Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rkill: Missing Digital Signatures


  • This topic is locked This topic is locked
45 replies to this topic

#1 Purrington666

Purrington666

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 16 October 2016 - 06:12 AM

When I run RKill the subsequent report refers to "Missing Digital Signatures" [See Report Below]

 

Could someone clarify for me what this mean?

 

Does it mean I am infected?  Is there something I shouid do to restore these missing digital signatures?

 

Thank you for your assistance.

 

* No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
 * TBS [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * C:\windows\System32\drivers\usbuhci.sys : 30,720 : 03/24/2011 11:29 PM : 62069a34518bcf9c1fd9e74b3f6db7cd [NoSig]
 +-> C:\windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_c17f781c40b8b7eb\usbuhci.sys : 30,720 : 08/16/2016 04:40 PM : cfeaaf96e666e3dcbd8f6dff516784ae [Pos Repl]
 +-> C:\windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_d5d6e7e900318837\usbuhci.sys : 30,720 : 11/26/2013 09:41 PM : dd253afc3bc6cba412342de60c3647f3 [Pos Repl]
 +-> C:\windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_e2e6bd4da1573098\usbuhci.sys : 30,720 : 11/26/2013 09:42 PM : 2e682dce4319a90e02a327f8a427544a [Pos Repl]
 +-> C:\windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_f935002f367d5bb0\usbuhci.sys : 30,720 : 07/13/2009 08:06 PM : 81fb2216d3a60d1284455d511797db3d [Pos Repl]
 +-> C:\windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17514_none_1be864e21a2d2b97\usbuhci.sys : 30,720 : 07/13/2009 08:06 PM : 81fb2216d3a60d1284455d511797db3d [Pos Repl]
 +-> C:\windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.18328_none_1be17b8a1a31cc37\usbuhci.sys : 30,720 : 11/26/2013 09:41 PM : dd253afc3bc6cba412342de60c3647f3 [Pos Repl]
 +-> C:\windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.22526_none_1c6919a73351367a\usbuhci.sys : 30,720 : 11/26/2013 09:42 PM : 2e682dce4319a90e02a327f8a427544a [Pos Repl]
 +-> C:\windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.23529_none_1c6c03bd334e9c20\usbuhci.sys : 30,720 : 08/16/2016 04:40 PM : cfeaaf96e666e3dcbd8f6dff516784ae [Pos Repl]
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 10/16/2016 06:56:41 AM
Execution time: 0 hours(s), 6 minute(s), and 22 seconds(s)
 


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:21 AM

Posted 20 October 2016 - 09:39 PM

Greetings Purrington666 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

That is a legitimate file. Are you experincing any issues or just curious about that entry?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Purrington666

Purrington666
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 21 October 2016 - 03:26 AM

Gary:

 

Other than receiving the references to "Missing Digital Signatures" when running RKILL I cannot say that I am experiencing any issues that I could affirm are directly related to the "Missing Digital Signature."

 

Yesterday Malwarebytes caught a Trojan Virus the first I have had in some time.

 

Last week my Facebook Account was hacked but I changed my Facebook Password and Facebook Security checked and confirmed I was free of the pesky hacker.

 

In general my laptop moves slowly when using my Chrome browser.

 

That said, I do not know that any of these are related to the "Missing Digital Signature."

 

To be perfectly honest I do not even know what a Digital Signature is.

 

Thank you,

 

Lewis



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:21 AM

Posted 21 October 2016 - 08:29 AM

Hi Lewis,

We should take a look at your system to see if any malware is present. Please do these things.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your Desktop. <<< Important
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Purrington666

Purrington666
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 21 October 2016 - 01:37 PM

Here is the information you requested:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by Lewis (administrator) on LEWIS-PC (21-10-2016 14:16:24)
Running from C:\Users\Lewis\Downloads
Loaded Profiles: Lewis (Available Profiles: Lewis)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
() C:\windows\System32\spool\drivers\x64\3\dleaserv.exe
( ) C:\windows\System32\dleacoms.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9083840 2016-10-13] (AVAST Software)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1563424 2016-06-28] (Seagate Technology LLC)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [603392 2015-08-26] (NETGEAR Inc.)
HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127816 2016-06-28] (Seagate Technology LLC)
HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\Run: [GoogleChromeAutoLaunch_3BAC32AADE80AF6F1FCA1E64FC802131] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [966760 2016-09-24] (Google Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-19] (AVAST Software)
BootExecute: 
GroupPolicy: Restriction - Chrome <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{512CBD2E-1A65-4C25-8CE4-61EBFB239161}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{F14DFD07-90EC-4274-9560-CA914AC3CDF8}: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000 -> DefaultScope {BF508C70-3010-42B4-ACE6-F6229AA0A678} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000 -> {BF508C70-3010-42B4-ACE6-F6229AA0A678} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-08-19] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-08-19] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-25]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-25]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-16] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default [2016-10-21]
CHR Extension: (Google Drive) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-08]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-10-08]
CHR Extension: (YouTube) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-08]
CHR Extension: (Adblock Plus) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-08]
CHR Extension: (Avast Online Security) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2016-10-08]
CHR Extension: (Pinterest Save Button) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-10-21]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-10-08]
CHR Extension: (Shareaholic for Google Chrome™) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmipnjdeifmobkhgogdnomkihhgojep [2016-10-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-10-08]
CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2016-10-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-08]
CHR Extension: (Gmail) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-08]
CHR Extension: (Chrome Media Router) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-08]
CHR HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Lewis\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-05-14]
CHR HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-19] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2016-08-24] (AVAST Software)
R2 dleaCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()
R2 dlea_device; C:\windows\system32\dleacoms.exe [1052328 2010-05-21] ( )
R2 dlea_device; C:\windows\SysWOW64\dleacoms.exe [593920 2009-12-09] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2016-06-28] (Seagate Technology LLC)
S2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143656 2016-06-28] (Seagate Technology LLC)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 aswHwid; C:\windows\system32\drivers\aswHwid.sys [37656 2016-08-19] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [37144 2016-08-19] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [108816 2016-08-19] (AVAST Software)
R3 aswNetNd6; C:\windows\System32\DRIVERS\aswNetNd6.sys [28312 2016-08-24] (AVAST Software)
R1 aswNetSec; C:\windows\system32\drivers\aswNetSec.sys [453192 2016-08-24] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [103064 2016-08-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-19] (AVAST Software)
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [163416 2016-08-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
R3 btmaux; C:\windows\System32\DRIVERS\btmaux.sys [153616 2016-04-11] (Motorola Solutions, Inc.)
S3 ebdrv; C:\windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-21] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 semav6msr64; C:\windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S3 tap0901cn; C:\windows\System32\DRIVERS\tap0901cn.sys [39544 2015-07-29] (The OpenVPN Project)
U3 TrueSight; C:\windows\System32\drivers\TrueSight.sys [28272 2016-09-26] ()
S3 usbohci; C:\windows\system32\drivers\usbohci.sys [25600 2011-03-24] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\windows\system32\drivers\usbuhci.sys [30720 2011-03-24] (Microsoft Corporation) [File not signed]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-21 14:16 - 2016-10-21 14:16 - 00019032 _____ C:\Users\Lewis\Downloads\FRST.txt
2016-10-21 14:15 - 2016-10-21 14:15 - 00001134 _____ C:\Users\Lewis\Desktop\FRST64.exe - Shortcut.lnk
2016-10-21 14:14 - 2016-10-21 14:14 - 02407424 _____ (Farbar) C:\Users\Lewis\Downloads\FRST64.exe
2016-10-21 08:26 - 2016-10-21 08:28 - 00207700 ____C C:\TDSSKiller.3.1.0.11_21.10.2016_08.26.18_log.txt
2016-10-21 07:20 - 2016-10-21 07:24 - 00207268 ____C C:\TDSSKiller.3.1.0.11_21.10.2016_07.20.57_log.txt
2016-10-21 06:58 - 2016-10-21 06:59 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Lewis\Downloads\mbar-1.09.3.1001.exe
2016-10-21 06:56 - 2016-10-21 07:00 - 00207160 ____C C:\TDSSKiller.3.1.0.11_21.10.2016_06.56.41_log.txt
2016-10-21 06:45 - 2016-10-21 06:46 - 00207438 ____C C:\TDSSKiller.3.1.0.11_21.10.2016_06.45.27_log.txt
2016-10-21 06:35 - 2016-10-21 06:42 - 00615526 ____C C:\TDSSKiller.3.1.0.11_21.10.2016_06.35.50_log.txt
2016-10-19 18:34 - 2016-10-19 18:34 - 25611204 _____ C:\Users\Lewis\Desktop\Aniela Jaffe - The Myth of Meaning.pdf
2016-10-19 18:32 - 2016-10-19 18:34 - 25611204 _____ C:\Users\Lewis\Downloads\The Myth of Meaning in the work of Carl Jung, Aniela Jaffe.pdf
2016-10-19 18:21 - 2016-10-19 18:21 - 51965171 _____ C:\Users\Lewis\Desktop\Vol CW 9i, Archetypes and the Collective Unconscious.pdf
2016-10-19 18:18 - 2016-10-19 18:20 - 51965171 _____ C:\Users\Lewis\Downloads\Carl Jung, Vol 9-i, Archetypes and the Collective Ucs.pdf
2016-10-19 18:04 - 2016-10-19 18:06 - 03910208 _____ C:\Users\Lewis\Downloads\AdwCleaner.exe
2016-10-19 16:36 - 2016-10-19 16:42 - 00206872 ____C C:\TDSSKiller.3.1.0.11_19.10.2016_16.36.06_log.txt
2016-10-18 15:23 - 2016-10-18 15:23 - 00002276 _____ C:\Users\Lewis\Desktop\LAFONTAINE LEWIS 3-signed.pdf - Shortcut.lnk
2016-10-18 14:28 - 2016-10-18 09:26 - 01310362 _____ C:\Users\Lewis\Documents\LAFONTAINE LEWIS 3-signed.pdf
2016-10-16 06:44 - 2016-10-16 06:49 - 00206876 ____C C:\TDSSKiller.3.1.0.11_16.10.2016_06.44.50_log.txt
2016-10-15 04:41 - 2016-10-15 04:42 - 29249624 _____ (Tweaking.com) C:\Users\Lewis\Downloads\tweaking.com_windows_repair_aio_setup.exe
2016-10-15 04:36 - 2016-10-15 04:39 - 00796040 ____C C:\TDSSKiller.3.1.0.11_15.10.2016_04.36.53_log.txt
2016-10-15 04:32 - 2016-10-15 04:34 - 00004644 ____C C:\TDSSKiller.3.1.0.11_15.10.2016_04.32.54_log.txt
2016-10-12 06:08 - 2016-10-12 06:10 - 00207160 ____C C:\TDSSKiller.3.1.0.11_12.10.2016_06.08.07_log.txt
2016-10-11 21:52 - 2016-07-22 10:58 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2016-10-11 21:52 - 2016-07-22 10:51 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2016-10-11 21:22 - 2016-08-16 16:40 - 00343552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2016-10-11 21:22 - 2016-08-16 16:40 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2016-10-11 21:22 - 2016-08-16 16:40 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2016-10-11 21:22 - 2016-08-16 16:40 - 00056320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2016-10-11 21:21 - 2016-09-30 16:13 - 00394448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-10-11 21:21 - 2016-09-30 15:28 - 00346312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-10-11 21:21 - 2016-09-30 11:37 - 05548264 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-10-11 21:21 - 2016-09-30 11:20 - 04000488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-10-11 21:21 - 2016-09-30 11:20 - 03944680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-10-11 21:21 - 2016-09-30 03:55 - 25765376 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-10-11 21:21 - 2016-09-30 02:26 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-10-11 21:21 - 2016-09-30 02:25 - 02895360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-10-11 21:21 - 2016-09-30 02:25 - 00576000 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-10-11 21:21 - 2016-09-30 02:25 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-10-11 21:21 - 2016-09-30 02:25 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-10-11 21:21 - 2016-09-30 02:25 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-10-11 21:21 - 2016-09-30 02:18 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-10-11 21:21 - 2016-09-30 02:17 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-10-11 21:21 - 2016-09-30 02:14 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-10-11 21:21 - 2016-09-30 02:13 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-10-11 21:21 - 2016-09-30 02:13 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-10-11 21:21 - 2016-09-30 02:12 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-10-11 21:21 - 2016-09-30 02:12 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-10-11 21:21 - 2016-09-30 02:09 - 06048256 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-10-11 21:21 - 2016-09-30 02:05 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-10-11 21:21 - 2016-09-30 02:02 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-10-11 21:21 - 2016-09-30 01:55 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-10-11 21:21 - 2016-09-30 01:54 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-10-11 21:21 - 2016-09-30 01:51 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-10-11 21:21 - 2016-09-30 01:50 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-10-11 21:21 - 2016-09-30 01:47 - 20306944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-10-11 21:21 - 2016-09-30 01:47 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-10-11 21:21 - 2016-09-30 01:46 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-10-11 21:21 - 2016-09-30 01:42 - 00498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-10-11 21:21 - 2016-09-30 01:42 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-10-11 21:21 - 2016-09-30 01:42 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-10-11 21:21 - 2016-09-30 01:42 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-10-11 21:21 - 2016-09-30 01:41 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-10-11 21:21 - 2016-09-30 01:38 - 02286592 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-10-11 21:21 - 2016-09-30 01:36 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-10-11 21:21 - 2016-09-30 01:35 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-10-11 21:21 - 2016-09-30 01:35 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-10-11 21:21 - 2016-09-30 01:33 - 00724992 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-10-11 21:21 - 2016-09-30 01:33 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-10-11 21:21 - 2016-09-30 01:32 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-10-11 21:21 - 2016-09-30 01:32 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-10-11 21:21 - 2016-09-30 01:32 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-10-11 21:21 - 2016-09-30 01:32 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-10-11 21:21 - 2016-09-30 01:31 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-10-11 21:21 - 2016-09-30 01:31 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-10-11 21:21 - 2016-09-30 01:24 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-10-11 21:21 - 2016-09-30 01:21 - 15257088 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-10-11 21:21 - 2016-09-30 01:19 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-10-11 21:21 - 2016-09-30 01:19 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-10-11 21:21 - 2016-09-30 01:17 - 02920960 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-10-11 21:21 - 2016-09-30 01:17 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-10-11 21:21 - 2016-09-30 01:15 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-10-11 21:21 - 2016-09-30 01:14 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-10-11 21:21 - 2016-09-30 01:13 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-10-11 21:21 - 2016-09-30 01:12 - 04608512 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-10-11 21:21 - 2016-09-30 01:07 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-10-11 21:21 - 2016-09-30 01:05 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-10-11 21:21 - 2016-09-30 01:05 - 01544192 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-10-11 21:21 - 2016-09-30 01:05 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-10-11 21:21 - 2016-09-30 01:05 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-10-11 21:21 - 2016-09-30 01:03 - 13653504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-10-11 21:21 - 2016-09-30 00:54 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-10-11 21:21 - 2016-09-30 00:46 - 02444288 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-10-11 21:21 - 2016-09-30 00:43 - 01312768 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-10-11 21:21 - 2016-09-30 00:42 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-10-11 21:21 - 2016-09-15 11:30 - 00976896 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-10-11 21:21 - 2016-09-15 11:30 - 00084480 _____ (Microsoft Corporation) C:\windows\system32\INETRES.dll
2016-10-11 21:21 - 2016-09-15 11:15 - 00741888 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-10-11 21:21 - 2016-09-15 11:15 - 00084480 _____ (Microsoft Corporation) C:\windows\SysWOW64\INETRES.dll
2016-10-11 21:21 - 2016-09-12 17:13 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-10-11 21:21 - 2016-09-12 17:13 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-10-11 21:21 - 2016-09-12 17:08 - 01465344 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-10-11 21:21 - 2016-09-12 17:08 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-10-11 21:21 - 2016-09-12 17:08 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-10-11 21:21 - 2016-09-12 17:08 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-10-11 21:21 - 2016-09-12 17:08 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-10-11 21:21 - 2016-09-12 17:08 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-10-11 21:21 - 2016-09-12 17:08 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-10-11 21:21 - 2016-09-12 17:08 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-10-11 21:21 - 2016-09-12 17:08 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-10-11 21:21 - 2016-09-12 17:08 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-10-11 21:21 - 2016-09-12 17:08 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\adsmsext.dll
2016-10-11 21:21 - 2016-09-12 17:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-10-11 21:21 - 2016-09-12 17:08 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-10-11 21:21 - 2016-09-12 17:08 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-10-11 21:21 - 2016-09-12 17:08 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-10-11 21:21 - 2016-09-12 17:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-10-11 21:21 - 2016-09-12 16:49 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-10-11 21:21 - 2016-09-12 16:49 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-10-11 21:21 - 2016-09-12 16:49 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-10-11 21:21 - 2016-09-12 16:49 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-10-11 21:21 - 2016-09-12 16:49 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-10-11 21:21 - 2016-09-12 16:49 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-10-11 21:21 - 2016-09-12 16:49 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-10-11 21:21 - 2016-09-12 16:49 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-10-11 21:21 - 2016-09-12 16:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-10-11 21:21 - 2016-09-12 16:49 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\adsmsext.dll
2016-10-11 21:21 - 2016-09-12 16:49 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-10-11 21:21 - 2016-09-12 16:37 - 03218944 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-10-11 21:21 - 2016-09-12 16:32 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-10-11 21:21 - 2016-09-12 16:32 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-10-11 21:21 - 2016-09-12 16:32 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-10-11 21:21 - 2016-09-12 16:31 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-10-11 21:21 - 2016-09-12 15:08 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2016-10-11 21:21 - 2016-09-12 14:43 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2016-10-11 21:21 - 2016-09-12 14:43 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2016-10-11 21:21 - 2016-09-10 12:19 - 03649536 _____ (Microsoft Corporation) C:\windows\system32\MSVidCtl.dll
2016-10-11 21:21 - 2016-09-10 11:53 - 02291712 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSVidCtl.dll
2016-10-11 21:21 - 2016-09-09 14:29 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-10-11 21:21 - 2016-09-09 14:26 - 00706280 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-10-11 21:21 - 2016-09-09 14:23 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-10-11 21:21 - 2016-09-09 14:20 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-10-11 21:21 - 2016-09-09 14:20 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-10-11 21:21 - 2016-09-09 14:20 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-10-11 21:21 - 2016-09-09 14:20 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-10-11 21:21 - 2016-09-09 14:20 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-10-11 21:21 - 2016-09-09 14:20 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-10-11 21:21 - 2016-09-09 14:20 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-10-11 21:21 - 2016-09-09 14:20 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-10-11 21:21 - 2016-09-09 14:01 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-10-11 21:21 - 2016-09-09 14:00 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-10-11 21:21 - 2016-09-09 13:59 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-10-11 21:21 - 2016-09-09 13:48 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-10-11 21:21 - 2016-09-09 13:43 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-10-11 21:21 - 2016-09-08 16:34 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2016-10-11 21:21 - 2016-09-08 16:34 - 00208896 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2016-10-11 21:21 - 2016-09-08 16:34 - 00108544 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2016-10-11 21:21 - 2016-09-08 16:34 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2016-10-11 21:21 - 2016-09-08 10:55 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2016-10-11 21:21 - 2016-09-08 10:55 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys
2016-10-11 21:21 - 2016-08-16 16:40 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2016-10-11 21:21 - 2016-08-12 13:02 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2016-10-11 21:21 - 2016-08-12 13:02 - 12574720 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2016-10-11 21:21 - 2016-08-12 13:02 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2016-10-11 21:21 - 2016-08-12 13:02 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2016-10-11 21:21 - 2016-08-12 13:02 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2016-10-11 21:21 - 2016-08-12 12:47 - 12574208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2016-10-11 21:21 - 2016-08-12 12:47 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2016-10-11 21:21 - 2016-08-12 12:31 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2016-10-11 21:21 - 2016-08-12 12:31 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2016-10-11 21:21 - 2016-08-12 12:31 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2016-10-11 21:21 - 2016-08-12 12:26 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2016-10-11 21:21 - 2016-08-06 11:31 - 02023424 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2016-10-11 21:21 - 2016-08-06 11:31 - 00347136 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2016-10-11 21:21 - 2016-08-06 11:31 - 00310784 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2016-10-11 21:21 - 2016-08-06 11:31 - 00182272 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2016-10-11 21:21 - 2016-08-06 11:31 - 00054272 _____ (Microsoft Corporation) C:\windows\system32\WsmRes.dll
2016-10-11 21:21 - 2016-08-06 11:31 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\wsmplpxy.dll
2016-10-11 21:21 - 2016-08-06 11:15 - 01178112 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2016-10-11 21:21 - 2016-08-06 11:15 - 00249344 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2016-10-11 21:21 - 2016-08-06 11:15 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2016-10-11 21:21 - 2016-08-06 11:15 - 00146944 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2016-10-11 21:21 - 2016-08-06 11:15 - 00054272 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmRes.dll
2016-10-11 21:21 - 2016-08-06 11:01 - 00266752 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2016-10-11 21:21 - 2016-08-06 11:01 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\wsmprovhost.exe
2016-10-11 21:21 - 2016-08-06 10:53 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2016-10-11 21:21 - 2016-08-06 10:53 - 00012288 _____ (Microsoft Corporation) C:\windows\SysWOW64\wsmprovhost.exe
2016-10-11 21:21 - 2016-08-06 10:53 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\wsmplpxy.dll
2016-10-11 21:21 - 2016-06-14 13:21 - 00094440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2016-10-11 21:21 - 2016-06-14 13:16 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2016-10-11 21:21 - 2016-06-14 13:16 - 01573888 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2016-10-11 21:21 - 2016-06-14 13:16 - 01483264 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2016-10-11 21:21 - 2016-06-14 13:16 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2016-10-11 21:21 - 2016-06-14 13:16 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2016-10-11 21:21 - 2016-06-14 13:16 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2016-10-11 21:21 - 2016-06-14 13:16 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2016-10-11 21:21 - 2016-06-14 13:16 - 00680448 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2016-10-11 21:21 - 2016-06-14 13:16 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2016-10-11 21:21 - 2016-06-14 13:16 - 00632320 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2016-10-11 21:21 - 2016-06-14 13:16 - 00499712 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2016-10-11 21:21 - 2016-06-14 13:16 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2016-10-11 21:21 - 2016-06-14 13:16 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2016-10-11 21:21 - 2016-06-14 13:16 - 00433152 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2016-10-11 21:21 - 2016-06-14 13:16 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2016-10-11 21:21 - 2016-06-14 13:16 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2016-10-11 21:21 - 2016-06-14 13:16 - 00295936 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2016-10-11 21:21 - 2016-06-14 13:16 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2016-10-11 21:21 - 2016-06-14 13:16 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2016-10-11 21:21 - 2016-06-14 13:16 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2016-10-11 21:21 - 2016-06-14 13:16 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2016-10-11 21:21 - 2016-06-14 13:16 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2016-10-11 21:21 - 2016-06-14 13:16 - 00141824 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2016-10-11 21:21 - 2016-06-14 13:16 - 00081920 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2016-10-11 21:21 - 2016-06-14 13:16 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2016-10-11 21:21 - 2016-06-14 13:16 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2016-10-11 21:21 - 2016-06-14 13:16 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2016-10-11 21:21 - 2016-06-14 13:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2016-10-11 21:21 - 2016-06-14 13:11 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2016-10-11 21:21 - 2016-06-14 11:21 - 03209216 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2016-10-11 21:21 - 2016-06-14 11:21 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2016-10-11 21:21 - 2016-06-14 11:21 - 01176064 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2016-10-11 21:21 - 2016-06-14 11:21 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2016-10-11 21:21 - 2016-06-14 11:21 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2016-10-11 21:21 - 2016-06-14 11:21 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2016-10-11 21:21 - 2016-06-14 11:21 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2016-10-11 21:21 - 2016-06-14 11:21 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2016-10-11 21:21 - 2016-06-14 11:21 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2016-10-11 21:21 - 2016-06-14 11:21 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2016-10-11 21:21 - 2016-06-14 11:21 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2016-10-11 21:21 - 2016-06-14 11:21 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2016-10-11 21:21 - 2016-06-14 11:21 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2016-10-11 21:21 - 2016-06-14 11:21 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2016-10-11 21:21 - 2016-06-14 11:21 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2016-10-11 21:21 - 2016-06-14 11:21 - 00195072 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2016-10-11 21:21 - 2016-06-14 11:21 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2016-10-11 21:21 - 2016-06-14 11:21 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2016-10-11 21:21 - 2016-06-14 11:21 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2016-10-11 21:21 - 2016-06-14 11:21 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2016-10-11 21:21 - 2016-06-14 11:21 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2016-10-11 21:21 - 2016-06-14 11:21 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2016-10-11 21:21 - 2016-06-14 11:15 - 00125952 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2016-10-11 21:21 - 2016-06-14 11:15 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2016-10-11 21:21 - 2016-06-14 11:15 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2016-10-11 21:21 - 2016-06-14 11:05 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2016-10-11 21:21 - 2016-06-14 11:05 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2016-10-11 21:21 - 2016-06-14 11:00 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2016-10-11 21:21 - 2016-06-14 11:00 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2016-10-11 21:20 - 2016-09-30 02:41 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-10-11 21:20 - 2016-09-30 02:40 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-10-11 21:20 - 2016-09-30 01:54 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-10-11 21:20 - 2016-09-12 17:08 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-10-11 21:20 - 2016-09-12 17:08 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-10-11 21:20 - 2016-09-12 17:08 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-10-11 21:20 - 2016-09-12 16:49 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-10-11 21:20 - 2016-09-12 16:49 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-10-11 21:20 - 2016-09-12 16:49 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-10-11 21:20 - 2016-09-12 16:49 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-10-11 21:20 - 2016-09-12 16:49 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-10-11 21:20 - 2016-09-12 16:39 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-10-11 21:20 - 2016-09-12 16:29 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-10-11 21:20 - 2016-09-12 16:25 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 14:00 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-10-11 21:20 - 2016-09-09 14:00 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-10-11 21:20 - 2016-09-09 14:00 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-10-11 21:20 - 2016-09-09 13:59 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-10-11 21:20 - 2016-09-09 13:59 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-10-11 21:20 - 2016-09-09 13:59 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 13:59 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 13:51 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-10-11 21:20 - 2016-09-09 13:51 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-10-11 21:20 - 2016-09-09 13:51 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-10-11 21:20 - 2016-09-09 13:47 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-10-11 21:20 - 2016-09-09 13:38 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-10-11 21:20 - 2016-09-09 13:38 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-10-11 21:20 - 2016-09-09 13:38 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-10-11 21:20 - 2016-09-09 13:38 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-10-11 21:20 - 2016-09-09 13:37 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 13:37 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 13:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-11 21:20 - 2016-09-09 13:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-11 21:13 - 2016-09-12 17:17 - 00077032 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-10-11 21:13 - 2016-09-12 17:08 - 01226752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-10-11 21:13 - 2016-09-09 11:54 - 01629184 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-10-11 21:13 - 2016-09-09 11:54 - 00586752 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-10-11 21:13 - 2016-09-09 11:54 - 00575488 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-10-11 21:13 - 2016-09-09 11:54 - 00314368 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-10-11 21:13 - 2016-09-09 11:54 - 00273408 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2016-10-11 21:13 - 2016-09-09 11:54 - 00224256 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-10-11 21:13 - 2016-09-09 11:54 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-10-11 21:13 - 2016-08-29 11:31 - 14183424 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2016-10-11 21:13 - 2016-08-29 11:31 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-10-11 21:13 - 2016-08-29 11:31 - 01867776 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2016-10-11 21:13 - 2016-08-29 11:12 - 12880384 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2016-10-11 21:13 - 2016-08-29 11:12 - 01806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-10-11 21:13 - 2016-08-29 11:12 - 01499648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2016-10-11 21:13 - 2016-08-29 11:04 - 03229696 _____ (Microsoft Corporation) C:\windows\explorer.exe
2016-10-11 21:13 - 2016-08-29 10:55 - 02972672 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2016-10-11 18:36 - 2016-10-11 18:36 - 00000000 __SHD C:\found.001
2016-10-11 16:49 - 2016-10-11 16:52 - 00207160 ____C C:\TDSSKiller.3.1.0.11_11.10.2016_16.49.56_log.txt
2016-10-10 18:36 - 2016-10-10 18:39 - 00207166 ____C C:\TDSSKiller.3.1.0.11_10.10.2016_18.36.50_log.txt
2016-10-06 07:03 - 2016-10-06 07:06 - 00007026 _____ C:\Users\Lewis\Documents\starburn.txt
2016-10-06 07:03 - 2016-10-06 07:03 - 00000000 ____D C:\ProgramData\Wondershare
2016-10-06 07:01 - 2016-10-06 07:01 - 00000000 ____D C:\Users\Lewis\AppData\Local\Wondershare
2016-10-06 06:55 - 2016-10-06 07:00 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2016-09-26 11:39 - 2016-09-26 12:31 - 00000000 ____D C:\Program Files\RogueKiller
2016-09-23 07:27 - 2016-09-23 07:31 - 00000000 ____D C:\Program Files (x86)\SlimComputer
2016-09-23 04:07 - 2016-09-23 04:07 - 00000000 ____D C:\Users\Lewis\AppData\Local\Brice_Lambson
2016-09-23 04:06 - 2016-09-23 04:06 - 00000000 ____D C:\Program Files\Image Resizer for Windows
2016-09-23 04:02 - 2016-09-23 04:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Resizer for Windows
2016-09-23 04:02 - 2016-09-23 04:06 - 00000000 ____D C:\Program Files (x86)\Image Resizer for Windows
2016-09-22 18:29 - 2016-09-22 18:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2016-09-22 16:58 - 2016-09-22 18:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-09-22 16:53 - 2016-09-22 17:26 - 00000000 ____D C:\windows\SHELLNEW
2016-09-22 16:53 - 2016-09-22 16:53 - 00000000 ____D C:\Program Files\Microsoft Office
2016-09-22 16:53 - 2016-09-22 16:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-09-22 16:52 - 2016-09-22 16:52 - 00000000 _RHDC C:\MSOCache
2016-09-22 15:15 - 2016-09-22 16:44 - 987942848 _____ (Microsoft Corporation) C:\Users\Lewis\Downloads\Office_HS_2010_English_x32.exe
2016-09-22 13:23 - 2016-09-22 14:06 - 1131295672 _____ (Microsoft Corporation) C:\Users\Lewis\Downloads\Office_HS_2010_English_x64.exe
2016-09-22 10:39 - 2016-09-22 10:39 - 00038418 _____ C:\Users\Lewis\AppData\Roaming\Comma Separated Values.ADR
2016-09-22 10:14 - 2016-09-22 10:14 - 00003230 _____ C:\windows\System32\Tasks\OneDrive Standalone Update Task
2016-09-22 10:12 - 2016-09-22 10:12 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\Skype
2016-09-21 03:42 - 2016-08-05 11:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-09-21 03:42 - 2016-08-05 11:13 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-21 14:16 - 2016-01-22 06:54 - 00000000 ___DC C:\FRST
2016-10-21 14:16 - 2015-12-05 20:55 - 00000000 ____D C:\Users\Lewis\Documents\Outlook Files
2016-10-21 14:11 - 2016-02-01 23:52 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA1d15d6d12d92112.job
2016-10-21 14:03 - 2009-07-14 00:45 - 00020928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-21 14:03 - 2009-07-14 00:45 - 00020928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-21 13:59 - 2009-07-14 01:13 - 00776420 _____ C:\windows\system32\PerfStringBackup.INI
2016-10-21 13:59 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf
2016-10-21 13:55 - 2015-12-05 17:04 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-21 13:54 - 2016-02-01 23:52 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d15d6d11b86a98.job
2016-10-21 13:53 - 2015-12-05 17:02 - 00000422 _____ C:\windows\Tasks\SystemToolsDailyTest.job
2016-10-21 13:53 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-10-21 13:49 - 2015-12-06 12:20 - 00003488 _____ C:\windows\System32\Tasks\PCDEventLauncher
2016-10-21 13:48 - 2015-12-05 17:02 - 00003448 _____ C:\windows\System32\Tasks\SystemToolsDailyTest
2016-10-21 08:57 - 2015-12-05 16:57 - 00112320 _____ C:\Users\Lewis\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-21 08:54 - 2009-07-14 00:45 - 00435752 _____ C:\windows\system32\FNTCACHE.DAT
2016-10-21 08:51 - 2009-07-13 22:34 - 00000546 _____ C:\windows\win.ini
2016-10-21 08:48 - 2011-11-16 15:25 - 00776420 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2016-10-21 08:30 - 2015-12-06 18:50 - 05966808 _____ C:\windows\ntbtlog.txt
2016-10-21 08:24 - 2016-03-24 09:28 - 00000000 ____D C:\Users\Lewis\Desktop\mbar
2016-10-21 08:24 - 2016-02-08 14:44 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-10-21 07:54 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\NDF
2016-10-21 06:38 - 2016-03-24 08:46 - 00000000 ___DC C:\TDSSKiller_Quarantine
2016-10-21 06:35 - 2016-01-21 11:53 - 00000000 ___DC C:\AdwCleaner
2016-10-21 03:24 - 2015-12-07 05:56 - 00000000 ___RD C:\Users\Lewis\Google Drive
2016-10-20 13:41 - 2012-01-05 01:22 - 00000000 ____D C:\ProgramData\Temp
2016-10-20 07:31 - 2016-06-11 16:25 - 59169509 _____ C:\Users\Lewis\Desktop\Carl Jung - Collected Letters Volumes 1 and 2.pdf
2016-10-18 15:21 - 2016-05-04 11:48 - 00000000 ____D C:\ProgramData\dl_Cats
2016-10-18 07:29 - 2009-07-13 22:34 - 00000855 _____ C:\windows\system32\Drivers\etc\hosts_bak_57
2016-10-16 13:21 - 2016-01-09 17:03 - 00796352 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-10-16 13:21 - 2012-01-05 01:10 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-16 13:20 - 2012-01-05 01:10 - 00000000 ____D C:\windows\SysWOW64\Macromed
2016-10-16 13:20 - 2012-01-05 01:10 - 00000000 ____D C:\windows\system32\Macromed
2016-10-16 07:57 - 2016-03-15 11:10 - 00000000 ____D C:\Users\Lewis\Documents\Calibre Library
2016-10-15 04:45 - 2015-12-06 18:30 - 10829177 _____ C:\windows\Tweaking.com - Windows Repair Setup Log.txt
2016-10-15 04:43 - 2016-07-19 06:01 - 00003654 _____ C:\windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2016-10-13 06:42 - 2016-02-23 06:37 - 00293352 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys
2016-10-12 06:41 - 2009-07-13 22:34 - 00000855 _____ C:\windows\system32\Drivers\etc\hosts_bak_558
2016-10-12 04:58 - 2016-09-11 20:15 - 00000000 ___RD C:\Users\Lewis\OneDrive
2016-10-12 00:19 - 2015-12-06 09:49 - 00000000 ___SD C:\windows\system32\CompatTel
2016-10-12 00:19 - 2015-12-06 09:49 - 00000000 ____D C:\windows\system32\appraiser
2016-10-12 00:19 - 2009-07-13 23:20 - 00000000 ____D C:\windows\SysWOW64\Dism
2016-10-12 00:19 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\Dism
2016-10-12 00:10 - 2015-12-06 16:45 - 00000000 ____D C:\windows\system32\MRT
2016-10-11 23:53 - 2015-12-06 16:44 - 143495576 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-10-11 23:44 - 2015-12-06 09:49 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-10-09 06:33 - 2016-02-23 06:37 - 00004180 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-10-07 13:25 - 2009-07-14 01:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2016-10-04 11:05 - 2009-07-13 22:34 - 00000855 _____ C:\windows\system32\Drivers\etc\hosts_bak_435
2016-10-03 16:14 - 2015-12-05 16:14 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-03 15:45 - 2009-07-14 01:08 - 00032548 _____ C:\windows\Tasks\SCHEDLGU.TXT
2016-10-03 01:14 - 2015-12-11 06:35 - 00000000 ____D C:\Users\Lewis\AppData\Local\CrashDumps
2016-09-29 15:46 - 2009-07-13 22:34 - 00000855 _____ C:\windows\system32\Drivers\etc\hosts_bak_203
2016-09-28 19:26 - 2016-04-16 12:23 - 00003892 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1460823827
2016-09-27 13:10 - 2015-12-06 12:20 - 00000000 ____D C:\ProgramData\PCDr
2016-09-26 11:39 - 2015-12-06 17:23 - 00028272 _____ C:\windows\system32\Drivers\TrueSight.sys
2016-09-23 04:02 - 2016-01-14 06:54 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-22 18:28 - 2012-01-05 01:33 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-09-22 18:24 - 2016-09-10 15:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-09-22 16:54 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-09-22 10:18 - 2016-02-23 06:37 - 00513632 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2016-09-22 10:14 - 2016-09-11 20:15 - 00002164 _____ C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
 
==================== Files in the root of some directories =======
 
2016-09-22 10:39 - 2016-09-22 10:39 - 0038418 _____ () C:\Users\Lewis\AppData\Roaming\Comma Separated Values.ADR
2015-12-06 17:52 - 2015-12-06 17:52 - 0178389 _____ () C:\Users\Lewis\AppData\Local\ars.cache
2015-12-06 17:52 - 2015-12-06 17:52 - 0414551 _____ () C:\Users\Lewis\AppData\Local\census.cache
2015-12-06 17:36 - 2015-12-06 17:36 - 0000036 _____ () C:\Users\Lewis\AppData\Local\housecall.guid.cache
2016-02-13 11:14 - 2016-02-13 11:14 - 0000000 _____ () C:\Users\Lewis\AppData\Local\{9E55887D-D4CA-4FC0-8B10-EC5D6817948C}
2016-05-04 11:49 - 2016-05-04 11:49 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2016-05-26 13:00 - 2016-05-26 13:00 - 0000061 _____ () C:\ProgramData\dlea.log
2016-05-04 12:10 - 2016-10-18 15:21 - 0028060 _____ () C:\ProgramData\dleaJSW.log
2016-05-04 11:22 - 2016-05-06 03:53 - 0002788 _____ () C:\ProgramData\dleascan.log
2016-05-04 12:10 - 2016-05-04 12:10 - 0000252 _____ () C:\ProgramData\FastPics.log
2016-05-04 11:49 - 2016-05-04 11:49 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2016-05-04 11:49 - 2016-05-04 11:49 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
 
Files to move or delete:
====================
C:\Users\Lewis\ESETSmartInstaller.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-30 01:43
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Lewis (21-10-2016 14:17:14)
Running from C:\Users\Lewis\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-12-05 20:56:42)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1422163307-3788927115-2030255185-500 - Administrator - Disabled)
Guest (S-1-5-21-1422163307-3788927115-2030255185-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1422163307-3788927115-2030255185-1002 - Limited - Enabled)
Lewis (S-1-5-21-1422163307-3788927115-2030255185-1000 - Administrator - Enabled) => C:\Users\Lewis
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Avast Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon Kindle (HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\Amazon Kindle) (Version: 1.16.0.44025 - Amazon)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
calibre 64bit (HKLM\...\{2C03B986-18B6-456E-BA48-03463D8EB355}) (Version: 2.67.0 - Kovid Goyal)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.130 - ArcSoft)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5803.11 - Dell Inc.)
Dell Support Center (Version: 3.1.5803.11 - PC-Doctor, Inc.) Hidden
Dell System Detect (HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell V310-V510 Series (HKLM\...\Dell V310-V510 Series) (Version:  - Dell, Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fitbit Connect (HKLM-x32\...\{9EC69368-C1C7-48BA-AD93-01EFC142DDF9}) (Version: 2.0.0.6630 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.2.0.0587 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\OneDriveSetup.exe) (Version: 17.3.6517.0809 - Microsoft Corporation)
Microsoft Outlook 2010 (HKLM-x32\...\Office14.OUTLOOKR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.18.00 - NETGEAR Inc.)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden
SafeZone Stable 1.51.2220.53 (x32 Version: 1.51.2220.53 - Avast Software) Hidden
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.4.19.0 - Seagate)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.12 - Tweaking.com)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Lewis\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Lewis\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03036CCE-F40D-42B5-8F87-DB11B2DE3AAC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {135DF66E-DAA9-4155-BE70-78DEB8D554FB} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {1B368EB5-C65D-4FB2-A153-F17292A3AF66} - System32\Tasks\PCDEventLauncher => c:\Program Files\Dell Support Center\sessionchecker.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {1C02DE0F-5407-4AD7-BE36-C754EDCA7A94} - System32\Tasks\GoogleUpdateTaskMachineUA1d15d6d12d92112 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
Task: {21C3DBA5-D60B-4EF8-AFAB-21EEF3744196} - System32\Tasks\SafeZone scheduled Autoupdate 1460823827 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)
Task: {32836488-B1D1-46B3-9BC2-5CFA248D5EC6} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1422163307-3788927115-2030255185-1000
Task: {3AEC3820-AF0B-452B-B311-31FD26714B85} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-16] (Adobe Systems Incorporated)
Task: {4D156B92-A4AA-47AE-B63D-1C8A48A61F70} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-19] (AVAST Software)
Task: {53925BB8-ABED-49A8-A715-DF1E1AC1FB62} - System32\Tasks\{B75C668A-E1CE-4106-8F79-065197621172} => C:\Program Files (x86)\Intel\Intel Control Center\IntelControlCenter.exe [2009-11-18] (Intel Corporation)
Task: {5E5BA671-881F-4714-B27D-CD82F94D8215} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
Task: {6B18F231-D0EB-4380-8A06-F08CE07E133F} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2016-06-28] (Seagate Technology LLC)
Task: {70E33C24-6EA9-4A22-9C60-D57BF8053A41} - System32\Tasks\{5A781DC1-0E8D-4393-A0D4-48BB5E62D0AD} => C:\Users\Lewis\Downloads\Intel Components\Wireless_16.11.0_s64.exe [2016-01-14] (Intel® Corporation)
Task: {79ACAE29-F25A-4EC3-9FA9-CC086F7B2112} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-16] (AVAST Software)
Task: {7DD2208F-65FB-414B-8D2C-09D60CD3712C} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe
Task: {7EC02A7A-E8A4-440C-896E-D19F3AE8BF50} - System32\Tasks\SafeZone scheduled Autoupdate 1456223917 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)
Task: {83C17835-0BEA-4E39-89F4-828C2C265243} - System32\Tasks\SystemToolsDailyTest => c:\Program Files\Dell Support Center\pcdrcui.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {8EEBF22E-9D58-4E1E-BF36-CB2CD5E52D8A} - System32\Tasks\{9554D1CE-59B7-4085-A748-8E5A03870856} => pcalua.exe -a C:\Users\Lewis\Downloads\produkey_setup.exe -d C:\Users\Lewis\Downloads
Task: {91A8BC89-CEB6-4E4F-98F8-E558AE797F6E} - System32\Tasks\GoogleUpdateTaskMachineCore1d15d6d11b86a98 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\windows\system32\srtasks.exe
Task: {A1A72B05-9422-4785-8BCC-CAF1A45FEE72} - System32\Tasks\Lewis DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2016-06-28] (Seagate Technology LLC)
Task: {A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\windows\System32\LocationNotificationWindows.exe
Task: {B0C13614-C4D0-47AA-811A-9D8F27FE6728} - System32\Tasks\Lewis Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2016-06-28] (Seagate Technology LLC)
Task: {B9427172-722E-4CD8-8002-5168F49C5AD0} - System32\Tasks\Lewis => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2016-06-28] (Seagate Technology LLC)
Task: {CBD376FA-0967-4387-8A92-07402ED7DD71} - System32\Tasks\{F4D0C1DC-6DE0-495A-8AF0-6FB56705DECB} => C:\Program Files (x86)\Intel\Intel Control Center\IntelControlCenter.exe [2009-11-18] (Intel Corporation)
Task: {E9736CB9-EC2A-497B-A99E-E686AF6033E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
Task: {F1B55437-1837-495A-B9EB-523463F9AFE5} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Lewis\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-09-22] (Microsoft Corporation)
Task: {F9604597-2822-4DFD-9EA5-FC70C48BE27D} - System32\Tasks\{640A426C-8074-4387-A23F-5D65C1E27BC7} => pcalua.exe -a "C:\Program Files (x86)\AnalogX\CookieWall\cookieu.exe" -d C:\Users\Lewis\Downloads -c -InstReg
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d15d6d11b86a98.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1d15d6d12d92112.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\SystemToolsDailyTest.job => c:\Program Files\Dell Support Center\pcdrcui.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-09-22 10:13 - 2016-09-22 10:13 - 01864384 _____ () C:\Users\Lewis\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-05-04 11:56 - 2009-12-31 01:17 - 00053760 _____ () C:\windows\System32\DLEAPMON.DLL
2016-05-04 11:56 - 2009-01-13 08:15 - 05709824 _____ () C:\windows\System32\DLEAOEM.DLL
2016-05-04 11:48 - 2009-11-04 13:18 - 00189440 _____ () C:\windows\system32\spool\PRTPROCS\x64\dleadrpp.dll
2010-05-21 22:20 - 2010-05-21 22:20 - 00045224 _____ () C:\windows\system32\spool\DRIVERS\x64\3\dleaserv.exe
2016-08-19 11:15 - 2016-08-19 11:15 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-10-21 13:50 - 2016-10-21 13:50 - 03121496 _____ () C:\Program Files\AVAST Software\Avast\defs\16102100\algo.dll
2016-08-19 11:15 - 2016-08-19 11:15 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-09-22 10:12 - 2016-09-22 10:12 - 01383616 _____ () C:\Users\Lewis\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-06-30 21:37 - 2016-06-30 21:37 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-10-03 16:13 - 2016-09-24 23:47 - 01805416 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\libglesv2.dll
2016-10-03 16:13 - 2016-09-24 23:47 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\libegl.dll
2016-05-11 12:31 - 2016-05-11 12:31 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f1b815cf32572cea383bc47659c174fa\IsdiInterop.ni.dll
2012-01-05 01:09 - 2010-11-06 01:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [290]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\03517694.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\39846160.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\41875052.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\57759763.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\62967906.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\92416252.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\03517694.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\39846160.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\41875052.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\57759763.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\62967906.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\92416252.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\1001movie.com -> 1001movie.com
 
There are 6091 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2016-10-21 08:51 - 00000855 ____A C:\windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^Users^Lewis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: Fitbit Connect => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
MSCONFIG\startupreg: OutlookOnDesktop => C:\Program Files (x86)\Outlook on the Desktop\OutlookDesktop.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{D4BC1A75-993A-4D9E-91B9-99EA5424B7F6}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{78DECB04-A9E1-4817-98CC-E7A45B2D048E}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{E3837346-ACE2-412A-B71E-33E341D0AEE2}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{6D942904-B874-4483-9B62-99F895344CA2}] => (Allow) C:\Program Files\dell stage\dell stage\accuweather\accuweather.exe
FirewallRules: [{CC6047CB-E8E0-48F9-80E4-B6AB6EE2FF7E}] => (Allow) C:\Program Files\dell stage\musicstage\musicstageengine.exe
FirewallRules: [{730CD514-2F9B-4ED5-A231-84606F2FBB19}] => (Allow) C:\Program Files\dell stage\dell stage\stage_primary.exe
FirewallRules: [{12017198-FCB5-4B86-9BC5-F221FD3E2892}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{871DA126-2CF2-490D-8F5C-CEB0FD707BE0}] => (Allow) LPort=2869
FirewallRules: [{EC689281-B832-40A8-A3EB-799AA5C5E73A}] => (Allow) LPort=1900
FirewallRules: [{7BB85CE6-4B32-4989-B3A4-A4B942A12EB6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7F9FA29E-753C-466A-8103-FB4AF1EBF043}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{BF1A9F97-08E8-4E61-8D11-9170B380D7D6}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{5DD45787-4BEB-470F-96C6-7BC3D012563D}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{7D6D7684-BF37-4538-9604-9470DCE6A575}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{8CB102A9-0074-4327-9209-9356A1F157F1}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{9943221F-3A41-4772-BD70-245B1E56A7F7}C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe] => (Allow) C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe
FirewallRules: [UDP Query User{DCCC71DC-7E97-42EE-94FA-B644F2B4D208}C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe] => (Allow) C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe
FirewallRules: [{D8DFF5C3-EB7B-4E12-8B35-BF6A3E9052C0}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [{70A7475C-9D3F-4015-8E90-0B305D546D43}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe
FirewallRules: [{6C0999C3-CD6C-4B2A-A0FC-DDB5289A4383}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe
FirewallRules: [{C525706E-F2A7-4D4E-9DF3-D2838FDE1634}] => (Allow) C:\windows\system32\dleacoms.exe
FirewallRules: [{F488CCD5-50BC-4961-8EDE-1154C743AEEE}] => (Allow) C:\windows\system32\DLEAcoms.exe
FirewallRules: [{88F57B6D-2900-4177-819B-5C3B3FF0F43C}] => (Allow) C:\windows\system32\DLEAcoms.exe
FirewallRules: [{957C00D0-8DF5-4E97-AB4E-9D0208100C79}] => (Allow) C:\Program Files (x86)\Dell V310-V510 Series\dleafax.exe
FirewallRules: [{BB4455F1-8398-478C-A02C-24A3362E9C43}] => (Allow) C:\Program Files (x86)\Dell V310-V510 Series\dleafax.exe
FirewallRules: [{A57150E3-4591-4781-B129-A35B94A56E38}] => (Allow) LPort=8888
FirewallRules: [{23EAF365-C1B5-4DFD-8167-1C9509E2346A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{641F2B6D-A017-4BDB-A498-88F5A71FECE4}] => (Allow) LPort=8888
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/21/2016 02:15:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\Lewis\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (10/21/2016 08:57:13 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
Error: (10/21/2016 08:57:13 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
Error: (10/21/2016 08:49:44 AM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x8004401e encountered when trying to load MOF C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESCOMMONX64\MICROSOFT SHARED\OFFICESOFTWAREPROTECTIONPLATFORM\OSPPWMI.MOF while recovering .MOF file marked with autorecover.
 
Error: (10/21/2016 08:49:43 AM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x8004401e encountered when trying to load MOF C:\WINDOWS\SYSWOW64\WBEM\EN-US\AACLIENT.MFL while recovering .MOF file marked with autorecover.
 
Error: (10/21/2016 08:49:18 AM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x8004401e encountered when trying to load MOF C:\WINDOWS\SYSWOW64\WBEM\AACLIENT.MOF while recovering .MOF file marked with autorecover.
 
Error: (10/21/2016 08:49:17 AM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x8004401e encountered when trying to load MOF C:\PROGRAM FILES\INTEL\WIFI\BIN\IWMSPROV.MOF while recovering .MOF file marked with autorecover.
 
Error: (10/21/2016 08:49:17 AM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x8004401e encountered when trying to load MOF C:\PROGRA~1\INTEL\WIFI\BIN\IWMSPROV.MOF while recovering .MOF file marked with autorecover.
 
Error: (10/21/2016 08:49:13 AM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x8004401e encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL while recovering .MOF file marked with autorecover.
 
Error: (10/21/2016 08:49:04 AM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x8004401e encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF while recovering .MOF file marked with autorecover.
 
 
System errors:
=============
Error: (10/21/2016 02:02:30 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
Error: (10/21/2016 01:55:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (10/21/2016 01:55:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (10/21/2016 01:55:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (10/21/2016 01:55:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (10/21/2016 01:55:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (10/21/2016 01:55:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (10/21/2016 01:55:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (10/21/2016 01:55:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (10/21/2016 01:55:31 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
 
 
CodeIntegrity:
===================================
  Date: 2016-08-01 05:09:53.598
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-01 05:08:36.436
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-01 05:08:36.421
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-01 05:08:23.426
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-31 12:02:30.693
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-31 12:02:30.693
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-31 12:02:00.788
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-31 04:18:14.733
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-31 04:17:25.825
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-31 04:17:25.825
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 43%
Total physical RAM: 6051.18 MB
Available physical RAM: 3396.08 MB
Total Virtual: 12100.54 MB
Available Virtual: 9179.56 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:392.04 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BDFF1CAD)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:21 AM

Posted 21 October 2016 - 02:41 PM

Thank you Lewis.

Please do these things.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
BootExecute: 
GroupPolicy: Restriction - Chrome <======= ATTENTION
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-25]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [X]
U5 AppMgmt; C:\windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
2016-02-13 11:14 - 2016-02-13 11:14 - 0000000 _____ () C:\Users\Lewis\AppData\Local\{9E55887D-D4CA-4FC0-8B10-EC5D6817948C}
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [290]
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Launching Chrome Without Plugins or Extensions

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type in chrome --disable-extensions and press Enter
  • Check the browser behavior
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Chrome?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Purrington666

Purrington666
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 21 October 2016 - 04:12 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Lewis (21-10-2016 17:02:47) Run:1
Running from C:\Users\Lewis\Downloads
Loaded Profiles: Lewis (Available Profiles: Lewis)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
BootExecute: 
GroupPolicy: Restriction - Chrome <======= ATTENTION
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-25]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [X]
U5 AppMgmt; C:\windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
2016-02-13 11:14 - 2016-02-13 11:14 - 0000000 _____ () C:\Users\Lewis\AppData\Local\{9E55887D-D4CA-4FC0-8B10-EC5D6817948C}
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [290]
emptytemp:
*****************
 
hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
C:\windows\system32\GroupPolicy\Machine => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\Software\Mozilla\Firefox\Extensions\\sp@avast.com => value removed successfully
 
"C:\Program Files\AVAST Software\Avast\SafePrice\FF" folder move:
 
Could not move "C:\Program Files\AVAST Software\Avast\SafePrice\FF" => Scheduled to move on reboot.
 
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\sp@avast.com => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
HitmanProScheduler => service removed successfully
AppMgmt => service removed successfully
PCDSRVC{1E208CE0-FB7451FF-06020101}_0 => service removed successfully
C:\Users\Lewis\AppData\Local\{9E55887D-D4CA-4FC0-8B10-EC5D6817948C} => moved successfully
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 16777216 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6356266 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 173874296 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 37100 B
Lewis => 44311390 B
 
RecycleBin => 295210817 B
EmptyTemp: => 511.7 MB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 21-10-2016 17:05:47)
 
"C:\Program Files\AVAST Software\Avast\SafePrice\FF" => Could not move
 
==== End of Fixlog 17:05:47 ====
 
Regarding Chrome:
 
A "New Tab" opened up
 
Notices in separate tabs popped up telling me I had added two extensions: Web of Trust and Shareaholic forGoogle which I had previously added some time ago.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:21 AM

Posted 21 October 2016 - 07:08 PM

Do you notice any difference in your computer performance when you launch Chrome like we did? Let me know how Chrome performs overall.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Purrington666

Purrington666
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 22 October 2016 - 04:04 AM

1.       It appears that all browsing date was deleted I had to login to any sites I previously had been logged into.

2.       Two of my “extensions” had to be reinstalled

3.       I lost all “Shareaholic” options and had to reinstall them.

4.       A message from my Avast Anti-Malware popped up telling me the “Firewall” had been changed

 

So far these are the only changes I have noticed thus far.



#10 Purrington666

Purrington666
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 22 October 2016 - 04:12 AM

Today it appears that photos do not appear on websites I visit.

 

For example attached find a screen print of how images or the lack thereof appear when I go to Wikiipedia.

Attached Files



#11 Purrington666

Purrington666
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 22 October 2016 - 07:11 AM

I just noticed that now "Chrome" appears to be running the the background which heretofore was not the case.

 

See attached image.

Attached Files



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:21 AM

Posted 22 October 2016 - 03:25 PM

Did you launch Chrome normally when you experienced the above, or is it this way when we launch it the special way?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Purrington666

Purrington666
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 24 October 2016 - 01:57 PM

I launched Chrome in the normal fashion and not in "the special way."

 

Thank you



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:21 AM

Posted 24 October 2016 - 03:04 PM

Thanks,

What I would like to know is how Chrome performs when we launch it the special way. If it seems normal it may be that an add-on(s) is causing the problem. Please test things one more time and let me know what happens the special way and the normal way.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Purrington666

Purrington666
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 24 October 2016 - 03:22 PM

I will do as you have suggested.

 

Once I launch Chrome in the "special way" I am not certain what of a specific nature I am to do to "test things."

 

If by "Add-ons" you mean "Extensions" I am only using 6 Chrome Extensions and have been using them for at least 3 years long before the recent issue of "missing digital signatures" reared their ugly heads.

 

Thank you.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users