Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection causes empazon.ru popups among others


  • This topic is locked This topic is locked
14 replies to this topic

#1 towt

towt

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 27 January 2017 - 07:49 PM

I've been having this rather stubborn infection that puts popups up. I found it to be related to a program called electorate.exe which I removed. To date I've run

RogueKiller

MalwareBytes

Windows Defender

IOBit Malware Fighter

SpybotSD

adwcleaner

 

I've reset IE to default settings and removed the link from the shortcuts on the desktop.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-01-2017 01
Ran by jande (administrator) on DESKTOP-SLRRCRP (27-01-2017 17:44:32)
Running from C:\Users\foxte\Desktop
Loaded Profiles: foxte & jande (Available Profiles: foxte & jande)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8783616 2016-02-27] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [229592 2015-07-09] (Realtek Semiconductor Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-28] (Microsoft Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [655112 2015-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-09-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26142864 2017-01-18] (Dropbox, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5893920 2015-11-12] (IObit)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\RunOnce: [DeleteOnReboot] => C:\Users\jande\AppData\Local\Temp\DeleteOnReboot.bat [537 2017-01-27] () <===== ATTENTION
HKU\S-1-5-21-1579387160-2240839606-3803936683-1001\...\Run: [CrashPlanTray] => C:\Users\foxte\AppData\Local\Programs\CrashPlan\CrashPlanTray.exe [461184 2016-10-17] (Code 42 Software, Inc.)
HKU\S-1-5-21-1579387160-2240839606-3803936683-1001\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2019616 2016-01-11] (IObit)
HKU\S-1-5-21-1579387160-2240839606-3803936683-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1579387160-2240839606-3803936683-1001\...\Run: [CrashPlanService] => C:\Users\foxte\AppData\Local\Programs\CrashPlan\CrashPlanService.vbs [543 2016-10-17] ()
HKU\S-1-5-21-1579387160-2240839606-3803936683-1002\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[C3].txt
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
Startup: C:\Users\foxte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\showdowns.lnk [2017-01-19]
ShortcutTarget: showdowns.lnk -> C:\Program Files (x86)\Waterville\electorate.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5aa9cb54-17d7-4e73-9abe-c0007dd531ac}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{5aa9cb54-17d7-4e73-9abe-c0007dd531ac}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6669064c-34dc-4543-a0aa-aecdf7c2e7df}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{85aa276d-43c5-4200-a3aa-6aca35d099e2}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{bce8ca6c-b278-4b7f-be15-7f8591da73af}: [DhcpNameServer] 82.163.143.176
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131195452313680642&GUID=60E92502-3512-4FBE-9DCA-88BD9DA6B959
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131195452313701327&GUID=60E92502-3512-4FBE-9DCA-88BD9DA6B959
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-1579387160-2240839606-3803936683-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-1579387160-2240839606-3803936683-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1579387160-2240839606-3803936683-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1579387160-2240839606-3803936683-1001 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = hxxp://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-18] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-25] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default [2017-01-27]
CHR Extension: (Google Slides) - C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-18]
CHR Extension: (Google Docs) - C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-18]
CHR Extension: (Google Drive) - C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-18]
CHR Extension: (YouTube) - C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-18]
CHR Extension: (Adobe Acrobat) - C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-18]
CHR Extension: (Google Sheets) - C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-18]
CHR Extension: (Google Docs Offline) - C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-18]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [446240 2016-01-05] (IObit)
R2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3744904 2015-06-19] (Intel Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [121048 2015-08-27] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [623072 2016-03-18] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-25] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-25] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-01-03] (Dropbox, Inc.)
R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1392792 2016-02-06] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-06-25] (WildTangent)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [604936 2015-08-17] (Hewlett-Packard Development Company, L.P.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-22] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-03-18] (Intel Corporation)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [882464 2015-11-04] (IObit)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-08-14] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2016-02-27] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260704 2016-09-02] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7496464 2016-09-20] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 busbcrw; C:\WINDOWS\System32\Drivers\bucrw64.sys [25600 2006-10-27] (Brother Industries, Ltd.)
R3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41400 2015-08-31] (CyberLink Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2015-12-26] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2016-02-06] (Intel Corporation)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit)
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-26] (REALiX™)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2015-12-26] (Realtek                                            )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [600832 2015-12-26] (Realtek Semiconductor Corporation)
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [761560 2015-12-26] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [5144064 2016-07-16] (Realtek Semiconductor Corporation                           )
S3 SGXEPC; C:\WINDOWS\System32\drivers\sgx_driver.sys [54768 2015-06-19] (Windows ® Win 7 DDK provider)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-27] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [71264 2016-09-02] (Synaptics Incorporated)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-12] (HP)
S3 xtouch; C:\WINDOWS\System32\drivers\xtouch.sys [173080 2016-02-06] ()
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-27 17:41 - 2017-01-27 17:42 - 00168501 _____ C:\Users\foxte\Desktop\Addition.txt
2017-01-27 17:39 - 2017-01-27 17:44 - 00026566 _____ C:\Users\foxte\Desktop\FRST.txt
2017-01-27 17:38 - 2017-01-27 17:39 - 02420736 _____ (Farbar) C:\Users\foxte\Desktop\FRST64.exe
2017-01-27 17:37 - 2017-01-27 17:38 - 01762816 _____ (Farbar) C:\Users\foxte\Downloads\FRST.exe
2017-01-27 17:27 - 2017-01-27 17:27 - 00002496 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_foxte
2017-01-27 17:27 - 2017-01-27 17:27 - 00000310 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_foxte.job
2017-01-27 17:27 - 2017-01-27 17:27 - 00000000 ____D C:\Users\jande\AppData\Roaming\ProductData
2017-01-27 17:27 - 2017-01-27 17:27 - 00000000 ____D C:\ProgramData\ProductData
2017-01-27 17:00 - 2017-01-27 17:00 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-27 16:45 - 2017-01-27 17:26 - 00000670 _____ C:\Users\jande\Desktop\JRT.txt
2017-01-27 16:41 - 2017-01-27 16:42 - 01663040 _____ (Malwarebytes) C:\Users\foxte\Downloads\JRT.exe
2017-01-27 16:40 - 2017-01-27 16:41 - 04015056 _____ C:\Users\foxte\Downloads\adwcleaner_6.043.exe
2017-01-27 12:53 - 2017-01-27 12:53 - 00000000 ____D C:\Users\jande\AppData\Local\PackageStaging
2017-01-27 12:47 - 2017-01-27 12:47 - 00000000 ____D C:\Users\jande\AppData\Roaming\Hewlett-Packard
2017-01-27 10:26 - 2017-01-27 12:51 - 00000000 ____D C:\Users\jande\AppData\Roaming\DropboxOEM
2017-01-27 10:26 - 2017-01-27 10:26 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-01-27 10:25 - 2017-01-27 10:25 - 00002374 _____ C:\Users\jande\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-27 09:53 - 2017-01-27 09:53 - 00059904 _____ C:\Users\foxte\Desktop\New Microsoft Publisher Document.pub
2017-01-27 09:03 - 2017-01-27 09:03 - 00826248 _____ (HP Inc.) C:\Users\foxte\Downloads\HPBRCULauncher.exe
2017-01-24 17:20 - 2016-12-21 00:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-24 17:20 - 2016-12-20 21:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 16:37 - 2017-01-24 16:37 - 00000912 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-01-24 16:36 - 2017-01-24 16:37 - 34726608 _____ (Adlice Software ) C:\Users\foxte\Downloads\setup (2).exe
2017-01-23 20:31 - 2017-01-23 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-23 18:31 - 2017-01-23 18:31 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-23 18:31 - 2017-01-23 18:31 - 00002374 _____ C:\Users\foxte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-20 12:02 - 2017-01-20 12:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-01-20 12:01 - 2017-01-20 12:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-01-20 12:01 - 2017-01-20 12:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-01-20 02:58 - 2017-01-18 13:59 - 00008325 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170120-025826.backup
2017-01-19 23:49 - 2017-01-20 08:41 - 00002475 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-18 19:13 - 2017-01-18 19:13 - 03017720 _____ (Google) C:\Users\foxte\Downloads\chrome_cleanup_tool.exe
2017-01-18 19:13 - 2017-01-18 19:13 - 03017720 _____ (Google) C:\Users\foxte\Desktop\chrome_cleanup_tool.exe
2017-01-18 19:05 - 2017-01-20 08:41 - 00002345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-18 19:04 - 2017-01-18 19:18 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-18 19:04 - 2017-01-18 19:18 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-18 19:03 - 2017-01-18 19:03 - 01065376 _____ (Google Inc.) C:\Users\foxte\Downloads\ChromeSetup (3).exe
2017-01-18 17:14 - 2017-01-18 17:14 - 01065376 _____ (Google Inc.) C:\Users\jande\Downloads\ChromeSetup.exe
2017-01-18 17:12 - 2017-01-18 17:12 - 00000000 ____D C:\Users\jande\AppData\Local\MicrosoftEdge
2017-01-18 16:33 - 2017-01-18 16:33 - 00000000 ____D C:\Users\jande\AppData\Local\NetworkTiles
2017-01-18 16:00 - 2017-01-27 10:25 - 00000000 ___RD C:\Users\jande\OneDrive
2017-01-18 16:00 - 2017-01-18 16:00 - 00000000 ____D C:\Users\jande\AppData\Roaming\Skype
2017-01-18 15:58 - 2017-01-18 15:58 - 00000000 ____D C:\Users\jande\AppData\Local\Hewlett-Packard
2017-01-18 15:58 - 2017-01-18 15:58 - 00000000 ____D C:\Users\jande\AppData\Local\DropboxOEM
2017-01-18 15:56 - 2017-01-18 15:56 - 00000000 ____D C:\Users\jande\AppData\Local\Comms
2017-01-18 15:55 - 2017-01-18 15:56 - 00000000 ____D C:\Users\jande\AppData\Local\Dropbox
2017-01-18 15:55 - 2017-01-18 15:55 - 00000000 ____D C:\Users\jande\AppData\Roaming\Macromedia
2017-01-18 15:55 - 2017-01-18 15:55 - 00000000 ____D C:\Users\jande\AppData\LocalLow\IObit
2017-01-18 15:55 - 2017-01-18 15:55 - 00000000 ____D C:\Users\jande\AppData\Local\CyberLink
2017-01-18 15:54 - 2017-01-18 15:54 - 00000000 ____D C:\Users\jande\AppData\Roaming\Apple Computer
2017-01-18 15:52 - 2017-01-27 13:07 - 00000000 ____D C:\Users\jande\AppData\Local\Packages
2017-01-18 15:52 - 2017-01-18 19:18 - 00000000 ____D C:\Users\jande\AppData\Local\Google
2017-01-18 15:52 - 2017-01-18 15:52 - 00000000 ____D C:\Users\jande\AppData\Roaming\Adobe
2017-01-18 15:52 - 2017-01-18 15:52 - 00000000 ____D C:\Users\jande\AppData\Local\VirtualStore
2017-01-18 15:52 - 2017-01-18 15:52 - 00000000 ____D C:\Users\jande\AppData\Local\Publishers
2017-01-18 15:51 - 2017-01-27 10:23 - 00000000 __SHD C:\Users\jande\IntelGraphicsProfiles
2017-01-18 15:51 - 2017-01-20 02:52 - 00000000 ____D C:\Users\jande\AppData\Roaming\IObit
2017-01-18 15:51 - 2017-01-18 16:03 - 00000000 ____D C:\Users\jande\AppData\Local\ConnectedDevicesPlatform
2017-01-18 15:51 - 2017-01-18 16:03 - 00000000 ____D C:\Users\jande
2017-01-18 15:51 - 2017-01-18 15:51 - 00000020 ___SH C:\Users\jande\ntuser.ini
2017-01-18 15:51 - 2017-01-18 15:51 - 00000000 _SHDL C:\Users\jande\My Documents
2017-01-18 15:51 - 2017-01-18 15:51 - 00000000 _SHDL C:\Users\jande\Documents\My Videos
2017-01-18 15:51 - 2017-01-18 15:51 - 00000000 _SHDL C:\Users\jande\Documents\My Pictures
2017-01-18 15:51 - 2017-01-18 15:51 - 00000000 _SHDL C:\Users\jande\Documents\My Music
2017-01-18 15:51 - 2017-01-18 15:51 - 00000000 ____D C:\Users\jande\Documents\My Bluetooth
2017-01-18 15:51 - 2017-01-18 15:51 - 00000000 ____D C:\Users\jande\AppData\Roaming\Synaptics
2017-01-18 15:51 - 2017-01-18 15:51 - 00000000 ____D C:\Users\jande\AppData\Local\TileDataLayer
2017-01-18 15:51 - 2016-09-28 20:01 - 00000000 ____D C:\Users\jande\Documents\SmartScreen
2017-01-18 15:51 - 2016-09-28 20:01 - 00000000 ____D C:\Users\jande\Documents\hp.system.package.metadata
2017-01-18 15:51 - 2016-09-28 20:01 - 00000000 ____D C:\Users\jande\Documents\hp.applications.package.appdata
2017-01-18 15:51 - 2016-09-28 20:01 - 00000000 ____D C:\Users\jande\Act
2017-01-18 15:51 - 2016-09-13 05:15 - 00000040 _____ C:\Users\jande\Downloads\Thankyou.bat
2017-01-18 13:58 - 2017-01-18 13:58 - 112283648 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2017-01-18 13:58 - 2017-01-18 13:58 - 00438272 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2017-01-18 13:58 - 2017-01-18 13:58 - 00036864 _____ C:\WINDOWS\system32\config\SAM.iobit
2017-01-18 13:58 - 2017-01-18 13:58 - 00028672 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2017-01-18 13:47 - 2017-01-18 13:47 - 00795640 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaStorA.sys
2017-01-18 13:26 - 2017-01-18 13:26 - 00000000 ____D C:\f72f146ea9a3f77c598da0c08e395601
2017-01-18 13:10 - 2016-12-22 16:13 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-01-18 13:10 - 2016-12-22 16:13 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-17 16:11 - 2017-01-17 16:11 - 00000000 ____D C:\Users\Public\Documents\Tools
2017-01-17 09:48 - 2017-01-26 10:59 - 00003144 _____ C:\WINDOWS\System32\Tasks\{78EC0D10-E56E-5818-1410-43AEEDE62B02}
2017-01-17 09:42 - 2017-01-18 15:37 - 00000000 ____D C:\Program Files\COMODO
2017-01-17 09:42 - 2017-01-18 02:27 - 00000000 ____D C:\ProgramData\COMODO
2017-01-17 05:49 - 2017-01-17 05:49 - 00000000 ____D C:\Users\foxte\AppData\Local\CrashRpt
2017-01-17 05:34 - 2017-01-17 05:34 - 00000000 ____D C:\Users\foxte\AppData\Roaming\Mozilla
2017-01-17 05:28 - 2017-01-17 06:05 - 00000000 ____D C:\Users\foxte\AppData\Local\app
2017-01-17 05:25 - 2017-01-19 09:59 - 00000000 ___HD C:\Program Files (x86)\Verifications
2017-01-17 05:19 - 2017-01-17 05:19 - 00140288 _____ C:\Users\foxte\AppData\Roaming\Installer.dat
2017-01-17 05:19 - 2017-01-17 05:19 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-01-17 05:18 - 2017-01-17 05:18 - 00000000 _____ C:\TOSTACK
2017-01-17 04:41 - 2017-01-17 04:41 - 00009216 _____ (Electorate) C:\WINDOWS\vsop.exe
2017-01-17 02:04 - 2017-01-17 02:04 - 00282624 ____H C:\WINDOWS\system32\BIT7D94.tmp
2017-01-17 02:04 - 2017-01-17 02:04 - 00282624 ____H C:\WINDOWS\system32\BIT7D45.tmp
2017-01-17 02:04 - 2017-01-17 02:04 - 00282624 ____H C:\WINDOWS\system32\BIT655A.tmp
2017-01-12 20:37 - 2017-01-12 20:37 - 03884177 _____ C:\Users\foxte\Desktop\movies 2016.mvc
2017-01-12 19:10 - 2017-01-12 19:10 - 00000000 ____D C:\Users\foxte\Documents\Movie Collector
2017-01-12 18:55 - 2017-01-18 12:59 - 00000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForfoxte.job
2017-01-12 18:55 - 2017-01-16 18:55 - 00003256 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForfoxte
2017-01-12 17:39 - 2016-12-21 01:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-12 17:39 - 2016-12-21 00:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-12 17:39 - 2016-12-21 00:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-12 17:39 - 2016-12-21 00:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-12 17:39 - 2016-12-21 00:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-12 17:39 - 2016-12-21 00:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-12 17:39 - 2016-12-21 00:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-12 17:39 - 2016-12-21 00:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-12 17:39 - 2016-12-21 00:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-12 17:39 - 2016-12-21 00:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-12 17:39 - 2016-12-21 00:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-12 17:39 - 2016-12-20 23:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-12 17:39 - 2016-12-20 23:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-12 17:39 - 2016-12-20 23:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-12 17:39 - 2016-12-20 23:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-12 17:39 - 2016-12-20 23:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-12 17:39 - 2016-12-20 22:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-12 17:39 - 2016-12-20 22:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-12 17:39 - 2016-12-20 22:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-12 17:39 - 2016-12-20 21:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-12 17:39 - 2016-12-20 21:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-12 17:39 - 2016-12-20 21:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-12 17:39 - 2016-12-20 21:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-12 17:39 - 2016-12-20 21:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-12 17:39 - 2016-12-20 21:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-12 17:39 - 2016-12-20 21:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-12 17:39 - 2016-12-20 21:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-12 17:39 - 2016-12-13 22:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-12 17:39 - 2016-12-13 22:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-12 17:39 - 2016-12-13 21:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-12 17:39 - 2016-12-13 21:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-12 17:39 - 2016-12-13 21:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-12 17:39 - 2016-12-13 21:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-12 17:39 - 2016-12-13 21:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-12 17:39 - 2016-12-13 21:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-12 17:39 - 2016-12-13 21:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-12 17:39 - 2016-12-13 21:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-12 17:39 - 2016-12-13 21:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-12 17:38 - 2016-12-21 01:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-12 17:38 - 2016-12-21 00:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-12 17:38 - 2016-12-21 00:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-12 17:38 - 2016-12-21 00:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-12 17:38 - 2016-12-21 00:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-12 17:38 - 2016-12-21 00:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-12 17:38 - 2016-12-20 23:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-12 17:38 - 2016-12-20 23:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-12 17:38 - 2016-12-20 23:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-12 17:38 - 2016-12-20 23:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-12 17:38 - 2016-12-20 23:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-12 17:38 - 2016-12-20 23:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-12 17:38 - 2016-12-20 23:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-12 17:38 - 2016-12-20 23:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-12 17:38 - 2016-12-20 21:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-12 17:38 - 2016-12-20 21:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-12 17:38 - 2016-12-20 21:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-12 17:38 - 2016-12-20 21:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-12 17:38 - 2016-12-20 21:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-12 17:38 - 2016-12-20 21:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-12 17:38 - 2016-12-20 21:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-12 17:38 - 2016-12-20 21:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-12 17:38 - 2016-12-20 21:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-12 17:38 - 2016-12-13 22:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-12 17:38 - 2016-12-13 22:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-12 17:38 - 2016-12-13 22:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-12 17:38 - 2016-12-13 22:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-12 17:38 - 2016-12-13 22:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-12 17:38 - 2016-12-13 22:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-12 17:38 - 2016-12-13 22:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-12 17:38 - 2016-12-13 21:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-12 17:38 - 2016-12-13 21:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-12 17:38 - 2016-12-13 21:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-12 17:38 - 2016-12-13 21:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-12 17:38 - 2016-12-13 21:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-12 17:38 - 2016-12-13 21:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-12 17:38 - 2016-12-13 21:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-12 17:38 - 2016-12-13 21:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-12 17:38 - 2016-12-13 21:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-12 17:38 - 2016-12-13 21:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-12 17:38 - 2016-12-13 21:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-12 17:38 - 2016-12-13 21:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-12 17:38 - 2016-12-13 21:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-12 17:38 - 2016-12-13 21:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-12 17:38 - 2016-12-13 21:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-12 17:38 - 2016-12-13 21:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-12 17:38 - 2016-12-13 21:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-12 17:37 - 2016-12-21 01:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-12 17:37 - 2016-12-21 00:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-12 17:37 - 2016-12-21 00:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-12 17:37 - 2016-12-21 00:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-12 17:37 - 2016-12-21 00:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-12 17:37 - 2016-12-21 00:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-12 17:37 - 2016-12-21 00:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-12 17:37 - 2016-12-21 00:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-12 17:37 - 2016-12-21 00:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-12 17:37 - 2016-12-21 00:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-12 17:37 - 2016-12-21 00:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-12 17:37 - 2016-12-21 00:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-12 17:37 - 2016-12-21 00:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-12 17:37 - 2016-12-21 00:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-12 17:37 - 2016-12-21 00:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-12 17:37 - 2016-12-21 00:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-12 17:37 - 2016-12-20 23:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-12 17:37 - 2016-12-20 23:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-12 17:37 - 2016-12-20 23:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-12 17:37 - 2016-12-20 23:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-12 17:37 - 2016-12-20 23:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-12 17:37 - 2016-12-20 23:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-12 17:37 - 2016-12-20 23:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-12 17:37 - 2016-12-20 22:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-12 17:37 - 2016-12-20 22:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-12 17:37 - 2016-12-20 22:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-12 17:37 - 2016-12-20 22:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-12 17:37 - 2016-12-20 22:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-12 17:37 - 2016-12-20 22:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-12 17:37 - 2016-12-20 21:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-12 17:37 - 2016-12-20 21:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-12 17:37 - 2016-12-20 21:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-12 17:37 - 2016-12-20 21:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-12 17:37 - 2016-12-20 21:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-12 17:37 - 2016-12-20 21:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-12 17:37 - 2016-12-20 21:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-12 17:37 - 2016-12-20 21:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-12 17:37 - 2016-12-20 21:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-12 17:37 - 2016-12-20 21:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-12 17:37 - 2016-12-20 21:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-12 17:37 - 2016-12-13 22:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-12 17:37 - 2016-12-13 22:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-12 17:37 - 2016-12-13 22:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-12 17:37 - 2016-12-13 22:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-12 17:37 - 2016-12-13 22:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-12 17:37 - 2016-12-13 22:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-12 17:37 - 2016-12-13 22:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-12 17:37 - 2016-12-13 22:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-12 17:37 - 2016-12-13 22:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-12 17:37 - 2016-12-13 21:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-12 17:37 - 2016-12-13 21:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-12 17:37 - 2016-12-13 21:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-12 17:37 - 2016-12-13 21:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-12 17:37 - 2016-12-13 21:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-12 17:37 - 2016-12-13 21:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-12 17:37 - 2016-12-13 21:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-12 17:37 - 2016-12-13 21:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-12 17:37 - 2016-12-13 21:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-12 17:37 - 2016-12-13 21:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-12 17:37 - 2016-12-13 21:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-12 17:37 - 2016-12-13 21:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-12 17:37 - 2016-12-13 21:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-12 17:37 - 2016-12-13 21:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-12 17:37 - 2016-12-13 21:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-12 17:37 - 2016-12-13 21:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-12 17:37 - 2016-12-13 21:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-12 17:37 - 2016-12-13 21:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-12 17:36 - 2016-12-21 00:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-12 17:36 - 2016-12-21 00:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-12 17:36 - 2016-12-21 00:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-12 17:36 - 2016-12-21 00:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-12 17:36 - 2016-12-21 00:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-12 17:36 - 2016-12-21 00:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-12 17:36 - 2016-12-13 21:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-12 17:36 - 2016-12-13 21:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-12 12:14 - 2017-01-12 12:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-01-12 12:14 - 2017-01-12 12:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-01-12 12:14 - 2017-01-12 12:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-01-10 08:43 - 2017-01-10 08:43 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-01-10 07:39 - 2017-01-10 07:39 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-03 22:25 - 2017-01-03 22:25 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2016-12-31 20:01 - 2016-12-31 20:01 - 00011613 _____ C:\Users\foxte\Documents\quilt.docx
2016-12-30 13:43 - 2016-12-30 13:43 - 00111829 _____ C:\Users\foxte\Documents\dakota Christmas 2016.jpg
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-27 17:44 - 2016-09-22 23:00 - 00000000 ____D C:\FRST
2017-01-27 17:29 - 2016-09-22 13:52 - 00000000 ____D C:\AdwCleaner
2017-01-27 17:29 - 2015-12-25 19:54 - 00000000 ____D C:\ProgramData\Laplink
2017-01-27 17:19 - 2016-09-28 10:01 - 00000000 ____D C:\Users\foxte\AppData\Local\CrashDumps
2017-01-27 17:06 - 2016-09-28 19:49 - 01580694 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-27 17:05 - 2015-12-25 19:53 - 00000000 ___RD C:\Users\foxte\Dropbox
2017-01-27 17:00 - 2015-12-25 19:15 - 00000000 __SHD C:\Users\foxte\IntelGraphicsProfiles
2017-01-27 16:59 - 2016-09-28 20:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-27 16:58 - 2016-07-15 23:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-01-27 16:57 - 2016-09-28 19:51 - 00000000 ____D C:\Users\foxte
2017-01-27 16:51 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-27 16:36 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-27 16:36 - 2015-12-25 19:15 - 00000000 ____D C:\Users\foxte\AppData\Local\Packages
2017-01-27 16:26 - 2016-09-28 19:40 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-27 12:26 - 2015-07-15 23:05 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-27 10:25 - 2016-09-22 14:06 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-26 10:49 - 2016-12-18 15:36 - 00009406 _____ C:\Users\foxte\AppData\Roaming\Comma Separated Values.EML
2017-01-24 19:59 - 2015-12-25 20:11 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-01-24 18:08 - 2016-07-16 04:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-24 16:37 - 2016-09-28 08:38 - 00000000 ____D C:\ProgramData\RogueKiller
2017-01-24 16:37 - 2016-09-28 08:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-01-24 16:37 - 2016-09-28 08:38 - 00000000 ____D C:\Program Files\RogueKiller
2017-01-23 20:32 - 2015-11-29 13:35 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-23 20:18 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-23 18:31 - 2015-12-25 19:22 - 00000000 ___RD C:\Users\foxte\OneDrive
2017-01-22 21:13 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\tracing
2017-01-20 16:36 - 2016-03-05 06:13 - 00002247 _____ C:\Users\Public\Desktop\Advanced SystemCare 9.lnk
2017-01-20 16:28 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-20 16:28 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\TAPI
2017-01-20 16:28 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\Resources
2017-01-20 13:13 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-20 08:41 - 2016-11-24 11:26 - 00001240 _____ C:\Users\Public\Desktop\Smart Defrag 5.lnk
2017-01-20 08:41 - 2016-10-07 07:42 - 00001039 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11 Host.lnk
2017-01-20 08:41 - 2016-10-07 07:42 - 00001033 _____ C:\Users\Public\Desktop\TeamViewer 11 Host.lnk
2017-01-20 08:41 - 2016-09-28 20:01 - 00001507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-01-20 08:41 - 2016-09-22 13:54 - 00001192 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-01-20 08:41 - 2016-09-22 13:44 - 00001477 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-01-20 08:41 - 2016-09-22 13:44 - 00001471 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-01-20 08:41 - 2016-06-18 06:15 - 00002234 _____ C:\Users\Public\Desktop\Driver Booster 3.lnk
2017-01-20 08:41 - 2016-06-09 06:55 - 00001101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2017-01-20 08:41 - 2016-06-09 06:55 - 00001095 _____ C:\Users\Public\Desktop\paint.net.lnk
2017-01-20 08:41 - 2016-03-25 19:42 - 00002035 _____ C:\Users\Public\Desktop\Pulse Ambassador.lnk
2017-01-20 08:41 - 2016-03-12 20:04 - 00002133 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-01-20 08:41 - 2016-03-12 14:58 - 00001184 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2017-01-20 08:41 - 2016-03-05 06:13 - 00001450 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2017-01-20 08:41 - 2016-01-27 21:13 - 00001263 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2017-01-20 08:41 - 2015-12-31 15:14 - 00001921 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2017-01-20 08:41 - 2015-12-26 09:44 - 00001823 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-01-20 08:41 - 2015-12-26 09:40 - 00002567 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-01-20 08:41 - 2015-12-25 20:08 - 00002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-01-20 08:41 - 2015-12-25 20:08 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2017-01-20 08:41 - 2015-12-25 20:08 - 00002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-01-20 08:41 - 2015-12-25 20:08 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-01-20 08:41 - 2015-12-25 20:08 - 00002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-01-20 08:41 - 2015-12-25 20:08 - 00002408 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-01-20 08:41 - 2015-12-25 20:08 - 00002402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-01-20 08:41 - 2015-12-25 20:08 - 00002396 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-01-20 08:41 - 2015-12-25 20:08 - 00002388 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-01-20 08:41 - 2015-12-25 19:16 - 00001292 _____ C:\Users\Public\Desktop\HP Smart Friend.lnk
2017-01-20 08:41 - 2015-11-29 13:30 - 00002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - hp.lnk
2017-01-20 08:41 - 2015-11-29 13:25 - 00002198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk
2017-01-20 02:55 - 2016-09-22 13:44 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-01-19 01:04 - 2016-12-09 15:09 - 00001237 _____ C:\Users\foxte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Defrag.lnk
2017-01-19 01:03 - 2016-11-30 18:27 - 00001194 _____ C:\Users\foxte\Desktop\XFINITY Connect.lnk
2017-01-19 01:03 - 2016-11-30 18:27 - 00001166 _____ C:\Users\foxte\Desktop\Constant Guard Protection Suite.lnk
2017-01-19 01:03 - 2016-11-30 18:27 - 00001160 _____ C:\Users\foxte\Desktop\XFINITY TV.lnk
2017-01-19 01:03 - 2016-01-20 20:42 - 00001323 _____ C:\Users\foxte\Desktop\PES Files - Shortcut.lnk
2017-01-19 01:03 - 2015-12-31 15:06 - 00001480 _____ C:\Users\foxte\Desktop\HP Scan and Capture.lnk
2017-01-19 01:03 - 2015-12-25 19:53 - 00001310 _____ C:\Users\foxte\Desktop\Dropbox.lnk
2017-01-18 19:04 - 2015-12-25 20:10 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-18 13:07 - 2016-09-28 19:40 - 00345608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-18 13:04 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-18 13:04 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-18 13:04 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-18 13:04 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-16 09:10 - 2015-12-26 18:55 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-16 09:05 - 2015-12-26 18:55 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-10 08:43 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-10 08:43 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-01-10 08:41 - 2015-12-25 20:02 - 00000000 ____D C:\Program Files\Microsoft Office
 
==================== Files in the root of some directories =======
 
2017-01-18 15:51 - 2017-01-27 16:26 - 0004260 _____ () C:\Users\jande\AppData\Local\BTServer.log
 
Files to move or delete:
====================
C:\Users\jande\AppData\Local\Temp\DeleteOnReboot.bat
 
 
Some files in TEMP:
====================
2017-01-17 09:48 - 2017-01-17 09:48 - 1178112 _____ () C:\Users\foxte\AppData\Local\Temp\104036690.t.exe
2017-01-18 04:44 - 2017-01-18 04:44 - 1178112 _____ () C:\Users\foxte\AppData\Local\Temp\118138604.t.exe
2017-01-17 23:52 - 2017-01-17 23:52 - 0986624 _____ () C:\Users\foxte\AppData\Local\Temp\128278590.t.exe
2017-01-17 23:52 - 2017-01-17 23:52 - 0986624 _____ () C:\Users\foxte\AppData\Local\Temp\14590002.t.exe
2017-01-18 14:21 - 2017-01-18 14:21 - 1233121 _____ (Cusecebe                                                    ) C:\Users\foxte\AppData\Local\Temp\14C.tmp.exe
2017-01-17 22:16 - 2017-01-17 22:16 - 1178112 _____ () C:\Users\foxte\AppData\Local\Temp\2196758.t.exe
2017-01-18 04:44 - 2017-01-18 04:44 - 1178112 _____ () C:\Users\foxte\AppData\Local\Temp\39554421.t.exe
2017-01-17 22:16 - 2017-01-17 22:16 - 1178112 _____ () C:\Users\foxte\AppData\Local\Temp\48708862.t.exe
2017-01-18 14:27 - 2017-01-18 14:27 - 1233121 _____ (Cusecebe                                                    ) C:\Users\foxte\AppData\Local\Temp\564B.tmp.exe
2017-01-17 09:48 - 2017-01-17 09:48 - 1178112 _____ () C:\Users\foxte\AppData\Local\Temp\89264421.t.exe
2017-01-18 14:00 - 2017-01-18 14:00 - 1233121 _____ (Cusecebe                                                    ) C:\Users\foxte\AppData\Local\Temp\BD19.tmp.exe
2017-01-18 14:16 - 2017-01-18 14:16 - 1233121 _____ (Cusecebe                                                    ) C:\Users\foxte\AppData\Local\Temp\D88.tmp.exe
2017-01-18 14:07 - 2017-01-18 14:07 - 1233121 _____ (Cusecebe                                                    ) C:\Users\foxte\AppData\Local\Temp\F275.tmp.exe
2017-01-17 05:18 - 2017-01-17 05:18 - 0083062 _____ () C:\Users\foxte\AppData\Local\Temp\of.2.exe
2017-01-18 16:05 - 2016-11-11 03:13 - 1886344 _____ (Microsoft Corporation) C:\Users\jande\AppData\Local\Temp\dllnt_dump.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:53 AM

Posted 28 January 2017 - 02:52 PM

Hi towt

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. Please don't install or uninstall anything unless asked.
3. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
4. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.
6. Please follow steps in the correct order.

Step 1
Recommendation.

I recommend that you uninstall the following programs:
  • Advanced SystemCare 9
  • Driver Booster 3.4
  • IObit Malware Fighter 3
  • IObit Uninstaller
  • Smart Defrag 5
  • Surfing Protection
  • Spybot - Search & Destroy
Most of these are not needed and may well cause conflicts on your system.
Plus we haven't recommended Spybot for a long time... due to very poor detection results.

QuickTime

Please uninstall Quicktime for Windows.

It is now a security risk:
Apple is deprecating QuickTime for Microsoft Windows.
They will no longer be issuing security updates for the product on the Windows Platform and as such they recommend users uninstall it.

And because Apple is no longer providing security updates for QuickTime on Windows, the present vulnerabilities are never going to be patched.


Step 2
Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

frstfix_zps7db0c905.png

The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.


Step 3
Please re-run FRST.
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It will also make another log (Addition.txt). Please copy and paste it to your reply also.
In your next reply, please submit:
Fixlog.txt
New set of FRST reports.

also let me know if you are still getting the popups.


Thanks.

Attached Files


Edited by Starbuck, 28 January 2017 - 02:58 PM.

BBPP6nz.png


#3 towt

towt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 28 January 2017 - 08:33 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-01-2017 01
Ran by foxte (ATTENTION: The user is not administrator) on DESKTOP-SLRRCRP (28-01-2017 18:05:55)
Running from C:\Users\foxte\Desktop
Loaded Profiles: foxte (Available Profiles: foxte & jande)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> dwm.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> igfxCUIService.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> hpservice.exe
Failed to access process -> RtkAudioService64.exe
Failed to access process -> RAVBg64.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> dasHost.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> armsvc.exe
Failed to access process -> BTDevMgr.exe
Failed to access process -> LiveUpdate.exe
Failed to access process -> svchost.exe
Failed to access process -> esif_uf.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> HPWMISVC.exe
Failed to access process -> OfficeClickToRun.exe
Failed to access process -> AppleMobileDeviceService.exe
Failed to access process -> SynTPEnhService.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> TeamViewer_Service.exe
Failed to access process -> RichVideo64.exe
Failed to access process -> MsMpEng.exe
Failed to access process -> DbxSvc.exe
Failed to access process -> svchost.exe
Failed to access process -> MBAMService.exe
() C:\Windows\Temp\DPTF\esif_assist_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Failed to access process -> PresentationFontCache.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
Failed to access process -> NisSrv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
Failed to access process -> tv_w32.exe
Failed to access process -> tv_x64.exe
Failed to access process -> svchost.exe
Failed to access process -> WmiPrvSE.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
Failed to access process -> GoogleCrashHandler.exe
Failed to access process -> GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Code 42 Software, Inc.) C:\Users\foxte\AppData\Local\Programs\CrashPlan\CrashPlanTray.exe
Failed to access process -> iPodService.exe
Failed to access process -> aesm_service.exe
(Code 42 Software) C:\Users\foxte\AppData\Local\Programs\CrashPlan\CrashPlanService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> hpqwmiex.exe
Failed to access process -> GamesAppIntegrationService.exe
Failed to access process -> HPSupportSolutionsFrameworkService.exe
Failed to access process -> MpCmdRun.exe
Failed to access process -> jhi_service.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
Failed to access process -> TeamViewer_Desktop.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8783616 2016-02-27] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [229592 2015-07-09] (Realtek Semiconductor Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-28] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [655112 2015-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-09-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26142864 2017-01-18] (Dropbox, Inc.)
HKU\S-1-5-21-1579387160-2240839606-3803936683-1001\...\Run: [CrashPlanTray] => C:\Users\foxte\AppData\Local\Programs\CrashPlan\CrashPlanTray.exe [461184 2016-10-17] (Code 42 Software, Inc.)
HKU\S-1-5-21-1579387160-2240839606-3803936683-1001\...\Run: [Advanced SystemCare 9] => "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
HKU\S-1-5-21-1579387160-2240839606-3803936683-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1579387160-2240839606-3803936683-1001\...\Run: [CrashPlanService] => C:\Users\foxte\AppData\Local\Programs\CrashPlan\CrashPlanService.vbs [543 2016-10-17] ()
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5aa9cb54-17d7-4e73-9abe-c0007dd531ac}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{5aa9cb54-17d7-4e73-9abe-c0007dd531ac}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6669064c-34dc-4543-a0aa-aecdf7c2e7df}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{85aa276d-43c5-4200-a3aa-6aca35d099e2}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{bce8ca6c-b278-4b7f-be15-7f8591da73af}: [DhcpNameServer] 82.163.143.176
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131195452313680642&GUID=60E92502-3512-4FBE-9DCA-88BD9DA6B959
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131195452313701327&GUID=60E92502-3512-4FBE-9DCA-88BD9DA6B959
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-1579387160-2240839606-3803936683-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\S-1-5-21-1579387160-2240839606-3803936683-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1579387160-2240839606-3803936683-1001 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = hxxp://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
 
Edge: 
======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.9.0_neutral__d55gg7py3s0m0 []
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-18] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-25] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=H1Hzftpbl0cshmoBU,3f2403de-c036-4f8f-b736-799bcb34153e,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\foxte\AppData\Local\Google\Chrome\User Data\Default [2017-01-27]
CHR Extension: (Google Slides) - C:\Users\foxte\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-25]
CHR Extension: (Google Docs) - C:\Users\foxte\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-25]
CHR Extension: (Google Drive) - C:\Users\foxte\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-25]
CHR Extension: (YouTube) - C:\Users\foxte\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-25]
CHR Extension: (Adobe Acrobat) - C:\Users\foxte\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-18]
CHR Extension: (Google Sheets) - C:\Users\foxte\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-25]
CHR Extension: (Google Docs Offline) - C:\Users\foxte\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\foxte\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\foxte\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-25]
CHR Extension: (Chrome Media Router) - C:\Users\foxte\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3744904 2015-06-19] (Intel Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [121048 2015-08-27] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [623072 2016-03-18] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-25] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-25] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-01-03] (Dropbox, Inc.)
R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1392792 2016-02-06] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-06-25] (WildTangent)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [604936 2015-08-17] (Hewlett-Packard Development Company, L.P.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-22] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-03-18] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-08-14] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
R3 lmhosts; C:\WINDOWS\System32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 lmhosts; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NlaSvc; C:\WINDOWS\System32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 NlaSvc; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 nsi; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 nsi; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2016-02-27] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260704 2016-09-02] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7496464 2016-09-20] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 busbcrw; C:\WINDOWS\System32\Drivers\bucrw64.sys [25600 2006-10-27] (Brother Industries, Ltd.)
R3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41400 2015-08-31] (CyberLink Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2015-12-26] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2016-02-06] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-26] (REALiX™)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-01-27] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-01-28] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-01-28] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-01-28] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-01-28] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2015-12-26] (Realtek                                            )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [600832 2015-12-26] (Realtek Semiconductor Corporation)
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [761560 2015-12-26] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [5144064 2016-07-16] (Realtek Semiconductor Corporation                           )
S3 SGXEPC; C:\WINDOWS\System32\drivers\sgx_driver.sys [54768 2015-06-19] (Windows ® Win 7 DDK provider)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-27] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [71264 2016-09-02] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-12] (HP)
S3 xtouch; C:\WINDOWS\System32\drivers\xtouch.sys [173080 2016-02-06] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-28 17:32 - 2017-01-28 18:05 - 01388448 _____ C:\Users\Public\ASR.dat
2017-01-28 17:32 - 2017-01-28 17:32 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-28 14:19 - 2017-01-28 14:19 - 00002111 _____ C:\Users\foxte\Desktop\Fixlog.txt
2017-01-28 14:16 - 2017-01-28 14:16 - 02420736 _____ (Farbar) C:\Users\foxte\Desktop\FRST64.exe
2017-01-28 14:16 - 2017-01-28 14:16 - 00000000 ____D C:\Users\foxte\Desktop\FRST-OlderVersion
2017-01-28 14:14 - 2017-01-28 14:14 - 00001736 _____ C:\Users\foxte\Desktop\fixlist.txt
2017-01-28 14:14 - 2017-01-28 14:14 - 00000085 _____ C:\WINDOWS\wininit.ini
2017-01-27 22:07 - 2017-01-27 22:07 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-01-27 22:06 - 2017-01-28 17:32 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-27 22:06 - 2017-01-28 17:32 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-01-27 22:06 - 2017-01-28 17:32 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-27 22:06 - 2017-01-28 17:32 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-27 22:06 - 2017-01-27 22:06 - 00001927 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-27 22:06 - 2017-01-27 22:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-27 22:06 - 2017-01-27 22:06 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-27 22:06 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-27 22:05 - 2017-01-27 22:06 - 55566792 _____ (Malwarebytes ) C:\Users\foxte\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-01-27 17:41 - 2017-01-27 17:48 - 00179732 _____ C:\Users\foxte\Desktop\Addition.txt
2017-01-27 17:39 - 2017-01-28 18:06 - 00026849 _____ C:\Users\foxte\Desktop\FRST.txt
2017-01-27 17:37 - 2017-01-27 17:38 - 01762816 _____ (Farbar) C:\Users\foxte\Downloads\FRST.exe
2017-01-27 17:27 - 2017-01-28 14:10 - 00000000 ____D C:\ProgramData\ProductData
2017-01-27 16:41 - 2017-01-27 16:42 - 01663040 _____ (Malwarebytes) C:\Users\foxte\Downloads\JRT.exe
2017-01-27 16:40 - 2017-01-27 16:41 - 04015056 _____ C:\Users\foxte\Downloads\adwcleaner_6.043.exe
2017-01-27 10:26 - 2017-01-27 10:26 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-01-27 09:53 - 2017-01-27 09:53 - 00059904 _____ C:\Users\foxte\Desktop\New Microsoft Publisher Document.pub
2017-01-27 09:03 - 2017-01-27 09:03 - 00826248 _____ (HP Inc.) C:\Users\foxte\Downloads\HPBRCULauncher.exe
2017-01-24 17:20 - 2016-12-21 00:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-24 17:20 - 2016-12-20 21:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 16:37 - 2017-01-24 16:37 - 00000912 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-01-24 16:36 - 2017-01-24 16:37 - 34726608 _____ (Adlice Software ) C:\Users\foxte\Downloads\setup (2).exe
2017-01-23 20:31 - 2017-01-23 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-23 18:31 - 2017-01-23 18:31 - 00002374 _____ C:\Users\foxte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-20 12:02 - 2017-01-20 12:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-01-20 12:01 - 2017-01-20 12:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-01-20 12:01 - 2017-01-20 12:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-01-20 02:58 - 2017-01-18 13:59 - 00008325 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170120-025826.backup
2017-01-19 23:49 - 2017-01-20 08:41 - 00002475 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-18 19:13 - 2017-01-18 19:13 - 03017720 _____ (Google) C:\Users\foxte\Downloads\chrome_cleanup_tool.exe
2017-01-18 19:13 - 2017-01-18 19:13 - 03017720 _____ (Google) C:\Users\foxte\Desktop\chrome_cleanup_tool.exe
2017-01-18 19:05 - 2017-01-20 08:41 - 00002345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-18 19:03 - 2017-01-18 19:03 - 01065376 _____ (Google Inc.) C:\Users\foxte\Downloads\ChromeSetup (3).exe
2017-01-18 15:51 - 2017-01-28 17:32 - 00000000 ____D C:\Users\jande
2017-01-18 13:47 - 2017-01-18 13:47 - 00795640 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaStorA.sys
2017-01-18 13:26 - 2017-01-18 13:26 - 00000000 ____D C:\f72f146ea9a3f77c598da0c08e395601
2017-01-18 13:10 - 2016-12-22 16:13 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-01-18 13:10 - 2016-12-22 16:13 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-17 16:11 - 2017-01-17 16:11 - 00000000 ____D C:\Users\Public\Documents\Tools
2017-01-17 09:42 - 2017-01-18 15:37 - 00000000 ____D C:\Program Files\COMODO
2017-01-17 09:42 - 2017-01-18 02:27 - 00000000 ____D C:\ProgramData\COMODO
2017-01-17 05:49 - 2017-01-17 05:49 - 00000000 ____D C:\Users\foxte\AppData\Local\CrashRpt
2017-01-17 05:34 - 2017-01-17 05:34 - 00000000 ____D C:\Users\foxte\AppData\Roaming\Mozilla
2017-01-17 05:28 - 2017-01-17 06:05 - 00000000 ____D C:\Users\foxte\AppData\Local\app
2017-01-17 05:25 - 2017-01-19 09:59 - 00000000 ___HD C:\Program Files (x86)\Verifications
2017-01-17 05:19 - 2017-01-17 05:19 - 00140288 _____ C:\Users\foxte\AppData\Roaming\Installer.dat
2017-01-17 05:19 - 2017-01-17 05:19 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-01-17 05:18 - 2017-01-17 05:18 - 00000000 _____ C:\TOSTACK
2017-01-17 04:41 - 2017-01-17 04:41 - 00009216 _____ (Electorate) C:\WINDOWS\vsop.exe
2017-01-12 20:37 - 2017-01-12 20:37 - 03884177 _____ C:\Users\foxte\Desktop\movies 2016.mvc
2017-01-12 19:10 - 2017-01-12 19:10 - 00000000 ____D C:\Users\foxte\Documents\Movie Collector
2017-01-12 18:55 - 2017-01-18 12:59 - 00000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForfoxte.job
2017-01-12 17:39 - 2016-12-21 01:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-12 17:39 - 2016-12-21 00:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-12 17:39 - 2016-12-21 00:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-12 17:39 - 2016-12-21 00:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-12 17:39 - 2016-12-21 00:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-12 17:39 - 2016-12-21 00:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-12 17:39 - 2016-12-21 00:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-12 17:39 - 2016-12-21 00:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-12 17:39 - 2016-12-21 00:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-12 17:39 - 2016-12-21 00:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-12 17:39 - 2016-12-21 00:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-12 17:39 - 2016-12-20 23:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-12 17:39 - 2016-12-20 23:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-12 17:39 - 2016-12-20 23:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-12 17:39 - 2016-12-20 23:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-12 17:39 - 2016-12-20 23:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-12 17:39 - 2016-12-20 22:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-12 17:39 - 2016-12-20 22:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-12 17:39 - 2016-12-20 22:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-12 17:39 - 2016-12-20 21:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-12 17:39 - 2016-12-20 21:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-12 17:39 - 2016-12-20 21:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-12 17:39 - 2016-12-20 21:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-12 17:39 - 2016-12-20 21:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-12 17:39 - 2016-12-20 21:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-12 17:39 - 2016-12-20 21:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-12 17:39 - 2016-12-20 21:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-12 17:39 - 2016-12-13 22:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-12 17:39 - 2016-12-13 22:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-12 17:39 - 2016-12-13 21:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-12 17:39 - 2016-12-13 21:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-12 17:39 - 2016-12-13 21:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-12 17:39 - 2016-12-13 21:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-12 17:39 - 2016-12-13 21:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-12 17:39 - 2016-12-13 21:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-12 17:39 - 2016-12-13 21:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-12 17:39 - 2016-12-13 21:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-12 17:39 - 2016-12-13 21:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-12 17:38 - 2016-12-21 01:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-12 17:38 - 2016-12-21 00:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-12 17:38 - 2016-12-21 00:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-12 17:38 - 2016-12-21 00:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-12 17:38 - 2016-12-21 00:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-12 17:38 - 2016-12-21 00:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-12 17:38 - 2016-12-20 23:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-12 17:38 - 2016-12-20 23:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-12 17:38 - 2016-12-20 23:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-12 17:38 - 2016-12-20 23:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-12 17:38 - 2016-12-20 23:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-12 17:38 - 2016-12-20 23:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-12 17:38 - 2016-12-20 23:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-12 17:38 - 2016-12-20 23:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-12 17:38 - 2016-12-20 21:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-12 17:38 - 2016-12-20 21:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-12 17:38 - 2016-12-20 21:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-12 17:38 - 2016-12-20 21:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-12 17:38 - 2016-12-20 21:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-12 17:38 - 2016-12-20 21:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-12 17:38 - 2016-12-20 21:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-12 17:38 - 2016-12-20 21:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-12 17:38 - 2016-12-20 21:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-12 17:38 - 2016-12-13 22:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-12 17:38 - 2016-12-13 22:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-12 17:38 - 2016-12-13 22:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-12 17:38 - 2016-12-13 22:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-12 17:38 - 2016-12-13 22:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-12 17:38 - 2016-12-13 22:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-12 17:38 - 2016-12-13 22:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-12 17:38 - 2016-12-13 21:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-12 17:38 - 2016-12-13 21:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-12 17:38 - 2016-12-13 21:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-12 17:38 - 2016-12-13 21:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-12 17:38 - 2016-12-13 21:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-12 17:38 - 2016-12-13 21:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-12 17:38 - 2016-12-13 21:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-12 17:38 - 2016-12-13 21:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-12 17:38 - 2016-12-13 21:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-12 17:38 - 2016-12-13 21:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-12 17:38 - 2016-12-13 21:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-12 17:38 - 2016-12-13 21:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-12 17:38 - 2016-12-13 21:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-12 17:38 - 2016-12-13 21:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-12 17:38 - 2016-12-13 21:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-12 17:38 - 2016-12-13 21:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-12 17:38 - 2016-12-13 21:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-12 17:37 - 2016-12-21 01:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-12 17:37 - 2016-12-21 00:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-12 17:37 - 2016-12-21 00:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-12 17:37 - 2016-12-21 00:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-12 17:37 - 2016-12-21 00:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-12 17:37 - 2016-12-21 00:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-12 17:37 - 2016-12-21 00:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-12 17:37 - 2016-12-21 00:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-12 17:37 - 2016-12-21 00:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-12 17:37 - 2016-12-21 00:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-12 17:37 - 2016-12-21 00:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-12 17:37 - 2016-12-21 00:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-12 17:37 - 2016-12-21 00:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-12 17:37 - 2016-12-21 00:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-12 17:37 - 2016-12-21 00:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-12 17:37 - 2016-12-21 00:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-12 17:37 - 2016-12-20 23:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-12 17:37 - 2016-12-20 23:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-12 17:37 - 2016-12-20 23:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-12 17:37 - 2016-12-20 23:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-12 17:37 - 2016-12-20 23:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-12 17:37 - 2016-12-20 23:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-12 17:37 - 2016-12-20 23:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-12 17:37 - 2016-12-20 22:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-12 17:37 - 2016-12-20 22:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-12 17:37 - 2016-12-20 22:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-12 17:37 - 2016-12-20 22:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-12 17:37 - 2016-12-20 22:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-12 17:37 - 2016-12-20 22:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-12 17:37 - 2016-12-20 21:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-12 17:37 - 2016-12-20 21:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-12 17:37 - 2016-12-20 21:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-12 17:37 - 2016-12-20 21:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-12 17:37 - 2016-12-20 21:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-12 17:37 - 2016-12-20 21:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-12 17:37 - 2016-12-20 21:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-12 17:37 - 2016-12-20 21:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-12 17:37 - 2016-12-20 21:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-12 17:37 - 2016-12-20 21:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-12 17:37 - 2016-12-20 21:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-12 17:37 - 2016-12-13 22:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-12 17:37 - 2016-12-13 22:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-12 17:37 - 2016-12-13 22:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-12 17:37 - 2016-12-13 22:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-12 17:37 - 2016-12-13 22:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-12 17:37 - 2016-12-13 22:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-12 17:37 - 2016-12-13 22:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-12 17:37 - 2016-12-13 22:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-12 17:37 - 2016-12-13 22:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-12 17:37 - 2016-12-13 21:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-12 17:37 - 2016-12-13 21:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-12 17:37 - 2016-12-13 21:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-12 17:37 - 2016-12-13 21:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-12 17:37 - 2016-12-13 21:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-12 17:37 - 2016-12-13 21:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-12 17:37 - 2016-12-13 21:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-12 17:37 - 2016-12-13 21:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-12 17:37 - 2016-12-13 21:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-12 17:37 - 2016-12-13 21:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-12 17:37 - 2016-12-13 21:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-12 17:37 - 2016-12-13 21:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-12 17:37 - 2016-12-13 21:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-12 17:37 - 2016-12-13 21:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-12 17:37 - 2016-12-13 21:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-12 17:37 - 2016-12-13 21:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-12 17:37 - 2016-12-13 21:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-12 17:37 - 2016-12-13 21:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-12 17:36 - 2016-12-21 00:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-12 17:36 - 2016-12-21 00:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-12 17:36 - 2016-12-21 00:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-12 17:36 - 2016-12-21 00:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-12 17:36 - 2016-12-21 00:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-12 17:36 - 2016-12-21 00:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-12 17:36 - 2016-12-13 21:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-12 17:36 - 2016-12-13 21:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-12 12:14 - 2017-01-12 12:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-01-12 12:14 - 2017-01-12 12:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-01-12 12:14 - 2017-01-12 12:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-01-10 08:43 - 2017-01-10 08:43 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-01-03 22:25 - 2017-01-03 22:25 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2016-12-31 20:01 - 2016-12-31 20:01 - 00011613 _____ C:\Users\foxte\Documents\quilt.docx
2016-12-30 13:43 - 2016-12-30 13:43 - 00111829 _____ C:\Users\foxte\Documents\dakota Christmas 2016.jpg
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-28 18:05 - 2016-09-28 19:40 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-28 18:05 - 2015-12-25 20:11 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-01-28 17:37 - 2016-09-28 19:49 - 01602240 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-28 17:33 - 2015-12-25 19:53 - 00000000 ___RD C:\Users\foxte\Dropbox
2017-01-28 17:32 - 2015-12-25 19:15 - 00000000 __SHD C:\Users\foxte\IntelGraphicsProfiles
2017-01-28 17:31 - 2016-09-28 19:51 - 00000000 ____D C:\Users\foxte
2017-01-28 17:30 - 2016-09-28 20:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-28 17:29 - 2016-09-22 13:44 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-01-28 17:29 - 2015-12-26 08:39 - 00000000 ____D C:\Program Files (x86)\IObit
2017-01-28 17:12 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-28 14:19 - 2016-09-22 23:00 - 00000000 ____D C:\FRST
2017-01-28 14:14 - 2016-09-22 13:44 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-01-28 14:13 - 2015-12-26 08:40 - 00000000 ____D C:\ProgramData\IObit
2017-01-28 07:56 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-27 22:06 - 2016-09-22 13:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-27 17:29 - 2016-09-22 13:52 - 00000000 ____D C:\AdwCleaner
2017-01-27 17:29 - 2015-12-25 19:54 - 00000000 ____D C:\ProgramData\Laplink
2017-01-27 17:19 - 2016-09-28 10:01 - 00000000 ____D C:\Users\foxte\AppData\Local\CrashDumps
2017-01-27 16:36 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-27 16:36 - 2015-12-25 19:15 - 00000000 ____D C:\Users\foxte\AppData\Local\Packages
2017-01-27 12:26 - 2015-07-15 23:05 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-26 10:49 - 2016-12-18 15:36 - 00009406 _____ C:\Users\foxte\AppData\Roaming\Comma Separated Values.EML
2017-01-24 18:08 - 2016-07-16 04:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-24 16:37 - 2016-09-28 08:38 - 00000000 ____D C:\ProgramData\RogueKiller
2017-01-24 16:37 - 2016-09-28 08:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-01-24 16:37 - 2016-09-28 08:38 - 00000000 ____D C:\Program Files\RogueKiller
2017-01-23 20:32 - 2015-11-29 13:35 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-23 20:18 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-23 18:31 - 2015-12-25 19:22 - 00000000 ___RD C:\Users\foxte\OneDrive
2017-01-22 21:13 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\tracing
2017-01-20 16:28 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-20 16:28 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\TAPI
2017-01-20 16:28 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\Resources
2017-01-20 13:13 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-20 08:41 - 2016-10-07 07:42 - 00001039 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11 Host.lnk
2017-01-20 08:41 - 2016-10-07 07:42 - 00001033 _____ C:\Users\Public\Desktop\TeamViewer 11 Host.lnk
2017-01-20 08:41 - 2016-09-28 20:01 - 00001507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-01-20 08:41 - 2016-06-09 06:55 - 00001101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2017-01-20 08:41 - 2016-06-09 06:55 - 00001095 _____ C:\Users\Public\Desktop\paint.net.lnk
2017-01-20 08:41 - 2016-03-25 19:42 - 00002035 _____ C:\Users\Public\Desktop\Pulse Ambassador.lnk
2017-01-20 08:41 - 2016-03-12 20:04 - 00002133 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-01-20 08:41 - 2016-03-12 14:58 - 00001184 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2017-01-20 08:41 - 2015-12-26 09:44 - 00001823 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-01-20 08:41 - 2015-12-26 09:40 - 00002567 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-01-20 08:41 - 2015-12-25 20:08 - 00002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-01-20 08:41 - 2015-12-25 20:08 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2017-01-20 08:41 - 2015-12-25 20:08 - 00002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-01-20 08:41 - 2015-12-25 20:08 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-01-20 08:41 - 2015-12-25 20:08 - 00002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-01-20 08:41 - 2015-12-25 20:08 - 00002408 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-01-20 08:41 - 2015-12-25 20:08 - 00002402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-01-20 08:41 - 2015-12-25 20:08 - 00002396 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-01-20 08:41 - 2015-12-25 20:08 - 00002388 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-01-20 08:41 - 2015-12-25 19:16 - 00001292 _____ C:\Users\Public\Desktop\HP Smart Friend.lnk
2017-01-20 08:41 - 2015-11-29 13:30 - 00002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - hp.lnk
2017-01-20 08:41 - 2015-11-29 13:25 - 00002198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk
2017-01-19 01:04 - 2016-12-09 15:09 - 00001237 _____ C:\Users\foxte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Defrag.lnk
2017-01-19 01:03 - 2016-11-30 18:27 - 00001194 _____ C:\Users\foxte\Desktop\XFINITY Connect.lnk
2017-01-19 01:03 - 2016-11-30 18:27 - 00001166 _____ C:\Users\foxte\Desktop\Constant Guard Protection Suite.lnk
2017-01-19 01:03 - 2016-11-30 18:27 - 00001160 _____ C:\Users\foxte\Desktop\XFINITY TV.lnk
2017-01-19 01:03 - 2016-01-20 20:42 - 00001323 _____ C:\Users\foxte\Desktop\PES Files - Shortcut.lnk
2017-01-19 01:03 - 2015-12-31 15:06 - 00001480 _____ C:\Users\foxte\Desktop\HP Scan and Capture.lnk
2017-01-19 01:03 - 2015-12-25 19:53 - 00001310 _____ C:\Users\foxte\Desktop\Dropbox.lnk
2017-01-18 19:04 - 2015-12-25 20:10 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-18 13:07 - 2016-09-28 19:40 - 00345608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-18 13:04 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-18 13:04 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-18 13:04 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-18 13:04 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-16 09:10 - 2015-12-26 18:55 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-16 09:05 - 2015-12-26 18:55 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-10 08:43 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-10 08:43 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-01-10 08:41 - 2015-12-25 20:02 - 00000000 ____D C:\Program Files\Microsoft Office
 
==================== Files in the root of some directories =======
 
2015-12-27 16:55 - 2015-12-27 16:55 - 0038516 _____ () C:\Users\foxte\AppData\Roaming\Comma Separated Values.ADR
2016-12-18 15:36 - 2017-01-26 10:49 - 0009406 _____ () C:\Users\foxte\AppData\Roaming\Comma Separated Values.EML
2017-01-17 05:19 - 2017-01-17 05:19 - 0140288 _____ () C:\Users\foxte\AppData\Roaming\Installer.dat
2016-09-18 10:12 - 2016-09-18 10:12 - 0000045 _____ () C:\Users\foxte\AppData\Roaming\WB.CFG
2016-09-25 13:18 - 2017-01-28 17:32 - 0249740 _____ () C:\Users\foxte\AppData\Local\BTServer.log
 
Files to move or delete:
====================
C:\Users\Public\ASR.dat
 
 
Some files in TEMP:
====================
2017-01-17 09:48 - 2017-01-17 09:48 - 1178112 _____ () C:\Users\foxte\AppData\Local\Temp\89264421.t.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD. The user is not administrator
 
==================== End of FRST.txt ============================

Attached Files


Edited by towt, 28 January 2017 - 08:40 PM.


#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:53 AM

Posted 29 January 2017 - 07:17 AM

Hi towt

The errors in the FRST report were caused because you didn't run FRST from an Administrator account.

The first FRST report:

Ran by jande (administrator) on DESKTOP-SLRRCRP (27-01-2017 17:44:32)
Running from C:\Users\foxte\Desktop
Loaded Profiles: foxte & jande (Available Profiles: foxte & jande)

The latest FRST report:

Ran by foxte (ATTENTION: The user is not administrator) on DESKTOP-SLRRCRP (28-01-2017 18:05:55)
Running from C:\Users\foxte\Desktop
Loaded Profiles: foxte (Available Profiles: foxte & jande)


Not quite sure how you have this set up as the Jande profile should really be running from the Jande Desktop.

foxte (S-1-5-21-1579387160-2240839606-3803936683-1001 - Limited - Enabled) => C:\Users\foxte
Guest (S-1-5-21-1579387160-2240839606-3803936683-501 - Limited - Disabled)
jande (S-1-5-21-1579387160-2240839606-3803936683-1002 - Administrator - Enabled) => C:\Users\jande

anyway, FRST needs to be run (along with all of our tools) from an Administrator account.
Please follow all of the instructions in Post#2 again.... but make sure that you use the Admin account.

Thanks

Edited by Starbuck, 29 January 2017 - 07:18 AM.

BBPP6nz.png


#5 towt

towt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 29 January 2017 - 06:12 PM

Reposting running program as admin

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by jande (administrator) on DESKTOP-SLRRCRP (29-01-2017 16:12:13)
Running from C:\Users\foxte\Desktop
Loaded Profiles: foxte & jande (Available Profiles: foxte & jande)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Code 42 Software, Inc.) C:\Users\foxte\AppData\Local\Programs\CrashPlan\CrashPlanTray.exe
(Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Code 42 Software) C:\Users\foxte\AppData\Local\Programs\CrashPlan\CrashPlanService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_42ff55c9655f38bf\TiWorker.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8783616 2016-02-27] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [229592 2015-07-09] (Realtek Semiconductor Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-28] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [655112 2015-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-09-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26142864 2017-01-18] (Dropbox, Inc.)
HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp
HKU\S-1-5-21-1579387160-2240839606-3803936683-1001\...\Run: [CrashPlanTray] => C:\Users\foxte\AppData\Local\Programs\CrashPlan\CrashPlanTray.exe [461184 2016-10-17] (Code 42 Software, Inc.)
HKU\S-1-5-21-1579387160-2240839606-3803936683-1001\...\Run: [Advanced SystemCare 9] => "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
HKU\S-1-5-21-1579387160-2240839606-3803936683-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1579387160-2240839606-3803936683-1001\...\Run: [CrashPlanService] => C:\Users\foxte\AppData\Local\Programs\CrashPlan\CrashPlanService.vbs [543 2016-10-17] ()
HKU\S-1-5-21-1579387160-2240839606-3803936683-1002\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[C3].txt
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5aa9cb54-17d7-4e73-9abe-c0007dd531ac}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{5aa9cb54-17d7-4e73-9abe-c0007dd531ac}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6669064c-34dc-4543-a0aa-aecdf7c2e7df}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{85aa276d-43c5-4200-a3aa-6aca35d099e2}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{bce8ca6c-b278-4b7f-be15-7f8591da73af}: [DhcpNameServer] 82.163.143.176
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131195452313680642&GUID=60E92502-3512-4FBE-9DCA-88BD9DA6B959
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131195452313701327&GUID=60E92502-3512-4FBE-9DCA-88BD9DA6B959
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-1579387160-2240839606-3803936683-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-1579387160-2240839606-3803936683-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-1579387160-2240839606-3803936683-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1579387160-2240839606-3803936683-1001 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = hxxp://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-18] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-25] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default [2017-01-29]
CHR Extension: (Google Slides) - C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-18]
CHR Extension: (Google Docs) - C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-18]
CHR Extension: (Google Drive) - C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-18]
CHR Extension: (YouTube) - C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-18]
CHR Extension: (Adobe Acrobat) - C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-18]
CHR Extension: (Google Sheets) - C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-18]
CHR Extension: (Google Docs Offline) - C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-18]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

 

Attached Files


Edited by towt, 29 January 2017 - 06:13 PM.


#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:53 AM

Posted 30 January 2017 - 01:04 PM

Hi towt

Unfortunately the main Frst report seems to have been cut off.
Can you please post it again for me.

Also, are you still getting the popups?

Thanks

BBPP6nz.png


#7 towt

towt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 31 January 2017 - 03:03 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by jande (administrator) on DESKTOP-SLRRCRP (31-01-2017 08:28:52)
Running from C:\Users\foxte\Desktop
Loaded Profiles: foxte & jande (Available Profiles: foxte & jande)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Code 42 Software, Inc.) C:\Users\foxte\AppData\Local\Programs\CrashPlan\CrashPlanTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Code 42 Software) C:\Users\foxte\AppData\Local\Programs\CrashPlan\CrashPlanService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8783616 2016-02-27] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [229592 2015-07-09] (Realtek Semiconductor Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-28] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [655112 2015-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-09-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26142864 2017-01-18] (Dropbox, Inc.)
HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp
HKU\S-1-5-21-1579387160-2240839606-3803936683-1001\...\Run: [CrashPlanTray] => C:\Users\foxte\AppData\Local\Programs\CrashPlan\CrashPlanTray.exe [461184 2016-10-17] (Code 42 Software, Inc.)
HKU\S-1-5-21-1579387160-2240839606-3803936683-1001\...\Run: [Advanced SystemCare 9] => "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
HKU\S-1-5-21-1579387160-2240839606-3803936683-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1579387160-2240839606-3803936683-1001\...\Run: [CrashPlanService] => C:\Users\foxte\AppData\Local\Programs\CrashPlan\CrashPlanService.vbs [543 2016-10-17] ()
HKU\S-1-5-21-1579387160-2240839606-3803936683-1002\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[C3].txt
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5aa9cb54-17d7-4e73-9abe-c0007dd531ac}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{5aa9cb54-17d7-4e73-9abe-c0007dd531ac}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6669064c-34dc-4543-a0aa-aecdf7c2e7df}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{85aa276d-43c5-4200-a3aa-6aca35d099e2}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{bce8ca6c-b278-4b7f-be15-7f8591da73af}: [DhcpNameServer] 82.163.143.176
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131195452313680642&GUID=60E92502-3512-4FBE-9DCA-88BD9DA6B959
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131195452313701327&GUID=60E92502-3512-4FBE-9DCA-88BD9DA6B959
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-1579387160-2240839606-3803936683-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-1579387160-2240839606-3803936683-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-1579387160-2240839606-3803936683-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1579387160-2240839606-3803936683-1001 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = hxxp://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-18] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-25] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default [2017-01-29]
CHR Extension: (Google Slides) - C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-18]
CHR Extension: (Google Docs) - C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-18]
CHR Extension: (Google Drive) - C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-18]
CHR Extension: (YouTube) - C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-18]
CHR Extension: (Adobe Acrobat) - C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-18]
CHR Extension: (Google Sheets) - C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-18]
CHR Extension: (Google Docs Offline) - C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\jande\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-18]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3744904 2015-06-19] (Intel Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [121048 2015-08-27] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [623072 2016-03-18] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-25] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-25] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-01-03] (Dropbox, Inc.)
R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1392792 2016-02-06] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-06-25] (WildTangent)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [604936 2015-08-17] (Hewlett-Packard Development Company, L.P.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-22] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-03-18] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-08-14] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2016-02-27] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260704 2016-09-02] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7496464 2016-09-20] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 busbcrw; C:\WINDOWS\System32\Drivers\bucrw64.sys [25600 2006-10-27] (Brother Industries, Ltd.)
R3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41400 2015-08-31] (CyberLink Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2015-12-26] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2016-02-06] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-26] (REALiX™)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-01-27] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-01-29] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-01-29] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-01-29] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-01-30] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2015-12-26] (Realtek                                            )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [600832 2015-12-26] (Realtek Semiconductor Corporation)
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [761560 2015-12-26] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [5144064 2016-07-16] (Realtek Semiconductor Corporation                           )
S3 SGXEPC; C:\WINDOWS\System32\drivers\sgx_driver.sys [54768 2015-06-19] (Windows ® Win 7 DDK provider)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-27] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [71264 2016-09-02] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-12] (HP)
S3 xtouch; C:\WINDOWS\System32\drivers\xtouch.sys [173080 2016-02-06] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-30 08:15 - 2017-01-30 08:15 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-29 16:04 - 2017-01-30 19:44 - 01388448 _____ C:\Users\Public\ASR.dat
2017-01-29 15:51 - 2017-01-29 15:52 - 00005177 _____ C:\Users\foxte\Desktop\Fixlog.txt
2017-01-29 15:51 - 2017-01-29 15:51 - 02420736 _____ (Farbar) C:\Users\foxte\Desktop\FRST64.exe
2017-01-28 14:19 - 2017-01-28 14:19 - 00000000 ____D C:\Users\jande\AppData\Local\CrashDumps
2017-01-28 14:16 - 2017-01-29 15:51 - 00000000 ____D C:\Users\foxte\Desktop\FRST-OlderVersion
2017-01-28 14:14 - 2017-01-28 14:14 - 00000085 _____ C:\WINDOWS\wininit.ini
2017-01-27 22:07 - 2017-01-27 22:07 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-01-27 22:06 - 2017-01-30 19:07 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-27 22:06 - 2017-01-29 16:03 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-27 22:06 - 2017-01-29 16:03 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-01-27 22:06 - 2017-01-29 16:03 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-27 22:06 - 2017-01-27 22:06 - 00001927 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-27 22:06 - 2017-01-27 22:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-27 22:06 - 2017-01-27 22:06 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-27 22:06 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-27 22:05 - 2017-01-27 22:06 - 55566792 _____ (Malwarebytes ) C:\Users\foxte\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-01-27 17:41 - 2017-01-30 15:07 - 00184727 _____ C:\Users\foxte\Desktop\Addition.txt
2017-01-27 17:39 - 2017-01-31 08:29 - 00025547 _____ C:\Users\foxte\Desktop\FRST.txt
2017-01-27 17:37 - 2017-01-27 17:38 - 01762816 _____ (Farbar) C:\Users\foxte\Downloads\FRST.exe
2017-01-27 17:27 - 2017-01-28 14:10 - 00000000 ____D C:\ProgramData\ProductData
2017-01-27 17:27 - 2017-01-27 17:27 - 00000000 ____D C:\Users\jande\AppData\Roaming\ProductData
2017-01-27 16:45 - 2017-01-27 17:26 - 00000670 _____ C:\Users\jande\Desktop\JRT.txt
2017-01-27 16:41 - 2017-01-27 16:42 - 01663040 _____ (Malwarebytes) C:\Users\foxte\Downloads\JRT.exe
2017-01-27 16:40 - 2017-01-27 16:41 - 04015056 _____ C:\Users\foxte\Downloads\adwcleaner_6.043.exe
2017-01-27 12:53 - 2017-01-27 12:53 - 00000000 ____D C:\Users\jande\AppData\Local\PackageStaging
2017-01-27 12:47 - 2017-01-27 12:47 - 00000000 ____D C:\Users\jande\AppData\Roaming\Hewlett-Packard
2017-01-27 10:26 - 2017-01-27 12:51 - 00000000 ____D C:\Users\jande\AppData\Roaming\DropboxOEM
2017-01-27 10:26 - 2017-01-27 10:26 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-01-27 10:25 - 2017-01-27 10:25 - 00002374 _____ C:\Users\jande\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-27 09:53 - 2017-01-27 09:53 - 00059904 _____ C:\Users\foxte\Desktop\New Microsoft Publisher Document.pub
2017-01-27 09:03 - 2017-01-27 09:03 - 00826248 _____ (HP Inc.) C:\Users\foxte\Downloads\HPBRCULauncher.exe
2017-01-24 17:20 - 2016-12-21 00:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-24 17:20 - 2016-12-20 21:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 16:37 - 2017-01-24 16:37 - 00000912 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-01-24 16:36 - 2017-01-24 16:37 - 34726608 _____ (Adlice Software ) C:\Users\foxte\Downloads\setup (2).exe
2017-01-23 20:31 - 2017-01-23 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-23 18:31 - 2017-01-23 18:31 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-23 18:31 - 2017-01-23 18:31 - 00002374 _____ C:\Users\foxte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-20 12:02 - 2017-01-20 12:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-01-20 12:01 - 2017-01-20 12:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-01-20 12:01 - 2017-01-20 12:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-01-20 02:58 - 2017-01-18 13:59 - 00008325 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170120-025826.backup
2017-01-19 23:49 - 2017-01-20 08:41 - 00002475 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-18 19:13 - 2017-01-18 19:13 - 03017720 _____ (Google) C:\Users\foxte\Downloads\chrome_cleanup_tool.exe
2017-01-18 19:13 - 2017-01-18 19:13 - 03017720 _____ (Google) C:\Users\foxte\Desktop\chrome_cleanup_tool.exe
2017-01-18 19:05 - 2017-01-20 08:41 - 00002345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-18 19:04 - 2017-01-18 19:18 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-18 19:04 - 2017-01-18 19:18 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-18 19:03 - 2017-01-18 19:03 - 01065376 _____ (Google Inc.) C:\Users\foxte\Downloads\ChromeSetup (3).exe
2017-01-18 17:14 - 2017-01-18 17:14 - 01065376 _____ (Google Inc.) C:\Users\jande\Downloads\ChromeSetup.exe
2017-01-18 17:12 - 2017-01-18 17:12 - 00000000 ____D C:\Users\jande\AppData\Local\MicrosoftEdge
2017-01-18 16:33 - 2017-01-18 16:33 - 00000000 ____D C:\Users\jande\AppData\Local\NetworkTiles
2017-01-18 16:00 - 2017-01-27 10:25 - 00000000 ___RD C:\Users\jande\OneDrive
2017-01-18 16:00 - 2017-01-18 16:00 - 00000000 ____D C:\Users\jande\AppData\Roaming\Skype
2017-01-18 15:58 - 2017-01-18 15:58 - 00000000 ____D C:\Users\jande\AppData\Local\Hewlett-Packard
2017-01-18 15:58 - 2017-01-18 15:58 - 00000000 ____D C:\Users\jande\AppData\Local\DropboxOEM
2017-01-18 15:56 - 2017-01-18 15:56 - 00000000 ____D C:\Users\jande\AppData\Local\Comms
2017-01-18 15:55 - 2017-01-28 14:11 - 00000000 ____D C:\Users\jande\AppData\LocalLow\IObit
2017-01-18 15:55 - 2017-01-18 15:56 - 00000000 ____D C:\Users\jande\AppData\Local\Dropbox
2017-01-18 15:55 - 2017-01-18 15:55 - 00000000 ____D C:\Users\jande\AppData\Roaming\Macromedia
2017-01-18 15:55 - 2017-01-18 15:55 - 00000000 ____D C:\Users\jande\AppData\Local\CyberLink
2017-01-18 15:54 - 2017-01-28 14:11 - 00000000 ____D C:\Users\jande\AppData\Roaming\Apple Computer
2017-01-18 15:52 - 2017-01-27 13:07 - 00000000 ____D C:\Users\jande\AppData\Local\Packages
2017-01-18 15:52 - 2017-01-18 19:18 - 00000000 ____D C:\Users\jande\AppData\Local\Google
2017-01-18 15:52 - 2017-01-18 15:52 - 00000000 ____D C:\Users\jande\AppData\Roaming\Adobe
2017-01-18 15:52 - 2017-01-18 15:52 - 00000000 ____D C:\Users\jande\AppData\Local\VirtualStore
2017-01-18 15:52 - 2017-01-18 15:52 - 00000000 ____D C:\Users\jande\AppData\Local\Publishers
2017-01-18 15:51 - 2017-01-28 17:32 - 00000000 ____D C:\Users\jande
2017-01-18 15:51 - 2017-01-28 14:10 - 00000000 ____D C:\Users\jande\AppData\Roaming\IObit
2017-01-18 15:51 - 2017-01-27 10:23 - 00000000 __SHD C:\Users\jande\IntelGraphicsProfiles
2017-01-18 15:51 - 2017-01-18 16:03 - 00000000 ____D C:\Users\jande\AppData\Local\ConnectedDevicesPlatform
2017-01-18 15:51 - 2017-01-18 15:51 - 00000020 ___SH C:\Users\jande\ntuser.ini
2017-01-18 15:51 - 2017-01-18 15:51 - 00000000 _SHDL C:\Users\jande\My Documents
2017-01-18 15:51 - 2017-01-18 15:51 - 00000000 _SHDL C:\Users\jande\Documents\My Videos
2017-01-18 15:51 - 2017-01-18 15:51 - 00000000 _SHDL C:\Users\jande\Documents\My Pictures
2017-01-18 15:51 - 2017-01-18 15:51 - 00000000 _SHDL C:\Users\jande\Documents\My Music
2017-01-18 15:51 - 2017-01-18 15:51 - 00000000 ____D C:\Users\jande\Documents\My Bluetooth
2017-01-18 15:51 - 2017-01-18 15:51 - 00000000 ____D C:\Users\jande\AppData\Roaming\Synaptics
2017-01-18 15:51 - 2017-01-18 15:51 - 00000000 ____D C:\Users\jande\AppData\Local\TileDataLayer
2017-01-18 15:51 - 2016-09-28 20:01 - 00000000 ____D C:\Users\jande\Documents\SmartScreen
2017-01-18 15:51 - 2016-09-28 20:01 - 00000000 ____D C:\Users\jande\Documents\hp.system.package.metadata
2017-01-18 15:51 - 2016-09-28 20:01 - 00000000 ____D C:\Users\jande\Documents\hp.applications.package.appdata
2017-01-18 15:51 - 2016-09-28 20:01 - 00000000 ____D C:\Users\jande\Act
2017-01-18 15:51 - 2016-09-13 05:15 - 00000040 _____ C:\Users\jande\Downloads\Thankyou.bat
2017-01-18 13:58 - 2017-01-18 13:58 - 112283648 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2017-01-18 13:58 - 2017-01-18 13:58 - 00438272 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2017-01-18 13:58 - 2017-01-18 13:58 - 00036864 _____ C:\WINDOWS\system32\config\SAM.iobit
2017-01-18 13:58 - 2017-01-18 13:58 - 00028672 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2017-01-18 13:47 - 2017-01-18 13:47 - 00795640 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaStorA.sys
2017-01-18 13:26 - 2017-01-18 13:26 - 00000000 ____D C:\f72f146ea9a3f77c598da0c08e395601
2017-01-18 13:10 - 2016-12-22 16:13 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-01-18 13:10 - 2016-12-22 16:13 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-17 16:11 - 2017-01-17 16:11 - 00000000 ____D C:\Users\Public\Documents\Tools
2017-01-17 09:42 - 2017-01-18 15:37 - 00000000 ____D C:\Program Files\COMODO
2017-01-17 09:42 - 2017-01-18 02:27 - 00000000 ____D C:\ProgramData\COMODO
2017-01-17 05:49 - 2017-01-17 05:49 - 00000000 ____D C:\Users\foxte\AppData\Local\CrashRpt
2017-01-17 05:34 - 2017-01-17 05:34 - 00000000 ____D C:\Users\foxte\AppData\Roaming\Mozilla
2017-01-17 05:28 - 2017-01-17 06:05 - 00000000 ____D C:\Users\foxte\AppData\Local\app
2017-01-17 05:25 - 2017-01-19 09:59 - 00000000 ___HD C:\Program Files (x86)\Verifications
2017-01-17 05:19 - 2017-01-17 05:19 - 00140288 _____ C:\Users\foxte\AppData\Roaming\Installer.dat
2017-01-17 05:19 - 2017-01-17 05:19 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-01-17 05:18 - 2017-01-17 05:18 - 00000000 _____ C:\TOSTACK
2017-01-17 04:41 - 2017-01-17 04:41 - 00009216 _____ (Electorate) C:\WINDOWS\vsop.exe
2017-01-12 20:37 - 2017-01-12 20:37 - 03884177 _____ C:\Users\foxte\Desktop\movies 2016.mvc
2017-01-12 19:10 - 2017-01-12 19:10 - 00000000 ____D C:\Users\foxte\Documents\Movie Collector
2017-01-12 18:55 - 2017-01-18 12:59 - 00000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForfoxte.job
2017-01-12 18:55 - 2017-01-16 18:55 - 00003256 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForfoxte
2017-01-12 17:39 - 2016-12-21 01:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-12 17:39 - 2016-12-21 00:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-12 17:39 - 2016-12-21 00:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-12 17:39 - 2016-12-21 00:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-12 17:39 - 2016-12-21 00:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-12 17:39 - 2016-12-21 00:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-12 17:39 - 2016-12-21 00:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-12 17:39 - 2016-12-21 00:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-12 17:39 - 2016-12-21 00:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-12 17:39 - 2016-12-21 00:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-12 17:39 - 2016-12-21 00:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-12 17:39 - 2016-12-20 23:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-12 17:39 - 2016-12-20 23:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-12 17:39 - 2016-12-20 23:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-12 17:39 - 2016-12-20 23:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-12 17:39 - 2016-12-20 23:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-12 17:39 - 2016-12-20 22:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-12 17:39 - 2016-12-20 22:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-12 17:39 - 2016-12-20 22:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-12 17:39 - 2016-12-20 21:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-12 17:39 - 2016-12-20 21:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-12 17:39 - 2016-12-20 21:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-12 17:39 - 2016-12-20 21:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-12 17:39 - 2016-12-20 21:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-12 17:39 - 2016-12-20 21:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-12 17:39 - 2016-12-20 21:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-12 17:39 - 2016-12-20 21:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-12 17:39 - 2016-12-13 22:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-12 17:39 - 2016-12-13 22:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-12 17:39 - 2016-12-13 21:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-12 17:39 - 2016-12-13 21:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-12 17:39 - 2016-12-13 21:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-12 17:39 - 2016-12-13 21:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-12 17:39 - 2016-12-13 21:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-12 17:39 - 2016-12-13 21:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-12 17:39 - 2016-12-13 21:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-12 17:39 - 2016-12-13 21:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-12 17:39 - 2016-12-13 21:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-12 17:38 - 2016-12-21 01:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-12 17:38 - 2016-12-21 00:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-12 17:38 - 2016-12-21 00:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-12 17:38 - 2016-12-21 00:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-12 17:38 - 2016-12-21 00:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-12 17:38 - 2016-12-21 00:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-12 17:38 - 2016-12-20 23:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-12 17:38 - 2016-12-20 23:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-12 17:38 - 2016-12-20 23:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-12 17:38 - 2016-12-20 23:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-12 17:38 - 2016-12-20 23:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-12 17:38 - 2016-12-20 23:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-12 17:38 - 2016-12-20 23:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-12 17:38 - 2016-12-20 23:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-12 17:38 - 2016-12-20 21:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-12 17:38 - 2016-12-20 21:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-12 17:38 - 2016-12-20 21:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-12 17:38 - 2016-12-20 21:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-12 17:38 - 2016-12-20 21:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-12 17:38 - 2016-12-20 21:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-12 17:38 - 2016-12-20 21:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-12 17:38 - 2016-12-20 21:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-12 17:38 - 2016-12-20 21:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-12 17:38 - 2016-12-13 22:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-12 17:38 - 2016-12-13 22:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-12 17:38 - 2016-12-13 22:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-12 17:38 - 2016-12-13 22:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-12 17:38 - 2016-12-13 22:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-12 17:38 - 2016-12-13 22:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-12 17:38 - 2016-12-13 22:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-12 17:38 - 2016-12-13 21:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-12 17:38 - 2016-12-13 21:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-12 17:38 - 2016-12-13 21:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-12 17:38 - 2016-12-13 21:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-12 17:38 - 2016-12-13 21:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-12 17:38 - 2016-12-13 21:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-12 17:38 - 2016-12-13 21:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-12 17:38 - 2016-12-13 21:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-12 17:38 - 2016-12-13 21:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-12 17:38 - 2016-12-13 21:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-12 17:38 - 2016-12-13 21:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-12 17:38 - 2016-12-13 21:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-12 17:38 - 2016-12-13 21:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-12 17:38 - 2016-12-13 21:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-12 17:38 - 2016-12-13 21:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-12 17:38 - 2016-12-13 21:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-12 17:38 - 2016-12-13 21:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-12 17:37 - 2016-12-21 01:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-12 17:37 - 2016-12-21 00:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-12 17:37 - 2016-12-21 00:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-12 17:37 - 2016-12-21 00:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-12 17:37 - 2016-12-21 00:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-12 17:37 - 2016-12-21 00:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-12 17:37 - 2016-12-21 00:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-12 17:37 - 2016-12-21 00:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-12 17:37 - 2016-12-21 00:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-12 17:37 - 2016-12-21 00:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-12 17:37 - 2016-12-21 00:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-12 17:37 - 2016-12-21 00:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-12 17:37 - 2016-12-21 00:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-12 17:37 - 2016-12-21 00:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-12 17:37 - 2016-12-21 00:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-12 17:37 - 2016-12-21 00:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-12 17:37 - 2016-12-20 23:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-12 17:37 - 2016-12-20 23:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-12 17:37 - 2016-12-20 23:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-12 17:37 - 2016-12-20 23:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-12 17:37 - 2016-12-20 23:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-12 17:37 - 2016-12-20 23:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-12 17:37 - 2016-12-20 23:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-12 17:37 - 2016-12-20 22:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-12 17:37 - 2016-12-20 22:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-12 17:37 - 2016-12-20 22:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-12 17:37 - 2016-12-20 22:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-12 17:37 - 2016-12-20 22:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-12 17:37 - 2016-12-20 22:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-12 17:37 - 2016-12-20 21:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-12 17:37 - 2016-12-20 21:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-12 17:37 - 2016-12-20 21:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-12 17:37 - 2016-12-20 21:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-12 17:37 - 2016-12-20 21:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-12 17:37 - 2016-12-20 21:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-12 17:37 - 2016-12-20 21:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-12 17:37 - 2016-12-20 21:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-12 17:37 - 2016-12-20 21:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-12 17:37 - 2016-12-20 21:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-12 17:37 - 2016-12-20 21:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-12 17:37 - 2016-12-13 22:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-12 17:37 - 2016-12-13 22:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-12 17:37 - 2016-12-13 22:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-12 17:37 - 2016-12-13 22:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-12 17:37 - 2016-12-13 22:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-12 17:37 - 2016-12-13 22:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-12 17:37 - 2016-12-13 22:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-12 17:37 - 2016-12-13 22:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-12 17:37 - 2016-12-13 22:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-12 17:37 - 2016-12-13 21:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-12 17:37 - 2016-12-13 21:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-12 17:37 - 2016-12-13 21:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-12 17:37 - 2016-12-13 21:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-12 17:37 - 2016-12-13 21:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-12 17:37 - 2016-12-13 21:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-12 17:37 - 2016-12-13 21:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-12 17:37 - 2016-12-13 21:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-12 17:37 - 2016-12-13 21:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-12 17:37 - 2016-12-13 21:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-12 17:37 - 2016-12-13 21:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-12 17:37 - 2016-12-13 21:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-12 17:37 - 2016-12-13 21:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-12 17:37 - 2016-12-13 21:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-12 17:37 - 2016-12-13 21:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-12 17:37 - 2016-12-13 21:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-12 17:37 - 2016-12-13 21:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-12 17:37 - 2016-12-13 21:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-12 17:36 - 2016-12-21 00:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-12 17:36 - 2016-12-21 00:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-12 17:36 - 2016-12-21 00:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-12 17:36 - 2016-12-21 00:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-12 17:36 - 2016-12-21 00:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-12 17:36 - 2016-12-21 00:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-12 17:36 - 2016-12-13 21:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-12 17:36 - 2016-12-13 21:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-12 12:14 - 2017-01-12 12:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-01-12 12:14 - 2017-01-12 12:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-01-12 12:14 - 2017-01-12 12:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-01-10 08:43 - 2017-01-10 08:43 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-01-10 07:39 - 2017-01-10 07:39 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-03 22:25 - 2017-01-03 22:25 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-31 08:28 - 2016-09-22 23:00 - 00000000 ____D C:\FRST
2017-01-31 07:51 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-31 07:51 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-31 07:42 - 2016-09-28 19:40 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-30 08:21 - 2015-12-25 19:53 - 00000000 ___RD C:\Users\foxte\Dropbox
2017-01-30 08:16 - 2015-12-25 19:15 - 00000000 __SHD C:\Users\foxte\IntelGraphicsProfiles
2017-01-29 16:09 - 2016-09-28 19:49 - 01623786 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-29 16:05 - 2016-09-28 10:01 - 00000000 ____D C:\Users\foxte\AppData\Local\CrashDumps
2017-01-29 16:02 - 2016-09-28 20:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-29 16:01 - 2016-07-15 23:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-01-28 20:49 - 2016-09-28 19:51 - 00000000 ____D C:\Users\foxte
2017-01-28 18:05 - 2015-12-25 20:11 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-01-28 17:29 - 2016-09-22 13:44 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-01-28 17:29 - 2015-12-26 08:39 - 00000000 ____D C:\Program Files (x86)\IObit
2017-01-28 14:14 - 2016-09-22 13:44 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-01-28 14:13 - 2015-12-26 08:40 - 00000000 ____D C:\ProgramData\IObit
2017-01-28 07:56 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-27 22:06 - 2016-09-22 13:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-27 17:29 - 2016-09-22 13:52 - 00000000 ____D C:\AdwCleaner
2017-01-27 17:29 - 2015-12-25 19:54 - 00000000 ____D C:\ProgramData\Laplink
2017-01-27 16:36 - 2015-12-25 19:15 - 00000000 ____D C:\Users\foxte\AppData\Local\Packages
2017-01-27 12:26 - 2015-07-15 23:05 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-26 10:49 - 2016-12-18 15:36 - 00009406 _____ C:\Users\foxte\AppData\Roaming\Comma Separated Values.EML
2017-01-24 18:08 - 2016-07-16 04:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-24 16:37 - 2016-09-28 08:38 - 00000000 ____D C:\ProgramData\RogueKiller
2017-01-24 16:37 - 2016-09-28 08:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-01-24 16:37 - 2016-09-28 08:38 - 00000000 ____D C:\Program Files\RogueKiller
2017-01-23 20:32 - 2015-11-29 13:35 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-23 20:18 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-23 18:31 - 2015-12-25 19:22 - 00000000 ___RD C:\Users\foxte\OneDrive
2017-01-22 21:13 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\tracing
2017-01-20 16:28 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-20 16:28 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\TAPI
2017-01-20 16:28 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\Resources
2017-01-20 13:13 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-20 08:41 - 2016-10-07 07:42 - 00001039 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11 Host.lnk
2017-01-20 08:41 - 2016-10-07 07:42 - 00001033 _____ C:\Users\Public\Desktop\TeamViewer 11 Host.lnk
2017-01-20 08:41 - 2016-09-28 20:01 - 00001507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-01-20 08:41 - 2016-06-09 06:55 - 00001101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2017-01-20 08:41 - 2016-06-09 06:55 - 00001095 _____ C:\Users\Public\Desktop\paint.net.lnk
2017-01-20 08:41 - 2016-03-25 19:42 - 00002035 _____ C:\Users\Public\Desktop\Pulse Ambassador.lnk
2017-01-20 08:41 - 2016-03-12 20:04 - 00002133 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-01-20 08:41 - 2016-03-12 14:58 - 00001184 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2017-01-20 08:41 - 2015-12-26 09:44 - 00001823 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-01-20 08:41 - 2015-12-26 09:40 - 00002567 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-01-20 08:41 - 2015-12-25 20:08 - 00002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-01-20 08:41 - 2015-12-25 20:08 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2017-01-20 08:41 - 2015-12-25 20:08 - 00002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-01-20 08:41 - 2015-12-25 20:08 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-01-20 08:41 - 2015-12-25 20:08 - 00002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-01-20 08:41 - 2015-12-25 20:08 - 00002408 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-01-20 08:41 - 2015-12-25 20:08 - 00002402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-01-20 08:41 - 2015-12-25 20:08 - 00002396 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-01-20 08:41 - 2015-12-25 20:08 - 00002388 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-01-20 08:41 - 2015-12-25 19:16 - 00001292 _____ C:\Users\Public\Desktop\HP Smart Friend.lnk
2017-01-20 08:41 - 2015-11-29 13:30 - 00002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - hp.lnk
2017-01-20 08:41 - 2015-11-29 13:25 - 00002198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk
2017-01-19 01:04 - 2016-12-09 15:09 - 00001237 _____ C:\Users\foxte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Defrag.lnk
2017-01-19 01:03 - 2016-11-30 18:27 - 00001194 _____ C:\Users\foxte\Desktop\XFINITY Connect.lnk
2017-01-19 01:03 - 2016-11-30 18:27 - 00001166 _____ C:\Users\foxte\Desktop\Constant Guard Protection Suite.lnk
2017-01-19 01:03 - 2016-11-30 18:27 - 00001160 _____ C:\Users\foxte\Desktop\XFINITY TV.lnk
2017-01-19 01:03 - 2016-01-20 20:42 - 00001323 _____ C:\Users\foxte\Desktop\PES Files - Shortcut.lnk
2017-01-19 01:03 - 2015-12-31 15:06 - 00001480 _____ C:\Users\foxte\Desktop\HP Scan and Capture.lnk
2017-01-19 01:03 - 2015-12-25 19:53 - 00001310 _____ C:\Users\foxte\Desktop\Dropbox.lnk
2017-01-18 19:04 - 2015-12-25 20:10 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-18 13:07 - 2016-09-28 19:40 - 00345608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-18 13:04 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-18 13:04 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-18 13:04 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-18 13:04 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-16 09:10 - 2015-12-26 18:55 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-16 09:05 - 2015-12-26 18:55 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-10 08:43 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-10 08:43 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-01-10 08:41 - 2015-12-25 20:02 - 00000000 ____D C:\Program Files\Microsoft Office
 
==================== Files in the root of some directories =======
 
2017-01-18 15:51 - 2017-01-27 16:26 - 0004260 _____ () C:\Users\jande\AppData\Local\BTServer.log
 
Files to move or delete:
====================
C:\Users\Public\ASR.dat
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-29 10:03
 
==================== End of FRST.txt ============================


#8 towt

towt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 31 January 2017 - 03:05 PM

No sign of popups yet. I'll keep using it for 24 hours and let you know.



#9 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:53 AM

Posted 31 January 2017 - 05:11 PM

Hi towt

Thanks for the report.
 

No sign of popups yet.

That's good to hear :)

There's just a few leftovers to remove.
Some uninstallers are not very good.

Step 1
Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.


Step 2
Let's run a double check on everything now.

With the 'free' version of RogueKiller, you can't just update it.
So please uninstall it and download a fresh copy as per the following instructions.

Right click on the Start button >> select Programs and Features from the menu.
Right click on RogueKiller and select remove.

Please download RogueKiller Anti-malware (Free) onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on RogueKiller Anti-malware to install the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Select Accept the User Agreement then continue to click Next then finally click Install
  • Click Finish
    .
  • When the program opens..... click Scan

    7b512b4714ad7388ba40bdf4658d8770_zps77sw
  • Click Start Scan

    fb8fcbeabfc4db8487b2fc1ec6c10afd_zpskpt1

    c25dc32bd136372e90a3af791dfd642a_zpsjdqi
  • Double check anything found and tick to select items to be removed

    e5a9dca8a5ea08a2d3f5061db7b08355_zps5knr
  • Click Remove Selected
  • When the items have been removed.... Click Open Report >> Open TXT.
  • Copy and paste that report into your next reply.
  • In your next reply, please submit:
    Fixlog.txt
    RogueKiller report


    Thanks.

Attached Files


BBPP6nz.png


#10 towt

towt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 31 January 2017 - 06:39 PM

Here are the files you requested

Attached Files


Edited by towt, 31 January 2017 - 06:39 PM.


#11 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:53 AM

Posted 31 January 2017 - 06:55 PM

Hi towt

Reports look good.
The 2 items that RK flagged are Potentially Unwanted Modifications.
These are flagged because they are not default settings.

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1579387160-2240839606-3803936683-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1579387160-2240839606-3803936683-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found

If you set these yourself, you can leave them.
If you didn't set them, then have RK remove them.
 

I'll keep using it for 24 hours and let you know.

Sounds like a plan. :thumbup2:


BBPP6nz.png


#12 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:53 AM

Posted 07 February 2017 - 01:14 PM

Hi towt

Everything still running ok?

BBPP6nz.png


#13 towt

towt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 07 February 2017 - 02:18 PM

I apologize. I was away for the weekend. Yep. Everything seems to be good. Thanks for the awesome help!

#14 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:53 AM

Posted 07 February 2017 - 03:23 PM

Hi towt

I apologize. I was away for the weekend.

It's not a problem.
Glad to hear everything is still running ok.

Let's finish the cleaning process and remove the tools we have used.

Step 1
Restart MalwareBytes.
Click on the Quarantine tab
Tick to select all items (if any there ) and then click the Delete button.
Close MalwareBytes.

Step 2
FRST can now be removed:

Right click on the FRST icon and select delete.
Right click on any fixlog.txt or fixlist.txt files and select delete.
Navigate to: C:\frst and delete the frst folder

Step 3
RogueKiller AntiMalware can be uninstalled from the uninstall list: (if you want to remove it)


To remove AdwCleaner

Restart AdwCleaner ... click on the Uninstall button from the main screen.
This will remove all the files created and the program.

To remove JRT

Right click on the JRT icon and select delete.
Right click on any jrt.txt and select delete.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Use an AntiVirus Software

Only install one AntiVirus program at a time

Use a Firewall

Only install one software Firewall

Scan regularly with a 'Stand Alone' Anti-Malware scanner:
Installing another scanner that you can run once or twice a week is always beneficial.
Something like:Remember to update these programs each time before running.
You can install more than one of these if you only run them as stand alone programs.

Install an AdBlocker
Firefox: uBlock Origin
Google Chrome: uBlock Origin
Edge: uBlock Origin Preview

uBlock Origin is more than an "ad blocker": it is a wide-spectrum blocker -- which happens to be able to function as a mere "ad blocker".
The default behavior of uBlock Origin when newly installed is to block ads, trackers and malware sites
.

Internet Explorer:
Adblock Plus for Internet Explorer

P2P programs/Torrents
Don't be tempted to use Peer to Peer programs.
Many of the downloads are bundled with malware.

Beware of PuP's when installing 'free' software
(Potentially Unwanted Program) An application that is installed along with the desired application the user actually asked for.
In most cases, the PUP is spyware, adware or some other unwanted software.
However, what makes spyware or adware a PUP rather than pure malware is the fact that the end user license agreement (EULA) does inform the user that this additional program is being installed.
Considering hardly anyone ever reads the license agreement, the distinction is a subtle one.

Understanding PuP's (Adware)


Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.

Safe surfing. Computer_addict__by_Sinister_Starfeesh.g

Edited by Starbuck, 07 February 2017 - 03:24 PM.

BBPP6nz.png


#15 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:53 AM

Posted 14 February 2017 - 06:41 PM

As this topic has been resolved this thread will now be closed.

If you need this topic reopened, please contact one of the moderating team by PM and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.

Everyone else please begin a New Topic.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users