533785801-392934604-1001UA.job => C:\Users\Alex\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-27 11:16 - 2016-05-24 11:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Alex\Desktop\ESETPoweliksCleaner.exe:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7912 more sites.

IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1001\...\123simsen.com -> www.123simsen.com

There are 7912 more sites.

IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1282236500-1533785801-392934604-1003\...\123simsen.com -> www.123simsen.com

There are 7912 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-07-23 09:38 - 00453233 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.10sek.com
127.0.0.1    10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    www.123fporn.info
127.0.0.1    123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15549 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1282236500-1533785801-392934604-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1282236500-1533785801-392934604-1003\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
DNS Servers: 208.180.42.68 - 208.180.42.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MSCONFIG\startupreg: MediaFace Integration => C:\Program Files (x86)\Fellowes\MediaFACE 4.0\SetHook.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C4234AE7-93A3-4D63-84D7-57DDB4DE8728}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{A8D9FB9D-01A3-4300-8B02-5581AEB30CE3}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{70A0B316-8608-4C51-8F84-5B66C3D775FD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3AD5184C-B4FC-4A88-AB6D-734ED2712FD8}] => (Allow) LPort=2869
FirewallRules: [{B1D7CA4F-B6E0-43D0-853A-B21E4E9455F6}] => (Allow) LPort=1900
FirewallRules: [{7A714266-828A-451F-A3E3-C3C24FA9962C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{684B51C5-95E5-4CA5-A81A-BC73FA69DB72}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{05BA0B1E-8630-4939-8AC4-609A5F15DC12}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{87E74D9F-D4FC-4CDA-B2BB-BA5717AF868A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{9DAA19A1-2D39-485D-A267-0D646638C6A5}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{2CD7A4BD-B5F5-4481-A77D-81BEA7281FBB}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{98962055-47F6-4F03-998F-73BB181D0782}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{BB4FA9CB-4BA0-4743-B809-C6EB7206238A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{432BD3D0-4FA8-4DD3-914B-979BE237D3E2}] => (Allow) C:\Program Files (x86)\Squeezebox\server\SqueezeSvr.exe
FirewallRules: [{AA2F5BF1-CE34-4512-A8AF-580EE7B6D50A}] => (Allow) C:\Program Files (x86)\Squeezebox\server\SqueezeSvr.exe
FirewallRules: [{C38A19C6-AF6C-443F-98C9-FE4119FBF5B0}] => (Allow) C:\Program Files (x86)\Squeezebox\server\SqueezeSvr.exe
FirewallRules: [{074670CF-8BD3-47DB-915A-694E26EC5169}] => (Allow) C:\Program Files (x86)\Squeezebox\server\SqueezeSvr.exe
FirewallRules: [{AADB173F-8808-4908-BD68-9632F4FD2B13}] => (Allow) C:\Program Files (x86)\Amazon\MP3 Downloader\AmazonMP3Downloader.exe
FirewallRules: [{EF298B13-B371-49AE-8D90-CC6DBA74624A}] => (Allow) C:\Program Files (x86)\Amazon\MP3 Downloader\AmazonMP3Downloader.exe
FirewallRules: [{B2CDF226-0FB9-424B-829D-91F1F2F1B87E}] => (Allow) C:\Program Files (x86)\Amazon\MP3 Downloader\AmazonMP3Downloader.exe
FirewallRules: [{54BE1DEF-B3BB-471D-B5AD-40A3DA545D0B}] => (Allow) C:\Program Files (x86)\Amazon\MP3 Downloader\AmazonMP3Downloader.exe
FirewallRules: [{85272930-A0F4-440D-9A61-1F6F526140B6}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{CA151A18-38FF-49F9-AFA8-6A407E3E70EE}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{864F0DB0-5616-4BD7-A663-5191FB634D2F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{4E41A01B-5211-4668-9E49-7523F657CFF2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{DAD5A40C-2FCE-4FCC-A759-A86FB5D49BE6}] => (Allow) C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{975C0C8F-0FED-49B3-BE7E-598D42FA1BCA}] => (Allow) C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{89C4534D-BB40-48C9-A558-B20ECA1BBCD0}] => (Allow) C:\Program Files (x86)\Squeezebox\server\SqueezeSvr.exe
FirewallRules: [{5E28C87B-5328-4122-8588-2DBF8773FB65}] => (Allow) C:\Program Files (x86)\MP3-Xtreme 5.0\mp3-xtreme.exe
FirewallRules: [{4334C578-BAC4-4AA8-90DE-32D453DB79CB}] => (Allow) C:\Program Files (x86)\MP3-Xtreme 5.0\mp3-xtreme.exe
FirewallRules: [{9BA9D1D8-3C79-4066-8AAC-D4AE03B86733}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{6F353D5B-BA94-4B28-9D55-14BF8041417C}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{D7036C18-355C-400A-80F3-63FFEFCDFFB4}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{6F7BBEF6-5D2F-4CFA-8E39-02A670E9F12A}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{49223C2E-9220-45FC-AA98-6A0F6C0644B7}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{8CAD5D9E-BA74-4F05-B350-2C401897F3E4}] => (Allow) C:\Users\Alex\AppData\Roaming\MP3-Xtreme 6\mp3-xtreme.exe
FirewallRules: [{2DF37ABB-1935-41C3-BA66-60B82E1490CD}] => (Allow) C:\Users\Alex\AppData\Roaming\MP3-Xtreme 6\mp3-xtreme.exe
FirewallRules: [{41C87992-D720-4204-BFAA-D1AD8423E61A}] => (Allow) C:\Program Files (x86)\Squeezebox\server\SqueezeSvr.exe
FirewallRules: [{605E5E4B-DB1D-4637-9577-157236555017}] => (Allow) C:\Program Files (x86)\Squeezebox\server\SqueezeSvr.exe
FirewallRules: [TCP Query User{1DF1E809-AE38-4E85-AADA-8DF722A14B62}C:\program files (x86)\ratajik software\stationripper\stationripperconsole.exe] => (Allow) C:\program files (x86)\ratajik software\stationripper\stationripperconsole.exe
FirewallRules: [UDP Query User{BFC27FB5-A916-46D5-980F-3CF0040D9C27}C:\program files (x86)\ratajik software\stationripper\stationripperconsole.exe] => (Allow) C:\program files (x86)\ratajik software\stationripper\stationripperconsole.exe
FirewallRules: [TCP Query User{A2AF2DE1-3209-421B-88E2-C10C4E7B3A41}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe
FirewallRules: [UDP Query User{A1F8C3D3-3D85-4ACD-A135-CC384A31F55F}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe
FirewallRules: [{3D5D2166-DBAB-4A67-A7CF-23077A7159D7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C1DB5DA7-CAB5-4A38-8D8B-D72E1A606928}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{70743D02-AD87-434B-B9BB-F31704627A5E}C:\program files\reaper (x64)\reamote.exe] => (Allow) C:\program files\reaper (x64)\reamote.exe
FirewallRules: [UDP Query User{FB207406-B0A8-445D-BDC2-729D4149DAAD}C:\program files\reaper (x64)\reamote.exe] => (Allow) C:\program files\reaper (x64)\reamote.exe
FirewallRules: [{537AED69-8547-4E3F-A0FE-7B0935879410}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9A9FAFDB-9376-45C1-8F5E-52996902B075}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8A454167-9E9D-483B-99E1-7490F516962B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{3802FFDB-E136-454E-ABC4-F2C7EDF26EE1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{4A0D18C1-2FB7-476B-BE5C-EA9196B0612A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{7416DECA-56BE-4656-97B6-8CAC9AAE5562}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{F4F2F47F-9879-4BE4-8282-94F42E2CBE29}C:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{A59C12FE-459B-403F-876D-1F57A86317F9}C:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{C6513BB1-0F34-45D8-B030-82D500AEF414}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BB465DAF-13D7-40EA-9438-8383EBF2BE2A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{442B6040-FCF1-44DC-9BE5-7F72D2965F4E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1E1472F6-D910-4B92-9E79-102E03DB022F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B6FC959D-2193-4523-9D94-C4AAAE285870}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F7175666-87BA-4AE1-870D-675C30159B81}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{862954C1-5284-4913-A658-39F23DB8A8BE}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{57A3561D-B174-4203-A648-6484A6B609B2}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{539F43AF-01BA-4708-95F9-144B52C72B1E}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{82CECD96-8FDE-421A-B0E1-80274EAE1DAD}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
DomainProfile\GloballyOpenPorts: [9000:TCP] => Enabled:Logitech Media Server 9000 tcp (UI)
DomainProfile\GloballyOpenPorts: [9001:TCP] => Enabled:Logitech Media Server 9001 tcp (UI)
DomainProfile\GloballyOpenPorts: [9002:TCP] => Enabled:Logitech Media Server 9002 tcp (UI)
DomainProfile\GloballyOpenPorts: [9003:TCP] => Enabled:Logitech Media Server 9003 tcp (UI)
DomainProfile\GloballyOpenPorts: [9004:TCP] => Enabled:Logitech Media Server 9004 tcp (UI)
DomainProfile\GloballyOpenPorts: [9005:TCP] => Enabled:Logitech Media Server 9005 tcp (UI)
DomainProfile\GloballyOpenPorts: [9006:TCP] => Enabled:Logitech Media Server 9006 tcp (UI)
DomainProfile\GloballyOpenPorts: [9007:TCP] => Enabled:Logitech Media Server 9007 tcp (UI)
DomainProfile\GloballyOpenPorts: [9008:TCP] => Enabled:Logitech Media Server 9008 tcp (UI)
DomainProfile\GloballyOpenPorts: [9009:TCP] => Enabled:Logitech Media Server 9009 tcp (UI)
DomainProfile\GloballyOpenPorts: [9010:TCP] => Enabled:Logitech Media Server 9010 tcp (UI)
DomainProfile\GloballyOpenPorts: [9100:TCP] => Enabled:Logitech Media Server 9100 tcp (UI)
DomainProfile\GloballyOpenPorts: [8000:TCP] => Enabled:Logitech Media Server 8000 tcp (UI)
DomainProfile\GloballyOpenPorts: [10000:TCP] => Enabled:Logitech Media Server 10000 tcp (UI)
DomainProfile\GloballyOpenPorts: [9090:TCP] => Enabled:Logitech Media Server 9090 tcp (UI)
DomainProfile\GloballyOpenPorts: [3483:UDP] => Enabled:Logitech Media Server 3483 udp
DomainProfile\GloballyOpenPorts: [3483:TCP] => Enabled:Logitech Media Server 3483 tcp
StandardProfile\GloballyOpenPorts: [9000:TCP] => Enabled:Logitech Media Server 9000 tcp (UI)
StandardProfile\GloballyOpenPorts: [9001:TCP] => Enabled:Logitech Media Server 9001 tcp (UI)
StandardProfile\GloballyOpenPorts: [9002:TCP] => Enabled:Logitech Media Server 9002 tcp (UI)
StandardProfile\GloballyOpenPorts: [9003:TCP] => Enabled:Logitech Media Server 9003 tcp (UI)
StandardProfile\GloballyOpenPorts: [9004:TCP] => Enabled:Logitech Media Server 9004 tcp (UI)
StandardProfile\GloballyOpenPorts: [9005:TCP] => Enabled:Logitech Media Server 9005 tcp (UI)
StandardProfile\GloballyOpenPorts: [9006:TCP] => Enabled:Logitech Media Server 9006 tcp (UI)
StandardProfile\GloballyOpenPorts: [9007:TCP] => Enabled:Logitech Media Server 9007 tcp (UI)
StandardProfile\GloballyOpenPorts: [9008:TCP] => Enabled:Logitech Media Server 9008 tcp (UI)
StandardProfile\GloballyOpenPorts: [9009:TCP] => Enabled:Logitech Media Server 9009 tcp (UI)
StandardProfile\GloballyOpenPorts: [9010:TCP] => Enabled:Logitech Media Server 9010 tcp (UI)
StandardProfile\GloballyOpenPorts: [9100:TCP] => Enabled:Logitech Media Server 9100 tcp (UI)
StandardProfile\GloballyOpenPorts: [8000:TCP] => Enabled:Logitech Media Server 8000 tcp (UI)
StandardProfile\GloballyOpenPorts: [10000:TCP] => Enabled:Logitech Media Server 10000 tcp (UI)
StandardProfile\GloballyOpenPorts: [9090:TCP] => Enabled:Logitech Media Server 9090 tcp (UI)
StandardProfile\GloballyOpenPorts: [3483:UDP] => Enabled:Logitech Media Server 3483 udp
StandardProfile\GloballyOpenPorts: [3483:TCP] => Enabled:Logitech Media Server 3483 tcp

==================== Restore Points =========================

10-10-2016 22:02:40 Installed McAfee VirusScan Enterprise.
11-10-2016 05:58:56 Windows Update
11-10-2016 07:12:33 Checkpoint by HitmanPro
11-10-2016 07:14:33 Checkpoint by HitmanPro
11-10-2016 19:03:27 Windows Update
11-10-2016 21:10:42 Windows Update
13-10-2016 20:17:37 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/14/2016 05:27:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/14/2016 05:18:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/14/2016 05:15:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (10/14/2016 04:50:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/14/2016 04:43:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/14/2016 04:39:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/14/2016 03:19:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/14/2016 03:14:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/14/2016 02:46:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/14/2016 08:33:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (10/14/2016 06:11:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (10/14/2016 06:11:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (10/14/2016 06:11:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (10/14/2016 06:08:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (10/14/2016 06:08:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (10/14/2016 06:08:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (10/14/2016 06:08:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (10/14/2016 06:08:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (10/14/2016 06:08:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (10/14/2016 06:08:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.


CodeIntegrity:
===================================
  Date: 2012-10-25 20:54:45.805
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\SETA122.tmp because the set of per-page image hashes could not be found on the system.

  Date: 2012-10-25 20:54:45.800
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\SETA122.tmp because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon™ II X4 645 Processor
Percentage of memory in use: 20%
Total physical RAM: 3839.37 MB
Available physical RAM: 3058.57 MB
Total Virtual: 7676.92 MB
Available Virtual: 6972.02 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:913.84 GB) (Free:525.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 30B99EF2)
Partition 1: (Not Active) - (Size=17.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=913.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 AM

Posted 14 October 2016 - 06:33 PM

Your logs looks good :) Though since MBAM and EEK both detected a few PUPs, I would like you to run JRT and AdwCleaner to see if they can catch some remnants.

iT103hr.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
How's your computer running now? No more warnings?

Your next reply(ies) should therefore contain:
  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;
  • Answer to my question about your computer's current state;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 swan36fc

swan36fc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 14 October 2016 - 06:34 PM

Oops, I didn't have fixlist.txt on the desktop, so I'll rerun FRST scan now.



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 AM

Posted 14 October 2016 - 06:35 PM

All good, there's no need to have a fixlist.txt when you run a simple FRST scan, only when you run a Fix and that's not what I asked you to do this time :) Please go on with the instructions in my previous post.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 swan36fc

swan36fc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 14 October 2016 - 08:18 PM

Yoan,

 

OK, all done.  Not seeing any messages, warnings, or detections by McAfee.  Pasting logs below.  Thanks!!

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Home Premium x64
Ran by Alex (Limited) on Fri 10/14/2016 at 19:53:19.11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 68

Successfully deleted: C:\Users\Alex\AppData\Local\{008EB56F-D0C1-4A14-A3CA-2D08859E134B} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{0BD4C410-438C-44EA-98E1-9D44DD3EAE05} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{1105586B-7697-4228-8C59-E7D9F2934C2B} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{1736F99B-33B5-4996-A9DA-472A035529C7} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{1CD8032E-398A-4114-873B-492AC449D7D9} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{1F3CCF22-FF6F-4463-B473-EFC780B7DD32} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{25AE9994-9C6A-4335-BD2F-2CDA3A278638} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{2BCA28AA-3A59-433B-9142-5FE3E54834EA} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{312CFEE7-1807-4CA1-A096-1BA9E4F1FBF8} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{314BAF29-D9E6-4D37-A815-6B20E4C805B7} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{318AC202-7EAA-4D3F-B05E-95CD708F193A} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{31F0DEA0-F9D4-4974-90DA-89F1AFEA175B} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{397CA7BE-ABEF-4D14-B872-E2DA9EEA627F} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{3CD7812B-D198-4A9A-81F4-34BA442F73A3} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{3D29BA99-6D1A-4CDE-A180-44DE86C4F95F} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{3E1B688E-4204-4F50-9B27-F9F73F26A03A} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{3E93DD96-9D10-4124-A6E4-E0A35D0CA019} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{54FE69EC-DA16-40A5-9BA3-86464533AA39} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{5DB1F297-212B-493D-965E-AA5D23F4C2CF} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{60BD3820-1618-45FD-B7CF-2789F44D90AC} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{65BE1326-2A75-4DED-9490-FBFD9953CF6F} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{6AC0567F-429C-4AEB-A346-F1D5A7F43231} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{6B9A5649-E7E0-4168-B548-CAF5FB5E5ABE} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{6BAC97AB-6A6B-4244-9B07-7E83A4E496B8} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{6BD8CD71-C9F5-46A4-B735-34FA80CBC347} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{84223BEC-E818-4AF6-A61E-7CA714199820} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{8882968A-9776-47C0-8D3B-EA597C54D16E} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{8A0AB510-4F74-45DE-B174-F9D2467C7850} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{8A1BCA8A-915E-4734-B5DD-008079D8EA63} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{912F0E58-C1FF-4051-83D5-4F242802A511} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{9719A13F-48B5-40B1-B7F1-FDF2DC25E9DC} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{9C6F6020-A039-4AB5-A024-1EA4E14E20C7} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{A5529455-BA9F-4D28-BA21-604D361432A6} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{B099D906-9404-4031-B22D-F3BB669A8AF0} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{B0CAA402-DC72-4A41-A8CE-48718BCEB027} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{B449796A-8D0B-435C-974D-59C3259EF62E} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{B749CD3B-1C99-4ABB-B0F3-D0E039E32E1E} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{BC6AC5F9-36FF-4A89-90BC-082767D415BF} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{C2DFCE0A-1C97-4334-8D57-BBE4AB0C3E88} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{C4693C73-4796-40BD-95C9-3AB79704C320} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{C77D470B-92F4-4154-8EFE-A0D45CEE7558} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{C8C9E48B-08AA-4185-BF5E-141267C8F547} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{CBCCCD53-FE9E-44E3-A680-9972B44E8B93} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{D3CF8492-7495-4DF8-8834-476FCE0AD520} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{D4A3F7E8-2AF4-48C6-909C-ED7030C5FD3D} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{DD3CA3F5-0945-448F-ADC0-A0AB3F9D6340} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{F3069C9C-E6AA-4395-9CB8-6F32F2982C55} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{F6EF8ACC-8692-4033-9658-E58261F11836} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{FD92DFC1-721B-4EB1-914F-671809064D8F} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\{FF7AC36A-F9ED-45D1-8183-90E0C2B568EA} (Empty Folder)
Successfully deleted: C:\Windows\SysWOW64\conduitengine.tmp (File)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25B7FBHB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6K9MP0DA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7IKYNDN1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D4YN2BT1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K0GWFC7A (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KV9ATI1F (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQ0KM2GC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X2AV0HE1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25B7FBHB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6K9MP0DA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7IKYNDN1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D4YN2BT1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K0GWFC7A (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KV9ATI1F (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQ0KM2GC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X2AV0HE1 (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 10/14/2016 at 19:55:07.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

.......................................................................................................................................................................

 

# AdwCleaner v6.021 - Logfile created 14/10/2016 at 20:07:30
# Updated on 06/10/2016 by ToolsLib
# Database : 2016-10-14.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Alex - ALEX-PC
# Running from : C:\Users\Alex\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Toolbar4


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\gamingwonderland.com
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
[-] Value deleted: HKU\S-1-5-21-1282236500-1533785801-392934604-1001\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
[#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\startnow.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduitapps.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\startnow.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduitapps.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com


***** [ Web browsers ] *****

[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2905 Bytes] - [14/10/2016 20:07:30]
C:\AdwCleaner\AdwCleaner[S0].txt - [3003 Bytes] - [14/10/2016 20:05:17]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3051 Bytes] ##########
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users