Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser overtaken with ads caused by FileFinder by Webitar Productions


  • This topic is locked This topic is locked
7 replies to this topic

#1 Ben00

Ben00

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 18 November 2016 - 12:59 PM

Hi! Thanks in advance for helping me out!
 
My problem is with my web browser. I have IE and Chrome. Chrome is my default. Approximately a couple months ago, I downloaded a program called FileFinder by Webitar Productions. I had searched google for fun to see if I could get a free serial number for a program called progecad. Dumb idea!! First it didn't work, second it took over my web browsers with ads. Every first two to three clicks on any freshly loaded webpage opens a new tab with an ad. It had also reset my google home page to theplaybar.net and added an new search bar which redirects me to bing. I reset chrome and got google back as my homepage on Chrome. The search bar is visibly gone but my google searches still occasionally get redirected with the playbar to bing when I hit enter to search. As of right now when I open IE, it goes straight to an ad page. I haven't even tried to recover it. I had gone to the control panel and tried to uninstall FileFinder but when I clicked uninstall, it didn't do anything. If I tried to uninstall something else, it would tell me to wait until the previous program was finished uninstalling. I would have to reboot my computer to try to uninstall FileFinder again. Also on a side note, I had a program called jzip which is a free program similar to winzip. It quit working after downloading FileFinder. I tried to use a restore point but I kept getting an error. (I should of wrote the error down but didn't). After that, I went through the C drive trying to find all the FileFinder folders and shredded them using avg shred. Then I kept trying to uninstall it on the control panel. Eventually, I went to uninstall it and it told me the program no longer existed and asked if I wanted it removed from the list. I said yes and now it no longer shows up. I still have all the ads when browsing online though.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-11-2016
Ran by ben (administrator) on WRKSTN07 (18-11-2016 12:08:52)
Running from C:\Users\ben\Downloads
Loaded Profiles: User133 & ben & Administrator (Available Profiles: User133 & ben & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Remote Monitoring) C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lenovo) C:\Program Files\Lenovo\LBAI\LBAEvent.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Autodesk Inc.) C:\Windows\temp\AdAppMgrUpdater.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.5.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(LogicNow Ltd) C:\Program Files\Managed Antivirus\Managed Antivirus Master Service\ManagedAntivirus.exe
(LogicNow Ltd) C:\Program Files\Advanced Monitoring Agent Network Management\NetworkManagement.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Bitdefender) C:\Program Files\Managed Antivirus\Managed Antivirus Engine\Managed Antivirus\Managed Antivirus\EndpointService.exe
(Bitdefender) C:\Program Files\Managed Antivirus\Managed Antivirus Engine\Managed Antivirus\Managed Antivirus\UpdateService.exe
(Bitdefender) C:\Program Files\Common Files\Managed Antivirus\Endpoint Agent\epag.exe
(Bitdefender) C:\Program Files\Managed Antivirus\Managed Antivirus Engine\Managed Antivirus\Managed Antivirus\EndpointIntegration.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Bitdefender) C:\Program Files\Managed Antivirus\Managed Antivirus Engine\Managed Antivirus\Managed Antivirus\Console.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Akamai Technologies, Inc.) C:\Users\ben\AppData\Local\Akamai\netsession_win.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Dropbox, Inc.) C:\Users\ben\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Akamai Technologies, Inc.) C:\Users\ben\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
() C:\Program Files (x86)\Advanced Monitoring Agent\FmPlugin\fmplugin.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2012-01-10] (Realtek Semiconductor)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1694016 2011-09-07] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2011-12-16] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [1707080 2016-08-21] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [815512 2012-01-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [716224 2016-03-23] (Autodesk, Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-11-11] (LogMeIn Inc.)
HKU\S-1-5-21-1042972356-1267489535-1365041994-1000\...\MountPoints2: {2c7768c6-3538-11e2-ab9d-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-56489839-2000681604-3146556970-1146\...\Run: [Akamai NetSession Interface] => C:\Users\ben\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-56489839-2000681604-3146556970-1146\...\Run: [Dropbox Update] => C:\Users\ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-56489839-2000681604-3146556970-1146\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1336320 2015-11-25] (Autodesk, Inc.)
HKU\S-1-5-21-56489839-2000681604-3146556970-1146\...\Policies\Explorer: [] 
HKU\S-1-5-21-56489839-2000681604-3146556970-500\...\Policies\system: [SetVisualStyle] 
HKU\S-1-5-21-56489839-2000681604-3146556970-500\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-56489839-2000681604-3146556970-500\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-21-56489839-2000681604-3146556970-500\...\MountPoints2: {2c7768c6-3538-11e2-ab9d-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1336320 2015-11-25] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-09-10] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
Startup: C:\Users\ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-11-10]
ShortcutTarget: Dropbox.lnk -> C:\Users\ben\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-05-02]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.30 64.71.255.198 8.8.8.8
Tcpip\..\Interfaces\{1D8616E8-EC0B-447A-BD03-37094B2F8535}: [DhcpNameServer] 192.168.0.30 64.71.255.198 8.8.8.8
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-56489839-2000681604-3146556970-1146\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1042972356-1267489535-1365041994-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkcentre
HKU\S-1-5-21-1042972356-1267489535-1365041994-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-1042972356-1267489535-1365041994-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-1042972356-1267489535-1365041994-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkcentre
HKU\S-1-5-21-56489839-2000681604-3146556970-1146\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ca/
HKU\S-1-5-21-56489839-2000681604-3146556970-1146\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-56489839-2000681604-3146556970-1146\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkcentre
HKU\S-1-5-21-56489839-2000681604-3146556970-500\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkcentre
HKU\S-1-5-21-56489839-2000681604-3146556970-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-56489839-2000681604-3146556970-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-56489839-2000681604-3146556970-500\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkcentre
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1042972356-1267489535-1365041994-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enCA525
SearchScopes: HKU\S-1-5-21-1042972356-1267489535-1365041994-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enCA525
SearchScopes: HKU\S-1-5-21-56489839-2000681604-3146556970-1146 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-56489839-2000681604-3146556970-1146 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-56489839-2000681604-3146556970-500 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP
SearchScopes: HKU\S-1-5-21-56489839-2000681604-3146556970-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\19.6.0.592\AVG SafeGuard toolbar_toolbar.dll [2016-08-21] (AVG Secure Search)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-25] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\19.6.0.592\AVG SafeGuard toolbar_toolbar.dll [2016-08-21] (AVG Secure Search)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-1042972356-1267489535-1365041994-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.5.0\ViProtocol.dll [2016-08-21] (AVG Secure Search)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client => not found
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-05-20] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-11] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.5.0\\npsitesafety.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-56489839-2000681604-3146556970-1146: saba.com/SabaMeetingPlugin -> C:\Users\ben\AppData\Roaming\Centra\App\bin\npSabaMeetingPlugin3.dll [2015-12-29] (Saba)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Profile: C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default [2016-11-18]
CHR Extension: (Rapport) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-10-25]
CHR Extension: (YouTube) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (FlashUpdate) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmakdiokhogkgcgioabamffndgmfglap [2016-09-22]
CHR Extension: (Saba Meeting Chrome Connector) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjedkhmeelbomjafdlehdcomjhobcnbk [2015-12-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
CHR Extension: (Gmail) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-25]
CHR HKU\S-1-5-21-56489839-2000681604-3146556970-1146\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1231376 2016-03-23] (Autodesk Inc.)
R2 Advanced Monitoring Agent; C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe [8790016 2016-07-14] (Remote Monitoring) [File not signed]
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [647864 2016-10-13] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5332384 2016-10-13] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1149712 2016-09-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [727512 2016-10-13] (AVG Technologies CZ, s.r.o.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 EndpointIntegration; C:\Program Files\Managed Antivirus\Managed Antivirus Engine\Managed Antivirus\Managed Antivirus\EndpointIntegration.exe [398480 2015-11-26] (Bitdefender)
R2 EndpointService; C:\Program Files\Managed Antivirus\Managed Antivirus Engine\Managed Antivirus\Managed Antivirus\EndpointService.exe [398480 2015-11-26] (Bitdefender)
R2 epag; C:\Program Files\Common Files\Managed Antivirus\Endpoint Agent\epag.exe [3749304 2016-02-11] (Bitdefender)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 LBAEvent; C:\Program Files\Lenovo\LBAI\LBAEvent.exe [17768 2012-03-22] (Lenovo)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-11-11] (LogMeIn, Inc.)
R2 ManagedAntivirus; C:\Program Files\Managed Antivirus\Managed Antivirus Master Service\ManagedAntivirus.exe [358040 2016-07-14] (LogicNow Ltd)
R2 NetworkManagement; C:\Program Files\Advanced Monitoring Agent Network Management\NetworkManagement.exe [281240 2016-09-07] (LogicNow Ltd)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2387952 2016-10-06] (IBM Corp.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 UpdateService; C:\Program Files\Managed Antivirus\Managed Antivirus Engine\Managed Antivirus\Managed Antivirus\UpdateService.exe [398480 2015-11-26] (Bitdefender)
R2 vToolbarUpdater19.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.5.0\ToolbarUpdater.exe [1277512 2016-08-21] (AVG Secure Search)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1622512 2016-01-22] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [806344 2016-01-22] (BitDefender)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [311552 2016-09-22] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272640 2016-07-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [265472 2016-09-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows ® Win 7 DDK provider)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2014-07-08] (GFI Software)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [161592 2015-07-21] (BitDefender LLC)
R3 LBAI; C:\Windows\System32\Drivers\LBAI.sys [9600 2011-12-08] (Lenovo)
R1 RapportCerberus_1609053; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609053.sys [1181672 2016-10-25] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [566248 2016-10-06] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [235184 2016-10-06] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [489712 2016-10-06] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [547888 2016-10-06] (IBM Corp.)
R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-06-02] (BitDefender S.R.L.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-18 12:08 - 2016-11-18 12:09 - 00036816 _____ C:\Users\ben\Downloads\FRST.txt
2016-11-18 12:08 - 2016-11-18 12:08 - 02412032 _____ (Farbar) C:\Users\ben\Downloads\FRST64.exe
2016-11-18 12:08 - 2016-11-18 12:08 - 00000000 ____D C:\FRST
2016-11-18 10:58 - 2016-11-18 10:58 - 00040949 _____ C:\ComboFix.txt
2016-11-18 10:48 - 2016-11-18 10:48 - 00239765 _____ C:\ProgramData\1479480336.bdinstall.bin
2016-11-18 10:45 - 2015-07-21 19:27 - 00161592 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2016-11-18 10:45 - 2015-06-02 16:21 - 00477272 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2016-11-18 10:10 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2016-11-18 10:10 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2016-11-18 10:10 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-11-18 10:10 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-11-18 10:10 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-11-18 10:10 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2016-11-18 10:10 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2016-11-18 10:10 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2016-11-18 10:08 - 2016-11-18 10:08 - 00000000 ____D C:\Users\ben\AppData\Roaming\QuickScan
2016-11-18 10:03 - 2016-11-18 10:58 - 00000000 ____D C:\Qoobox
2016-11-18 10:02 - 2016-11-18 10:52 - 00000000 ____D C:\Windows\erdnt
2016-11-17 13:31 - 2016-11-17 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-11-17 13:31 - 2016-11-17 13:31 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-11-15 16:30 - 2016-11-15 16:30 - 00854205 _____ C:\Users\ben\Downloads\Autodesk_AutoCAD_2015_Geolocation_OnlineMap_Hotfix.zip
2016-11-10 14:05 - 2016-11-10 14:05 - 00000000 ____D C:\Users\ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-11-10 08:31 - 2016-11-18 10:02 - 05659276 ____R (Swearware) C:\Users\ben\Downloads\ComboFix.exe
2016-11-09 01:36 - 2016-11-02 11:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-09 01:36 - 2016-10-27 14:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-09 01:36 - 2016-10-27 14:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-09 01:36 - 2016-10-27 14:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-09 01:36 - 2016-10-27 13:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-09 01:36 - 2016-10-27 13:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-09 01:36 - 2016-10-27 13:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-09 01:36 - 2016-10-27 13:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-09 01:36 - 2016-10-27 11:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-09 01:36 - 2016-10-25 11:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-09 01:36 - 2016-10-22 13:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-09 01:36 - 2016-10-22 12:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-09 01:36 - 2016-10-22 12:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-09 01:36 - 2016-10-22 12:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-11-09 01:36 - 2016-10-22 12:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-09 01:36 - 2016-10-22 12:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-09 01:36 - 2016-10-22 12:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-09 01:36 - 2016-10-11 11:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-09 01:36 - 2016-10-11 09:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-09 01:36 - 2016-10-11 09:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-09 01:36 - 2016-10-10 11:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-09 01:36 - 2016-10-10 11:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-09 01:36 - 2016-10-10 11:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-09 01:36 - 2016-10-07 11:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-09 01:36 - 2016-10-07 11:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-09 01:36 - 2016-10-07 11:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-09 01:36 - 2016-10-07 11:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-09 01:36 - 2016-10-07 11:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-09 01:36 - 2016-10-07 11:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-09 01:36 - 2016-10-07 11:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-09 01:36 - 2016-09-09 14:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-09 01:35 - 2016-11-02 11:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-09 01:35 - 2016-11-02 11:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-09 01:35 - 2016-11-02 11:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-09 01:35 - 2016-11-02 11:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-09 01:35 - 2016-11-02 11:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-09 01:35 - 2016-11-02 11:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-11-09 01:35 - 2016-11-02 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-11-09 01:35 - 2016-11-02 11:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-11-09 01:35 - 2016-11-02 10:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-09 01:35 - 2016-10-27 23:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-09 01:35 - 2016-10-27 23:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-09 01:35 - 2016-10-27 15:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-09 01:35 - 2016-10-27 15:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-09 01:35 - 2016-10-27 14:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-09 01:35 - 2016-10-27 14:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-09 01:35 - 2016-10-27 14:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-09 01:35 - 2016-10-27 14:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-09 01:35 - 2016-10-27 14:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-09 01:35 - 2016-10-27 14:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-09 01:35 - 2016-10-27 14:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-09 01:35 - 2016-10-27 14:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-09 01:35 - 2016-10-27 14:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-09 01:35 - 2016-10-27 14:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-09 01:35 - 2016-10-27 14:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-09 01:35 - 2016-10-27 14:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-09 01:35 - 2016-10-27 14:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-09 01:35 - 2016-10-27 14:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-09 01:35 - 2016-10-27 14:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-09 01:35 - 2016-10-27 14:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-09 01:35 - 2016-10-27 14:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-09 01:35 - 2016-10-27 14:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-09 01:35 - 2016-10-27 14:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-09 01:35 - 2016-10-27 14:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-09 01:35 - 2016-10-27 13:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-09 01:35 - 2016-10-27 13:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-09 01:35 - 2016-10-27 13:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-09 01:35 - 2016-10-27 13:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-09 01:35 - 2016-10-27 12:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-09 01:35 - 2016-10-22 13:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-11-09 01:35 - 2016-10-22 13:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-11-09 01:35 - 2016-10-22 13:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-11-09 01:35 - 2016-10-22 13:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-09 01:35 - 2016-10-22 13:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-11-09 01:35 - 2016-10-22 13:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-09 01:35 - 2016-10-22 13:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-11-09 01:35 - 2016-10-22 13:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-11-09 01:35 - 2016-10-22 13:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-11-09 01:35 - 2016-10-22 13:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-09 01:35 - 2016-10-22 13:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-11-09 01:35 - 2016-10-22 13:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-11-09 01:35 - 2016-10-22 13:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-11-09 01:35 - 2016-10-22 13:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-09 01:35 - 2016-10-22 13:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-11-09 01:35 - 2016-10-22 12:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-11-09 01:35 - 2016-10-22 12:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-09 01:35 - 2016-10-22 12:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-09 01:35 - 2016-10-22 12:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-11-09 01:35 - 2016-10-22 12:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-09 01:35 - 2016-10-22 12:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-09 01:35 - 2016-10-22 12:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-09 01:35 - 2016-10-15 11:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-09 01:35 - 2016-10-15 11:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-09 01:35 - 2016-10-15 11:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-09 01:35 - 2016-10-15 11:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-11-09 01:35 - 2016-10-11 11:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-09 01:35 - 2016-10-11 11:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-09 01:35 - 2016-10-11 11:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-09 01:35 - 2016-10-11 11:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-09 01:35 - 2016-10-11 11:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-09 01:35 - 2016-10-11 11:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-09 01:35 - 2016-10-11 11:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-09 01:35 - 2016-10-11 11:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-09 01:35 - 2016-10-11 11:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-09 01:35 - 2016-10-11 11:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-09 01:35 - 2016-10-11 11:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-09 01:35 - 2016-10-11 11:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-09 01:35 - 2016-10-11 11:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-11-09 01:35 - 2016-10-11 11:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-09 01:35 - 2016-10-11 11:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-11-09 01:35 - 2016-10-11 11:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-11-09 01:35 - 2016-10-11 11:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-09 01:35 - 2016-10-11 11:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-11-09 01:35 - 2016-10-11 11:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2016-11-09 01:35 - 2016-10-11 11:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-11-09 01:35 - 2016-10-11 11:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2016-11-09 01:35 - 2016-10-11 11:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-11-09 01:35 - 2016-10-11 11:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2016-11-09 01:35 - 2016-10-11 11:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-11-09 01:35 - 2016-10-10 11:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-09 01:35 - 2016-10-10 11:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-09 01:35 - 2016-10-10 11:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-09 01:35 - 2016-10-10 11:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-09 01:35 - 2016-10-10 11:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-09 01:35 - 2016-10-10 11:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-09 01:35 - 2016-10-10 11:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-09 01:35 - 2016-10-10 11:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-09 01:35 - 2016-10-10 11:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-09 01:35 - 2016-10-10 11:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-09 01:35 - 2016-10-10 11:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-09 01:35 - 2016-10-10 11:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-09 01:35 - 2016-10-10 11:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-09 01:35 - 2016-10-10 11:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-09 01:35 - 2016-10-10 11:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-09 01:35 - 2016-10-10 11:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-09 01:35 - 2016-10-10 11:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-09 01:35 - 2016-10-10 11:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-09 01:35 - 2016-10-10 11:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-09 01:35 - 2016-10-10 11:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-11-09 01:35 - 2016-10-10 11:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-09 01:35 - 2016-10-10 11:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-09 01:35 - 2016-10-10 11:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-09 01:35 - 2016-10-10 11:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-09 01:35 - 2016-10-10 11:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-09 01:35 - 2016-10-10 11:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-09 01:35 - 2016-10-10 11:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-11-09 01:35 - 2016-10-10 11:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-09 01:35 - 2016-10-10 11:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-09 01:35 - 2016-10-10 11:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-09 01:35 - 2016-10-10 11:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-09 01:35 - 2016-10-10 11:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-09 01:35 - 2016-10-10 11:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-09 01:35 - 2016-10-10 10:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-09 01:35 - 2016-10-10 10:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-09 01:35 - 2016-10-10 10:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-09 01:35 - 2016-10-10 10:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-09 01:35 - 2016-10-10 10:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-09 01:35 - 2016-10-10 10:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-09 01:35 - 2016-10-07 11:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-09 01:35 - 2016-10-07 11:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-09 01:35 - 2016-10-07 11:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-09 01:35 - 2016-10-07 11:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-09 01:35 - 2016-10-07 11:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-11-09 01:35 - 2016-10-07 11:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-09 01:35 - 2016-10-07 10:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-09 01:35 - 2016-10-07 10:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-11-09 01:35 - 2016-10-07 10:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-11-09 01:35 - 2016-10-07 10:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-11-09 01:35 - 2016-10-07 10:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-11-09 01:35 - 2016-10-07 10:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 10:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 10:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 10:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-09 01:35 - 2016-10-05 10:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-09 01:35 - 2016-09-15 10:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-09 01:35 - 2016-09-13 11:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-09 01:35 - 2016-09-13 11:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-11-09 01:35 - 2016-09-09 14:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-11-09 01:35 - 2016-08-22 12:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-10-31 09:25 - 2016-10-31 09:25 - 00000000 ____D C:\Windows\Offline Address Books
2016-10-26 13:16 - 2016-10-26 13:16 - 01054716 _____ C:\Users\ben\Downloads\intVeld.pdf
2016-10-25 15:55 - 2016-10-25 15:55 - 00116222 _____ C:\Users\ben\Downloads\eStatement_2016-10-23.pdf
2016-10-25 15:47 - 2016-10-06 16:49 - 00489712 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2016-10-25 15:47 - 2016-10-06 16:49 - 00235184 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys
2016-10-25 15:46 - 2016-10-25 15:46 - 00000000 ____D C:\Users\ben\AppData\Local\Trusteer
2016-10-25 15:46 - 2016-10-25 15:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-10-25 15:46 - 2016-10-25 15:46 - 00000000 ____D C:\Program Files (x86)\Trusteer
2016-10-25 15:45 - 2016-10-25 15:45 - 00000000 ____D C:\ProgramData\Trusteer
2016-10-25 15:44 - 2016-10-25 15:44 - 00483312 _____ (IBM Corp.) C:\Users\ben\Downloads\RapportSetup.exe
2016-10-20 10:02 - 2016-10-20 10:02 - 00201766 _____ C:\Users\ben\Downloads\Flame Spread Ratings.pdf.crdownload
2016-10-20 10:02 - 2016-10-20 10:02 - 00201766 _____ C:\Users\ben\Downloads\Flame Spread Ratings.pdf (1).crdownload
2016-10-19 12:36 - 2016-10-19 12:37 - 00591032 _____ C:\Windows\Minidump\101916-55146-01.dmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-18 12:10 - 2013-02-27 14:07 - 00000128 _____ C:\Windows\system32\config\netlogon.ftl
2016-11-18 11:52 - 2013-06-04 10:39 - 00000000 ____D C:\Program Files (x86)\Advanced Monitoring Agent
2016-11-18 11:51 - 2013-04-12 07:01 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-18 11:32 - 2015-06-24 09:10 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-56489839-2000681604-3146556970-1146UA.job
2016-11-18 11:12 - 2013-03-06 08:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-18 10:53 - 2009-07-14 00:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-18 10:53 - 2009-07-14 00:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-18 10:50 - 2015-05-19 08:55 - 00000000 ___RD C:\Users\ben\Dropbox
2016-11-18 10:50 - 2013-02-28 10:26 - 00000000 ____D C:\Users\ben\AppData\Local\LogMeIn Hamachi
2016-11-18 10:50 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2016-11-18 10:49 - 2016-07-14 08:13 - 00000000 ____D C:\ProgramData\ManagedAntivirus
2016-11-18 10:49 - 2013-04-12 07:01 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-18 10:47 - 2009-07-14 01:13 - 00786538 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-18 10:47 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-11-18 10:45 - 2016-08-02 09:23 - 00000000 ____D C:\Program Files\Common Files\Managed Antivirus
2016-11-18 10:39 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-18 10:38 - 2016-07-24 23:17 - 00000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi
2016-11-18 10:38 - 2016-07-24 23:17 - 00000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi
2016-11-18 10:38 - 2009-07-13 22:34 - 26738688 _____ C:\Windows\system32\config\SYSTEM.bak
2016-11-18 10:38 - 2009-07-13 22:34 - 169345024 _____ C:\Windows\system32\config\SOFTWARE.bak
2016-11-18 10:38 - 2009-07-13 22:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2016-11-18 10:38 - 2009-07-13 22:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2016-11-18 10:11 - 2013-02-27 14:16 - 00000000 ____D C:\Outlook
2016-11-18 08:12 - 2013-05-06 15:57 - 00000000 ____D C:\ProgramData\MFAData
2016-11-18 03:00 - 2013-02-27 14:28 - 00002148 _____ C:\Windows\epplauncher.mif
2016-11-17 23:32 - 2015-06-24 09:10 - 00000858 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-56489839-2000681604-3146556970-1146Core.job
2016-11-17 16:51 - 2016-09-20 22:11 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2016-11-17 13:50 - 2013-03-15 12:48 - 00000000 ____D C:\Program Files (x86)\File Type Assistant
2016-11-17 13:31 - 2015-07-14 12:16 - 00000937 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2016-11-17 09:51 - 2014-12-12 12:43 - 00026660 _____ C:\Windows\BRRBCOM.INI
2016-11-16 01:15 - 2013-02-27 15:33 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-11-14 17:14 - 2013-03-04 08:54 - 00000000 ____D C:\Users\ben\AppData\Roaming\FileZilla
2016-11-14 16:53 - 2013-04-12 07:02 - 00002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-11 19:12 - 2013-03-06 08:45 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-11 19:12 - 2013-03-06 08:45 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-11 19:12 - 2013-03-06 08:45 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-11 19:12 - 2013-03-06 08:44 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-11 19:12 - 2012-11-23 02:52 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-11 13:47 - 2013-05-24 06:59 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2016-11-10 21:44 - 2015-07-14 15:21 - 00000000 ____D C:\ProgramData\AdvancedMonitoringAgentNetworkManagement
2016-11-10 14:05 - 2015-05-19 08:51 - 00000000 ____D C:\Users\ben\AppData\Roaming\Dropbox
2016-11-10 08:06 - 2016-10-05 07:02 - 05295225 ____H C:\Users\ben\AppData\Local\IconCache.db.backup
2016-11-09 23:27 - 2015-06-24 09:10 - 00003880 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-56489839-2000681604-3146556970-1146UA
2016-11-09 23:27 - 2015-06-24 09:10 - 00003484 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-56489839-2000681604-3146556970-1146Core
2016-11-09 15:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-11-09 07:57 - 2009-07-14 00:45 - 00453144 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-09 03:09 - 2013-08-14 16:21 - 00000000 ____D C:\Windows\system32\MRT
2016-11-09 03:03 - 2013-02-26 10:27 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-07 18:14 - 2014-12-23 17:10 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-31 17:04 - 2015-03-24 07:11 - 00000000 ____D C:\Users\ben\AppData\Local\CrashDumps
2016-10-28 11:21 - 2013-02-27 14:23 - 00000000 ____D C:\Users\ben\AppData\Local\Google
2016-10-25 07:12 - 2013-10-22 07:12 - 00000000 ____D C:\ProgramData\Oracle
2016-10-25 07:11 - 2014-07-21 07:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-25 07:11 - 2013-06-27 07:12 - 00000000 ____D C:\Program Files (x86)\Java
2016-10-25 07:09 - 2014-07-21 07:12 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-10-20 16:11 - 2016-10-11 07:17 - 06647224 _____ (Tim Kosse) C:\Users\ben\Downloads\FileZilla_3.22.1_win64-setup.exe
2016-10-19 12:39 - 2013-02-27 14:09 - 00000000 ____D C:\Users\administrator
2016-10-19 12:39 - 2013-02-22 14:13 - 00000000 ____D C:\Users\User133
2016-10-19 12:36 - 2013-03-09 20:04 - 811390130 _____ C:\Windows\MEMORY.DMP
2016-10-19 12:36 - 2013-03-09 20:04 - 00000000 ____D C:\Windows\Minidump
2016-10-19 05:52 - 2014-03-31 07:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
 
==================== Files in the root of some directories =======
 
2016-11-18 10:48 - 2016-11-18 10:48 - 0239765 _____ () C:\ProgramData\1479480336.bdinstall.bin
2013-02-27 14:56 - 2013-02-27 14:56 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-11-14 00:13
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,175 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:50 AM

Posted 19 November 2016 - 10:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

p.s.

Please run the Farbar tool one more time and post fresh FRST and Addition.txt files for my review.

#3 Ben00

Ben00
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 21 November 2016 - 09:12 AM

Okay I downloaded and ran the zoek file as admin with the script provided. After running this, I tried both the chrome and IE browser. All the pop-up ads seem to be gone. Everything seems to be back to normal as far as I can tell.

 

I did not get a log file though. Notepad opened at the end and gave an error stating "The system cannot find the path specified."

 

Also, during the zoek process, I had an error stating "An error has occurred in the script on this page. Line 68 Char: 6 Error: Path not found Code: 0 URL: file:///C:/Users/ben/AppData/Local/Temp/zoekrun.hta" It then asked if I wanted to continue running scripts on this page to which I said yes.

 

Here is a copy of a fresh FRST. See attached for fresh Addition.txt file. Thanks very much for your help! Really appreciated!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-11-2016
Ran by ben (administrator) on WRKSTN07 (21-11-2016 09:44:41)
Running from C:\Users\ben\Downloads
Loaded Profiles: ben (Available Profiles: User133 & ben & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Remote Monitoring) C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lenovo) C:\Program Files\Lenovo\LBAI\LBAEvent.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Autodesk Inc.) C:\Windows\temp\AdAppMgrUpdater.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Akamai Technologies, Inc.) C:\Users\ben\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\ben\AppData\Local\Akamai\netsession_win.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Dropbox, Inc.) C:\Users\ben\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(LogicNow Ltd) C:\Program Files\Managed Antivirus\Managed Antivirus Master Service\ManagedAntivirus.exe
(LogicNow Ltd) C:\Program Files\Advanced Monitoring Agent Network Management\NetworkManagement.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files (x86)\Advanced Monitoring Agent\FmPlugin\fmplugin.exe
(Bitdefender) C:\Program Files\Managed Antivirus\Managed Antivirus Engine\Managed Antivirus\Managed Antivirus\EndpointService.exe
(Bitdefender) C:\Program Files\Managed Antivirus\Managed Antivirus Engine\Managed Antivirus\Managed Antivirus\UpdateService.exe
(Bitdefender) C:\Program Files\Common Files\Managed Antivirus\Endpoint Agent\epag.exe
(Bitdefender) C:\Program Files\Managed Antivirus\Managed Antivirus Engine\Managed Antivirus\Managed Antivirus\EndpointIntegration.exe
(Bitdefender) C:\Program Files\Managed Antivirus\Managed Antivirus Engine\Managed Antivirus\Managed Antivirus\Console.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\AutoCAD 2015\acad.exe
(Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\AutoCAD 2015\AcSettingSync.exe
(Autodesk, Inc.) C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\WSCommCntr4.exe
(Autodesk) C:\Program Files\Autodesk\AutoCAD 2015\AcWebBrowser\AcWebBrowser.exe
(Autodesk) C:\Program Files\Autodesk\AutoCAD 2015\AcWebBrowser\AcWebBrowser.exe
(Autodesk) C:\Program Files\Autodesk\AutoCAD 2015\AcWebBrowser\AcWebBrowser.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2012-01-10] (Realtek Semiconductor)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1694016 2011-09-07] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2011-12-16] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [815512 2012-01-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [716224 2016-03-23] (Autodesk, Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-11-11] (LogMeIn Inc.)
HKU\S-1-5-21-56489839-2000681604-3146556970-1146\...\Run: [Akamai NetSession Interface] => C:\Users\ben\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-56489839-2000681604-3146556970-1146\...\Run: [Dropbox Update] => C:\Users\ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-56489839-2000681604-3146556970-1146\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1336320 2015-11-25] (Autodesk, Inc.)
HKU\S-1-5-21-56489839-2000681604-3146556970-1146\...\Policies\Explorer: [] 
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1336320 2015-11-25] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-09-10] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ben\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
Startup: C:\Users\ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-11-10]
ShortcutTarget: Dropbox.lnk -> C:\Users\ben\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-05-02]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{1D8616E8-EC0B-447A-BD03-37094B2F8535}: [DhcpNameServer] 192.168.0.30 64.71.255.198 8.8.8.8
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-56489839-2000681604-3146556970-1146\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-56489839-2000681604-3146556970-1146\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ca/
HKU\S-1-5-21-56489839-2000681604-3146556970-1146\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-56489839-2000681604-3146556970-1146\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkcentre
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-56489839-2000681604-3146556970-1146 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7LENP_enCA525
SearchScopes: HKU\S-1-5-21-56489839-2000681604-3146556970-1146 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-56489839-2000681604-3146556970-1146 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7LENP_enCA525
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-25] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.5.0\ViProtocol.dll No File
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-05-20] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-11] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.5.0\\npsitesafety.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-56489839-2000681604-3146556970-1146: saba.com/SabaMeetingPlugin -> C:\Users\ben\AppData\Roaming\Centra\App\bin\npSabaMeetingPlugin3.dll [2015-12-29] (Saba)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default [2016-11-21]
CHR Extension: (Google Slides) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-21]
CHR Extension: (Google Docs) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-21]
CHR Extension: (Google Drive) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-21]
CHR Extension: (Rapport) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-11-21]
CHR Extension: (YouTube) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-21]
CHR Extension: (Google Sheets) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-21]
CHR Extension: (Google Docs Offline) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-21]
CHR Extension: (Gmail) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-21]
CHR Extension: (Chrome Media Router) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-21]
CHR HKU\S-1-5-21-56489839-2000681604-3146556970-1146\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1231376 2016-03-23] (Autodesk Inc.)
R2 Advanced Monitoring Agent; C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe [8790016 2016-07-14] (Remote Monitoring) [File not signed]
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [647864 2016-10-13] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5332384 2016-10-13] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1149712 2016-09-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [727512 2016-10-13] (AVG Technologies CZ, s.r.o.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 EndpointIntegration; C:\Program Files\Managed Antivirus\Managed Antivirus Engine\Managed Antivirus\Managed Antivirus\EndpointIntegration.exe [398480 2015-11-26] (Bitdefender)
R2 EndpointService; C:\Program Files\Managed Antivirus\Managed Antivirus Engine\Managed Antivirus\Managed Antivirus\EndpointService.exe [398480 2015-11-26] (Bitdefender)
R2 epag; C:\Program Files\Common Files\Managed Antivirus\Endpoint Agent\epag.exe [3749304 2016-02-11] (Bitdefender)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 LBAEvent; C:\Program Files\Lenovo\LBAI\LBAEvent.exe [17768 2012-03-22] (Lenovo)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-11-11] (LogMeIn, Inc.)
R2 ManagedAntivirus; C:\Program Files\Managed Antivirus\Managed Antivirus Master Service\ManagedAntivirus.exe [358040 2016-07-14] (LogicNow Ltd)
R2 NetworkManagement; C:\Program Files\Advanced Monitoring Agent Network Management\NetworkManagement.exe [281240 2016-09-07] (LogicNow Ltd)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2387952 2016-10-06] (IBM Corp.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 UpdateService; C:\Program Files\Managed Antivirus\Managed Antivirus Engine\Managed Antivirus\Managed Antivirus\UpdateService.exe [398480 2015-11-26] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1622512 2016-01-22] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [806344 2016-01-22] (BitDefender)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [311552 2016-09-22] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272640 2016-07-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [265472 2016-09-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows ® Win 7 DDK provider)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2014-07-08] (GFI Software)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [161592 2015-07-21] (BitDefender LLC)
R3 LBAI; C:\Windows\System32\Drivers\LBAI.sys [9600 2011-12-08] (Lenovo)
R1 RapportCerberus_1609053; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609053.sys [1181672 2016-10-25] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [566248 2016-10-06] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [235184 2016-10-06] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [489712 2016-10-06] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [547888 2016-10-06] (IBM Corp.)
R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-06-02] (BitDefender S.R.L.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-21 09:32 - 2016-11-21 09:39 - 00000000 ____D C:\zoek
2016-11-21 08:06 - 2016-11-21 08:06 - 00245424 _____ C:\ProgramData\1479729633.bdinstall.bin
2016-11-21 08:01 - 2015-07-21 19:27 - 00161592 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2016-11-21 08:00 - 2015-06-02 16:21 - 00477272 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2016-11-21 07:53 - 2016-11-21 07:53 - 00113139 _____ C:\ProgramData\1479729089.bdinstall.bin
2016-11-21 07:46 - 2016-11-21 08:51 - 00000000 ____D C:\zoek_backup
2016-11-21 07:46 - 2016-11-21 07:46 - 01309184 _____ C:\Users\ben\Downloads\zoek.exe
2016-11-18 16:48 - 2016-11-18 16:48 - 00000000 ____D C:\Users\ben\AppData\Local\VirtualStore
2016-11-18 12:10 - 2016-11-18 12:10 - 00073054 _____ C:\Users\ben\Downloads\Addition.txt
2016-11-18 12:08 - 2016-11-21 09:45 - 00031164 _____ C:\Users\ben\Downloads\FRST.txt
2016-11-18 12:08 - 2016-11-21 09:44 - 00000000 ____D C:\FRST
2016-11-18 12:08 - 2016-11-18 12:08 - 02412032 _____ (Farbar) C:\Users\ben\Downloads\FRST64.exe
2016-11-18 10:58 - 2016-11-18 10:58 - 00040949 _____ C:\ComboFix.txt
2016-11-18 10:48 - 2016-11-18 10:48 - 00239765 _____ C:\ProgramData\1479480336.bdinstall.bin
2016-11-18 10:10 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2016-11-18 10:10 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2016-11-18 10:10 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-11-18 10:10 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-11-18 10:10 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-11-18 10:10 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2016-11-18 10:10 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2016-11-18 10:10 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2016-11-18 10:03 - 2016-11-18 10:58 - 00000000 ____D C:\Qoobox
2016-11-18 10:02 - 2016-11-18 10:52 - 00000000 ____D C:\Windows\erdnt
2016-11-17 13:31 - 2016-11-17 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-11-17 13:31 - 2016-11-17 13:31 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-11-15 16:30 - 2016-11-15 16:30 - 00854205 _____ C:\Users\ben\Downloads\Autodesk_AutoCAD_2015_Geolocation_OnlineMap_Hotfix.zip
2016-11-10 14:05 - 2016-11-10 14:05 - 00000000 ____D C:\Users\ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-11-10 08:31 - 2016-11-18 10:02 - 05659276 ____R (Swearware) C:\Users\ben\Downloads\ComboFix.exe
2016-11-09 01:36 - 2016-11-02 11:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-09 01:36 - 2016-10-27 14:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-09 01:36 - 2016-10-27 14:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-09 01:36 - 2016-10-27 14:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-09 01:36 - 2016-10-27 13:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-09 01:36 - 2016-10-27 13:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-09 01:36 - 2016-10-27 13:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-09 01:36 - 2016-10-27 13:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-09 01:36 - 2016-10-27 11:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-09 01:36 - 2016-10-25 11:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-09 01:36 - 2016-10-22 13:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-09 01:36 - 2016-10-22 12:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-09 01:36 - 2016-10-22 12:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-09 01:36 - 2016-10-22 12:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-11-09 01:36 - 2016-10-22 12:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-09 01:36 - 2016-10-22 12:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-09 01:36 - 2016-10-22 12:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-09 01:36 - 2016-10-11 11:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-09 01:36 - 2016-10-11 09:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-09 01:36 - 2016-10-11 09:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-09 01:36 - 2016-10-10 11:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-09 01:36 - 2016-10-10 11:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-09 01:36 - 2016-10-10 11:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-09 01:36 - 2016-10-07 11:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-09 01:36 - 2016-10-07 11:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-09 01:36 - 2016-10-07 11:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-09 01:36 - 2016-10-07 11:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-09 01:36 - 2016-10-07 11:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-09 01:36 - 2016-10-07 11:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-09 01:36 - 2016-10-07 11:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-09 01:36 - 2016-09-09 14:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-09 01:35 - 2016-11-02 11:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-09 01:35 - 2016-11-02 11:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-09 01:35 - 2016-11-02 11:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-09 01:35 - 2016-11-02 11:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-09 01:35 - 2016-11-02 11:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-09 01:35 - 2016-11-02 11:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-11-09 01:35 - 2016-11-02 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-11-09 01:35 - 2016-11-02 11:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-11-09 01:35 - 2016-11-02 10:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-09 01:35 - 2016-10-27 23:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-09 01:35 - 2016-10-27 23:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-09 01:35 - 2016-10-27 15:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-09 01:35 - 2016-10-27 15:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-09 01:35 - 2016-10-27 14:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-09 01:35 - 2016-10-27 14:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-09 01:35 - 2016-10-27 14:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-09 01:35 - 2016-10-27 14:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-09 01:35 - 2016-10-27 14:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-09 01:35 - 2016-10-27 14:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-09 01:35 - 2016-10-27 14:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-09 01:35 - 2016-10-27 14:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-09 01:35 - 2016-10-27 14:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-09 01:35 - 2016-10-27 14:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-09 01:35 - 2016-10-27 14:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-09 01:35 - 2016-10-27 14:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-09 01:35 - 2016-10-27 14:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-09 01:35 - 2016-10-27 14:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-09 01:35 - 2016-10-27 14:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-09 01:35 - 2016-10-27 14:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-09 01:35 - 2016-10-27 14:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-09 01:35 - 2016-10-27 14:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-09 01:35 - 2016-10-27 14:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-09 01:35 - 2016-10-27 14:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-09 01:35 - 2016-10-27 13:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-09 01:35 - 2016-10-27 13:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-09 01:35 - 2016-10-27 13:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-09 01:35 - 2016-10-27 13:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-09 01:35 - 2016-10-27 12:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-09 01:35 - 2016-10-22 13:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-11-09 01:35 - 2016-10-22 13:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-11-09 01:35 - 2016-10-22 13:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-11-09 01:35 - 2016-10-22 13:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-09 01:35 - 2016-10-22 13:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-11-09 01:35 - 2016-10-22 13:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-09 01:35 - 2016-10-22 13:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-11-09 01:35 - 2016-10-22 13:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-11-09 01:35 - 2016-10-22 13:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-11-09 01:35 - 2016-10-22 13:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-09 01:35 - 2016-10-22 13:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-11-09 01:35 - 2016-10-22 13:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-11-09 01:35 - 2016-10-22 13:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-11-09 01:35 - 2016-10-22 13:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-09 01:35 - 2016-10-22 13:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-11-09 01:35 - 2016-10-22 12:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-11-09 01:35 - 2016-10-22 12:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-09 01:35 - 2016-10-22 12:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-09 01:35 - 2016-10-22 12:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-11-09 01:35 - 2016-10-22 12:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-09 01:35 - 2016-10-22 12:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-09 01:35 - 2016-10-22 12:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-09 01:35 - 2016-10-15 11:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-09 01:35 - 2016-10-15 11:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-09 01:35 - 2016-10-15 11:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-09 01:35 - 2016-10-15 11:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-11-09 01:35 - 2016-10-11 11:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-09 01:35 - 2016-10-11 11:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-09 01:35 - 2016-10-11 11:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-09 01:35 - 2016-10-11 11:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-09 01:35 - 2016-10-11 11:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-09 01:35 - 2016-10-11 11:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-09 01:35 - 2016-10-11 11:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-09 01:35 - 2016-10-11 11:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-09 01:35 - 2016-10-11 11:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-09 01:35 - 2016-10-11 11:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-09 01:35 - 2016-10-11 11:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-09 01:35 - 2016-10-11 11:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-09 01:35 - 2016-10-11 11:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-11-09 01:35 - 2016-10-11 11:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-09 01:35 - 2016-10-11 11:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-11-09 01:35 - 2016-10-11 11:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-11-09 01:35 - 2016-10-11 11:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-09 01:35 - 2016-10-11 11:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-11-09 01:35 - 2016-10-11 11:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2016-11-09 01:35 - 2016-10-11 11:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-11-09 01:35 - 2016-10-11 11:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2016-11-09 01:35 - 2016-10-11 11:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-11-09 01:35 - 2016-10-11 11:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2016-11-09 01:35 - 2016-10-11 11:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-11-09 01:35 - 2016-10-10 11:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-09 01:35 - 2016-10-10 11:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-09 01:35 - 2016-10-10 11:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-09 01:35 - 2016-10-10 11:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-09 01:35 - 2016-10-10 11:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-09 01:35 - 2016-10-10 11:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-09 01:35 - 2016-10-10 11:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-09 01:35 - 2016-10-10 11:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-09 01:35 - 2016-10-10 11:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-09 01:35 - 2016-10-10 11:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-09 01:35 - 2016-10-10 11:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-09 01:35 - 2016-10-10 11:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-09 01:35 - 2016-10-10 11:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-09 01:35 - 2016-10-10 11:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-09 01:35 - 2016-10-10 11:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-09 01:35 - 2016-10-10 11:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-09 01:35 - 2016-10-10 11:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-09 01:35 - 2016-10-10 11:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-09 01:35 - 2016-10-10 11:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-09 01:35 - 2016-10-10 11:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-11-09 01:35 - 2016-10-10 11:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-09 01:35 - 2016-10-10 11:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-09 01:35 - 2016-10-10 11:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-09 01:35 - 2016-10-10 11:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-09 01:35 - 2016-10-10 11:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-09 01:35 - 2016-10-10 11:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-09 01:35 - 2016-10-10 11:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-11-09 01:35 - 2016-10-10 11:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-09 01:35 - 2016-10-10 11:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-09 01:35 - 2016-10-10 11:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-09 01:35 - 2016-10-10 11:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-09 01:35 - 2016-10-10 11:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-09 01:35 - 2016-10-10 11:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-09 01:35 - 2016-10-10 10:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-09 01:35 - 2016-10-10 10:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-09 01:35 - 2016-10-10 10:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-09 01:35 - 2016-10-10 10:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-09 01:35 - 2016-10-10 10:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-09 01:35 - 2016-10-10 10:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-09 01:35 - 2016-10-07 11:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-09 01:35 - 2016-10-07 11:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 11:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-09 01:35 - 2016-10-07 11:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-09 01:35 - 2016-10-07 11:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-09 01:35 - 2016-10-07 11:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-11-09 01:35 - 2016-10-07 11:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-09 01:35 - 2016-10-07 10:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-09 01:35 - 2016-10-07 10:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-11-09 01:35 - 2016-10-07 10:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-11-09 01:35 - 2016-10-07 10:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-11-09 01:35 - 2016-10-07 10:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-11-09 01:35 - 2016-10-07 10:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 10:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 10:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-09 01:35 - 2016-10-07 10:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-09 01:35 - 2016-10-05 10:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-09 01:35 - 2016-09-15 10:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-09 01:35 - 2016-09-13 11:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-09 01:35 - 2016-09-13 11:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-11-09 01:35 - 2016-09-09 14:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-11-09 01:35 - 2016-08-22 12:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-10-31 09:25 - 2016-10-31 09:25 - 00000000 ____D C:\Windows\Offline Address Books
2016-10-26 13:16 - 2016-10-26 13:16 - 01054716 _____ C:\Users\ben\Downloads\intVeld.pdf
2016-10-25 15:55 - 2016-10-25 15:55 - 00116222 _____ C:\Users\ben\Downloads\eStatement_2016-10-23.pdf
2016-10-25 15:47 - 2016-10-06 16:49 - 00489712 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2016-10-25 15:47 - 2016-10-06 16:49 - 00235184 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys
2016-10-25 15:46 - 2016-10-25 15:46 - 00000000 ____D C:\Users\ben\AppData\Local\Trusteer
2016-10-25 15:46 - 2016-10-25 15:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-10-25 15:46 - 2016-10-25 15:46 - 00000000 ____D C:\Program Files (x86)\Trusteer
2016-10-25 15:45 - 2016-10-25 15:45 - 00000000 ____D C:\ProgramData\Trusteer
2016-10-25 15:44 - 2016-10-25 15:44 - 00483312 _____ (IBM Corp.) C:\Users\ben\Downloads\RapportSetup.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-21 09:32 - 2015-06-24 09:10 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-56489839-2000681604-3146556970-1146UA.job
2016-11-21 09:31 - 2013-06-04 10:39 - 00000000 ____D C:\Program Files (x86)\Advanced Monitoring Agent
2016-11-21 09:31 - 2013-02-27 14:13 - 00000000 ____D C:\Users\ben\AppData\Roaming\Adobe
2016-11-21 09:12 - 2013-03-06 08:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-21 09:05 - 2015-03-24 07:11 - 00000000 ____D C:\Users\ben\AppData\Local\CrashDumps
2016-11-21 08:52 - 2013-02-22 14:14 - 00001698 _____ C:\Users\User133\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-11-21 08:52 - 2013-02-22 14:14 - 00001698 _____ C:\Users\User133\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-11-21 08:51 - 2013-04-12 07:01 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-21 08:50 - 2013-05-17 17:38 - 00000000 ____D C:\Program Files (x86)\jZip
2016-11-21 08:47 - 2013-02-27 14:16 - 00000000 ____D C:\Outlook
2016-11-21 08:06 - 2016-07-14 08:13 - 00000000 ____D C:\ProgramData\ManagedAntivirus
2016-11-21 08:01 - 2016-08-02 09:23 - 00000000 ____D C:\Program Files\Common Files\Managed Antivirus
2016-11-21 08:01 - 2009-07-14 01:13 - 00786538 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-21 08:01 - 2009-07-14 00:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-21 08:01 - 2009-07-14 00:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-21 08:01 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-11-21 07:58 - 2015-05-19 08:55 - 00000000 ___RD C:\Users\ben\Dropbox
2016-11-21 07:56 - 2013-04-12 07:01 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-21 07:56 - 2013-02-28 10:26 - 00000000 ____D C:\Users\ben\AppData\Local\LogMeIn Hamachi
2016-11-21 07:55 - 2013-02-27 14:07 - 00000128 _____ C:\Windows\system32\config\netlogon.ftl
2016-11-21 07:55 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-21 03:00 - 2013-02-27 14:28 - 00002148 _____ C:\Windows\epplauncher.mif
2016-11-20 23:32 - 2015-06-24 09:10 - 00000858 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-56489839-2000681604-3146556970-1146Core.job
2016-11-20 20:12 - 2013-05-06 15:57 - 00000000 ____D C:\ProgramData\MFAData
2016-11-20 18:57 - 2016-09-20 22:11 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2016-11-18 14:35 - 2013-05-20 18:20 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-11-18 10:50 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2016-11-18 10:38 - 2016-07-24 23:17 - 00000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi
2016-11-18 10:38 - 2016-07-24 23:17 - 00000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi
2016-11-18 10:38 - 2009-07-13 22:34 - 26738688 _____ C:\Windows\system32\config\SYSTEM.bak
2016-11-18 10:38 - 2009-07-13 22:34 - 169345024 _____ C:\Windows\system32\config\SOFTWARE.bak
2016-11-18 10:38 - 2009-07-13 22:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2016-11-18 10:38 - 2009-07-13 22:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2016-11-17 13:31 - 2015-07-14 12:16 - 00000937 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2016-11-17 09:51 - 2014-12-12 12:43 - 00026660 _____ C:\Windows\BRRBCOM.INI
2016-11-16 01:15 - 2013-02-27 15:33 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-11-14 17:14 - 2013-03-04 08:54 - 00000000 ____D C:\Users\ben\AppData\Roaming\FileZilla
2016-11-14 16:53 - 2013-04-12 07:02 - 00002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-11 19:12 - 2013-03-06 08:45 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-11 19:12 - 2013-03-06 08:45 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-11 19:12 - 2013-03-06 08:45 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-11 19:12 - 2013-03-06 08:44 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-11 19:12 - 2012-11-23 02:52 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-11 13:47 - 2013-05-24 06:59 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2016-11-10 21:44 - 2015-07-14 15:21 - 00000000 ____D C:\ProgramData\AdvancedMonitoringAgentNetworkManagement
2016-11-10 14:05 - 2015-05-19 08:51 - 00000000 ____D C:\Users\ben\AppData\Roaming\Dropbox
2016-11-10 08:06 - 2016-10-05 07:02 - 05295225 ____H C:\Users\ben\AppData\Local\IconCache.db.backup
2016-11-09 23:27 - 2015-06-24 09:10 - 00003880 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-56489839-2000681604-3146556970-1146UA
2016-11-09 23:27 - 2015-06-24 09:10 - 00003484 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-56489839-2000681604-3146556970-1146Core
2016-11-09 15:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-11-09 07:57 - 2009-07-14 00:45 - 00453144 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-09 03:09 - 2013-08-14 16:21 - 00000000 ____D C:\Windows\system32\MRT
2016-11-09 03:03 - 2013-02-26 10:27 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-07 18:14 - 2014-12-23 17:10 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-28 11:21 - 2013-02-27 14:23 - 00000000 ____D C:\Users\ben\AppData\Local\Google
2016-10-25 07:12 - 2013-10-22 07:12 - 00000000 ____D C:\ProgramData\Oracle
2016-10-25 07:11 - 2014-07-21 07:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-25 07:11 - 2013-06-27 07:12 - 00000000 ____D C:\Program Files (x86)\Java
2016-10-25 07:09 - 2014-07-21 07:12 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
 
==================== Files in the root of some directories =======
 
2016-11-18 10:48 - 2016-11-18 10:48 - 0239765 _____ () C:\ProgramData\1479480336.bdinstall.bin
2016-11-21 07:53 - 2016-11-21 07:53 - 0113139 _____ () C:\ProgramData\1479729089.bdinstall.bin
2016-11-21 08:06 - 2016-11-21 08:06 - 0245424 _____ () C:\ProgramData\1479729633.bdinstall.bin
2013-02-27 14:56 - 2013-02-27 14:56 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-11-14 00:13
 
==================== End of FRST.txt ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,175 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:50 AM

Posted 21 November 2016 - 11:07 AM

Remove this Browser Hijacker via the Control Panel > Programs > Programs and features.
File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: 2014.5.6.0 - ) <==== ATTENTION
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-56489839-2000681604-3146556970-1146\...\Policies\Explorer: []
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-56489839-2000681604-3146556970-1146\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-56489839-2000681604-3146556970-1146 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7LENP_enCA525
SearchScopes: HKU\S-1-5-21-56489839-2000681604-3146556970-1146 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7LENP_enCA525
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.5.0\ViProtocol.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.5.0\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-21]
CHR Extension: (Chrome Media Router) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-21]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
Task: {0AC452C7-ED53-42AB-9907-8E0948322979} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files (x86)\File Type Assistant\tsasetup.exe <==== ATTENTION
Task: {5841D2FC-C094-40E1-B064-721CA89A419F} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe <==== ATTENTION
Task: {B2B60189-11A2-4D16-B4BC-E4903741C879} - \0116tbUpdateInfo -> No File <==== ATTENTION
Task: {EA7DB238-1A1F-4DD8-8DB7-E407E1D20050} - \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan -> No File <==== ATTENTION
Task: {EC38F964-17CB-489A-80A1-CE79A87FCA43} - \1214tbUpdateInfo -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\ben\Downloads\7z1602-x64.exe:BDU [0]
AlternateDataStreams: C:\Users\ben\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\ben\Downloads\RapportSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\ben\Downloads\SpyHunter-Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\ben\Downloads\zoek.exe:BDU [0]
FirewallRules: [{9350436A-D9A8-4F41-B3A6-6A873EE13F87}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [{F9370EEB-5A63-48D8-B52D-2DC7D9F3E6DE}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [{7DBFEF9E-2CE4-4506-A9A1-CA6892ED56BE}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe

reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#5 Ben00

Ben00
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 21 November 2016 - 12:37 PM

Went to uninstall the "File Type Assistant" program and got the following error message. "An error occurred while trying to uninstall File Type Assistant. It may have already been uninstalled. Would you like to remove File Type Assistant from the Programs and Features list?" to which I said yes.

 

Here is the fixlog.txt. All does seem to be well. Thanks again!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-11-2016
Ran by ben (21-11-2016 13:17:41) Run:1
Running from C:\Users\ben\Downloads
Loaded Profiles: ben (Available Profiles: User133 & ben & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-56489839-2000681604-3146556970-1146\...\Policies\Explorer: []
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-56489839-2000681604-3146556970-1146\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-56489839-2000681604-3146556970-1146 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7LENP_enCA525
SearchScopes: HKU\S-1-5-21-56489839-2000681604-3146556970-1146 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7LENP_enCA525
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.5.0\ViProtocol.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.5.0\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-21]
CHR Extension: (Chrome Media Router) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-21]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
Task: {0AC452C7-ED53-42AB-9907-8E0948322979} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files (x86)\File Type Assistant\tsasetup.exe <==== ATTENTION
Task: {5841D2FC-C094-40E1-B064-721CA89A419F} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe <==== ATTENTION
Task: {B2B60189-11A2-4D16-B4BC-E4903741C879} - \0116tbUpdateInfo -> No File <==== ATTENTION
Task: {EA7DB238-1A1F-4DD8-8DB7-E407E1D20050} - \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan -> No File <==== ATTENTION
Task: {EC38F964-17CB-489A-80A1-CE79A87FCA43} - \1214tbUpdateInfo -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\ben\Downloads\7z1602-x64.exe:BDU [0]
AlternateDataStreams: C:\Users\ben\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\ben\Downloads\RapportSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\ben\Downloads\SpyHunter-Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\ben\Downloads\zoek.exe:BDU [0]
FirewallRules: [{9350436A-D9A8-4F41-B3A6-6A873EE13F87}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [{F9370EEB-5A63-48D8-B52D-2DC7D9F3E6DE}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [{7DBFEF9E-2CE4-4506-A9A1-CA6892ED56BE}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
 
reboot:
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-56489839-2000681604-3146556970-1146\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-56489839-2000681604-3146556970-1146\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-56489839-2000681604-3146556970-1146\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-56489839-2000681604-3146556970-1146\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
"HKCR\PROTOCOLS\Handler\viprotocol" => key removed successfully
HKCR\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} => key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
catchme => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AC452C7-ED53-42AB-9907-8E0948322979}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AC452C7-ED53-42AB-9907-8E0948322979}" => key removed successfully
C:\Windows\System32\Tasks\ProgramRefresh-ATFST => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramRefresh-ATFST" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5841D2FC-C094-40E1-B064-721CA89A419F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5841D2FC-C094-40E1-B064-721CA89A419F}" => key removed successfully
C:\Windows\System32\Tasks\ProgramUpdateCheck => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramUpdateCheck" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2B60189-11A2-4D16-B4BC-E4903741C879}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2B60189-11A2-4D16-B4BC-E4903741C879}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0116tbUpdateInfo => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA7DB238-1A1F-4DD8-8DB7-E407E1D20050}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA7DB238-1A1F-4DD8-8DB7-E407E1D20050}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC38F964-17CB-489A-80A1-CE79A87FCA43}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC38F964-17CB-489A-80A1-CE79A87FCA43}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1214tbUpdateInfo => key not found. 
C:\Users\ben\Downloads\7z1602-x64.exe => ":BDU" ADS removed successfully.
C:\Users\ben\Downloads\FRST64.exe => ":BDU" ADS removed successfully.
C:\Users\ben\Downloads\RapportSetup.exe => ":BDU" ADS removed successfully.
C:\Users\ben\Downloads\SpyHunter-Installer.exe => ":BDU" ADS removed successfully.
C:\Users\ben\Downloads\zoek.exe => ":BDU" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9350436A-D9A8-4F41-B3A6-6A873EE13F87} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9370EEB-5A63-48D8-B52D-2DC7D9F3E6DE} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7DBFEF9E-2CE4-4506-A9A1-CA6892ED56BE} => value removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 528428078 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 59190138 B
Edge => 0 B
Chrome => 474971770 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33253 B
systemprofile32 => 39793 B
LocalService => 128 B
NetworkService => 0 B
User133 => 556636 B
ben => 253394663 B
administrator => 56597 B
 
RecycleBin => 1463014 B
EmptyTemp: => 1.2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 13:18:42 ====


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,175 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:50 AM

Posted 22 November 2016 - 09:03 AM

All is well?

#7 Ben00

Ben00
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 22 November 2016 - 09:34 AM

Yes all seems to be well. Thanks!



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,175 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:50 AM

Posted 22 November 2016 - 01:05 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users