Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange firefox update and javascript:viod(0)


  • This topic is locked This topic is locked
7 replies to this topic

#1 zooter

zooter

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 AM

Posted 03 May 2017 - 11:37 AM

I was advised from another thread https://www.bleepingcomputer.com/forums/t/645530/urgent-firefox-update-please-help/

to post here

here is a image of the original popup https://content.screencast.com/users/solweb/folders/Jing/media/19dcdb1a-b2d5-4afb-954e-a31aa5b44e07/2017-04-29_1325.png

Ive run Malwarebytes and TDSSKiller but those didnt find anything

 

Ive run several other scanners and cleaners as advised from the other thread https://www.bleepingcomputer.com/forums/t/645530/urgent-firefox-update-please-help/

including zemana, JRT, ESET

 

im not seeing that popup anymore however Ive noticed that when I try to post on a site for example like reddit,

i am unable to post, and i see a javascript:viod(0) appear in the bottom left of the browser

 

here are the logs from the Farbar scan

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-05-2017
Ran by MandM (administrator) on Z (03-05-2017 09:30:50)
Running from C:\Users\MandM\Desktop
Loaded Profiles: MandM (Available Profiles: MandM)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14522512 2017-04-03] (Copyright 2017.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-17] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3993427723-2147256850-2466095620-1000\...\Run: [Google Update] => C:\Users\MandM\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-28] (Google Inc.)
HKU\S-1-5-21-3993427723-2147256850-2466095620-1000\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-3993427723-2147256850-2466095620-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9532120 2017-04-10] (Piriform Ltd)
HKU\S-1-5-21-3993427723-2147256850-2466095620-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{A7F31A5E-862D-446B-B509-CF3C3419A085}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{B34A8477-B773-41A9-AC9B-A1405880213C}: [DhcpNameServer] 172.26.38.1 172.26.38.2
Tcpip\..\Interfaces\{CF3525E9-D748-4024-8C0E-2864A95CBDC0}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3993427723-2147256850-2466095620-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3993427723-2147256850-2466095620-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3993427723-2147256850-2466095620-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.xxxweb.com/
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000 -> {AE69D59D-3A90-4C76-88D4-396222BF8F96} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-02] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-02] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File

FireFox:
========
FF DefaultProfile: ms6ovmhi.default-1401239169017
FF ProfilePath: C:\Users\MandM\AppData\Roaming\Mozilla\Firefox\Profiles\ms6ovmhi.default-1401239169017 [2017-05-03]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\ms6ovmhi.default-1401239169017 -> Google
FF Homepage: Mozilla\Firefox\Profiles\ms6ovmhi.default-1401239169017 -> hxxps://login.hostmonster.com/hosting/webmail
FF Extension: (JavaScript on-off applet) - C:\Users\MandM\AppData\Roaming\Mozilla\Firefox\Profiles\ms6ovmhi.default-1401239169017\Extensions\{54e46280-0211-11e3-b778-0800200c9a66}.xpi [2017-05-02]
FF Extension: (Web Developer) - C:\Users\MandM\AppData\Roaming\Mozilla\Firefox\Profiles\ms6ovmhi.default-1401239169017\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2017-04-05]
FF Extension: (Adblock Plus) - C:\Users\MandM\AppData\Roaming\Mozilla\Firefox\Profiles\ms6ovmhi.default-1401239169017\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Shield Recipe Client) - C:\Users\MandM\AppData\Roaming\Mozilla\Firefox\Profiles\ms6ovmhi.default-1401239169017\features\{64b76e19-2a11-46fb-9769-8267961cc0bf}\shield-recipe-client@mozilla.org.xpi [2017-05-02]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore => not found
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: (Adobe Contribute Toolbar) - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012-06-21] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-01-06] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-05-02] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-05-02] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [No File]
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3993427723-2147256850-2466095620-1000: @citrixonline.com/appdetectorplugin -> C:\Users\MandM\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-06-02] (Citrix Online)
FF Plugin HKU\S-1-5-21-3993427723-2147256850-2466095620-1000: @tools.google.com/Google Update;version=3 -> C:\Users\MandM\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3993427723-2147256850-2466095620-1000: @tools.google.com/Google Update;version=9 -> C:\Users\MandM\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll [2013-01-17] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\MandM\AppData\Local\Google\Chrome\User Data\Default [2017-05-02]
CHR Extension: (Web Developer) - C:\Users\MandM\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2017-02-16]
CHR Extension: (YouTube) - C:\Users\MandM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04]
CHR Extension: (Google Cast) - C:\Users\MandM\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-05-15]
CHR Extension: (Google Search) - C:\Users\MandM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-17]
CHR Extension: (Adobe Acrobat) - C:\Users\MandM\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-06]
CHR Extension: (VLC Media Player) - C:\Users\MandM\AppData\Local\Google\Chrome\User Data\Default\Extensions\eilohacgghholcemppcogkijfgkfgehp [2014-11-27]
CHR Extension: (Page Analytics (by Google)) - C:\Users\MandM\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2016-06-30]
CHR Extension: (Google Analytics Debugger) - C:\Users\MandM\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkmfdileelhofjcijamephohjechhna [2017-02-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MandM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Gmail) - C:\Users\MandM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-09]
CHR Extension: (Chrome Media Router) - C:\Users\MandM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-29]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [271448 2017-05-02] (Adobe Systems Incorporated) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-05-18] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1335360 2011-05-18] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-05-18] (Intel Corporation) [File not signed]
S2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed]
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [173512 2017-05-02] (Mozilla Foundation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 wampapache; c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe [21504 2011-09-26] (Apache Software Foundation) [File not signed]
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe [9690112 2012-01-25] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14522512 2017-04-03] (Copyright 2017.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 IntcDAud; C:\windows\System32\DRIVERS\IntcDAud.sys [342528 2012-06-19] (Intel® Corporation) [File not signed]
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 Netaapl; C:\windows\System32\DRIVERS\netaapl64.sys [22528 2012-03-26] (Apple Inc.) [File not signed]
R3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R1 ZAM; C:\windows\System32\drivers\zam64.sys [203680 2017-05-02] (Zemana Ltd.)
R1 ZAM_Guard; C:\windows\System32\drivers\zamguard64.sys [203680 2017-05-02] (Zemana Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-03 09:30 - 2017-05-03 09:32 - 00023143 _____ C:\Users\MandM\Desktop\FRST.txt
2017-05-03 09:30 - 2017-05-03 09:30 - 00000000 ____D C:\FRST
2017-05-03 09:25 - 2017-05-03 09:25 - 02428928 _____ (Farbar) C:\Users\MandM\Desktop\FRST64.exe
2017-05-02 15:20 - 2017-05-03 09:31 - 00041909 _____ C:\windows\ZAM.krnl.trace
2017-05-02 15:20 - 2017-05-03 09:31 - 00025635 _____ C:\windows\ZAM_Guard.krnl.trace
2017-05-02 15:20 - 2017-05-02 15:20 - 00203680 _____ (Zemana Ltd.) C:\windows\system32\Drivers\zamguard64.sys
2017-05-02 15:20 - 2017-05-02 15:20 - 00203680 _____ (Zemana Ltd.) C:\windows\system32\Drivers\zam64.sys
2017-05-02 15:20 - 2017-05-02 15:20 - 00001114 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-05-02 15:20 - 2017-05-02 15:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-05-02 15:20 - 2017-05-02 15:20 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-05-02 15:19 - 2017-05-02 15:19 - 00000000 ____D C:\Users\MandM\AppData\Local\Zemana
2017-05-02 15:17 - 2017-05-02 15:17 - 00002100 _____ C:\Users\MandM\Desktop\JRT.txt
2017-05-02 15:05 - 2017-05-02 15:05 - 01663672 _____ (Malwarebytes) C:\Users\MandM\Desktop\JRT.exe
2017-05-02 14:58 - 2017-05-02 14:58 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-05-02 14:58 - 2017-05-02 14:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-05-02 14:58 - 2017-05-02 14:58 - 00000000 ____D C:\Program Files\CCleaner
2017-05-02 13:37 - 2017-05-02 13:37 - 00000000 ____D C:\Users\MandM\AppData\Roaming\Macromedia
2017-05-02 13:37 - 2017-05-02 13:37 - 00000000 ____D C:\Users\MandM\AppData\Local\Macromedia
2017-05-02 13:34 - 2017-05-02 13:34 - 00000000 ____D C:\windows\system32\Macromed
2017-05-02 13:33 - 2017-05-02 13:33 - 20316248 _____ (Adobe Systems Incorporated) C:\Users\MandM\Downloads\install_flash_player.exe
2017-05-02 10:01 - 2017-05-02 10:01 - 00097856 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2017-05-02 10:01 - 2017-05-02 10:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-01 13:36 - 2017-05-01 13:36 - 00004822 _____ C:\Users\MandM\Downloads\Keyword Planner 2017-05-01 at 13-36-53.csv
2017-05-01 13:33 - 2017-05-01 13:33 - 00004690 _____ C:\Users\MandM\Downloads\Keyword Planner 2017-05-01 at 13-33-43.csv
2017-05-01 13:30 - 2017-05-01 13:30 - 00001478 _____ C:\Users\MandM\Downloads\Keyword Planner 2017-05-01 at 13-30-34.csv
2017-04-30 11:30 - 2017-04-30 11:30 - 00000000 ____D C:\ProgramData\VS Revo Group
2017-04-29 21:02 - 2017-04-29 21:02 - 00000000 ____D C:\SecurityCheck
2017-04-29 14:17 - 2017-04-29 14:17 - 04102600 _____ C:\Users\MandM\Desktop\adwcleaner_6.046.exe
2017-04-28 18:32 - 2017-04-28 18:33 - 00222322 _____ C:\TDSSKiller.3.1.0.12_28.04.2017_18.32.07_log.txt
2017-04-28 09:14 - 2017-04-28 11:25 - 00021172 _____ C:\Users\MandM\Desktop\Infinity_Health_Meta_Data.xlsx
2017-04-27 19:23 - 2017-04-27 19:46 - 00222780 _____ C:\TDSSKiller.3.1.0.12_27.04.2017_19.23.28_log.txt
2017-04-25 13:55 - 2017-04-25 13:55 - 00000490 _____ C:\Users\MandM\Downloads\Keyword Planner 2017-04-25 at 13-55-27.csv
2017-04-25 13:49 - 2017-04-25 13:49 - 00000754 _____ C:\Users\MandM\Downloads\Keyword Planner 2017-04-25 at 13-48-59.csv
2017-04-20 11:21 - 2017-04-20 11:21 - 00017664 _____ C:\Users\MandM\Downloads\Keyword Planner 2017-04-20 at 11-21-00.csv
2017-04-20 11:02 - 2017-04-20 11:02 - 00001386 _____ C:\Users\MandM\Downloads\Keyword Planner 2017-04-20 at 11-02-15.csv
2017-04-18 15:58 - 2017-04-18 15:58 - 00114072 _____ C:\Users\MandM\Downloads\Keyword Planner 2017-04-18 at 15-58-12.csv
2017-04-18 15:54 - 2017-04-18 15:54 - 00042820 _____ C:\Users\MandM\Downloads\Keyword Planner 2017-04-18 at 15-54-36.csv
2017-04-18 11:43 - 2017-04-18 11:43 - 00039456 _____ C:\Users\MandM\Downloads\Keyword Planner 2017-04-18 at 11-43-22.csv
2017-04-18 11:40 - 2017-04-18 11:41 - 00039918 _____ C:\Users\MandM\Downloads\Keyword Planner 2017-04-18 at 11-40-52.csv
2017-04-14 12:38 - 2017-04-14 12:38 - 00061011 _____ C:\Users\MandM\Downloads\www-allegacy-org_20170414T193817Z_CrawlErrors.csv
2017-04-14 12:37 - 2017-04-14 12:37 - 00061011 _____ C:\Users\MandM\Downloads\www-allegacy-org_20170414T193738Z_CrawlErrors.csv
2017-04-14 12:37 - 2017-04-14 12:37 - 00061011 _____ C:\Users\MandM\Downloads\www-allegacy-org_20170414T193721Z_CrawlErrors.csv
2017-04-14 12:37 - 2017-04-14 12:37 - 00010125 _____ C:\Users\MandM\Desktop\duplicate-title-tags.xlsx
2017-04-14 12:36 - 2017-04-14 12:36 - 00004003 _____ C:\Users\MandM\Downloads\www-allegacy-org_20170414T193608Z_HTMLImprovements_Duplicate_title_tags.csv
2017-04-12 09:47 - 2017-03-25 12:39 - 20284416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2017-04-12 09:47 - 2017-03-25 12:07 - 04604416 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2017-04-12 09:47 - 2017-03-25 12:06 - 13654016 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2017-04-12 09:47 - 2017-03-25 11:55 - 02767360 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2017-04-12 09:47 - 2017-03-25 11:52 - 02289152 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2017-04-12 09:47 - 2017-03-25 11:10 - 02898432 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2017-04-12 09:47 - 2017-03-25 10:52 - 25746944 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2017-04-12 09:47 - 2017-03-25 09:28 - 15259136 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2017-04-12 09:47 - 2017-03-25 09:24 - 03241472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2017-04-12 09:47 - 2017-03-25 09:10 - 01546240 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2017-04-12 09:47 - 2017-03-22 08:17 - 02651136 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2017-04-12 09:47 - 2017-03-10 09:00 - 03219968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2017-04-12 09:47 - 2017-03-07 21:33 - 02064384 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2017-04-12 09:46 - 2017-03-27 11:13 - 00394448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2017-04-12 09:46 - 2017-03-27 10:28 - 00346320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2017-04-12 09:46 - 2017-03-25 11:51 - 01313280 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2017-04-12 09:46 - 2017-03-25 11:48 - 00499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2017-04-12 09:46 - 2017-03-25 11:47 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2017-04-12 09:46 - 2017-03-25 11:46 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2017-04-12 09:46 - 2017-03-25 11:46 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2017-04-12 09:46 - 2017-03-25 11:46 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2017-04-12 09:46 - 2017-03-25 11:14 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2017-04-12 09:46 - 2017-03-25 11:13 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2017-04-12 09:46 - 2017-03-25 10:57 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2017-04-12 09:46 - 2017-03-25 10:56 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2017-04-12 09:46 - 2017-03-25 10:41 - 06045696 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2017-04-12 09:46 - 2017-03-25 10:04 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2017-04-12 09:46 - 2017-03-25 10:00 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2017-04-12 09:46 - 2017-03-25 09:59 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2017-04-12 09:46 - 2017-03-25 09:57 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2017-04-12 09:46 - 2017-03-25 09:57 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2017-04-12 09:46 - 2017-03-25 09:27 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2017-04-12 09:46 - 2017-03-25 09:01 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2017-04-12 09:46 - 2017-03-24 15:50 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2017-04-12 09:46 - 2017-03-24 15:42 - 00313344 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2017-04-12 09:46 - 2017-03-22 08:32 - 03165184 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2017-04-12 09:46 - 2017-03-22 08:32 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2017-04-12 09:46 - 2017-03-22 08:32 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2017-04-12 09:46 - 2017-03-22 08:24 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2017-04-12 09:46 - 2017-03-22 08:15 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2017-04-12 09:46 - 2017-03-22 08:15 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2017-04-12 09:46 - 2017-03-22 08:15 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2017-04-12 09:46 - 2017-03-22 08:15 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2017-04-12 09:46 - 2017-03-22 08:05 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2017-04-12 09:46 - 2017-03-22 08:05 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2017-04-12 09:46 - 2017-03-22 08:05 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2017-04-12 09:46 - 2017-03-14 08:34 - 00986344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2017-04-12 09:46 - 2017-03-14 08:34 - 00265448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2017-04-12 09:46 - 2017-03-10 09:35 - 00382696 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2017-04-12 09:46 - 2017-03-10 09:27 - 00308456 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2017-04-12 09:46 - 2017-03-08 13:20 - 01133568 _____ (Microsoft Corporation) C:\windows\system32\cdosys.dll
2017-04-12 09:46 - 2017-03-08 13:10 - 00805376 _____ (Microsoft Corporation) C:\windows\SysWOW64\cdosys.dll
2017-04-12 09:46 - 2017-03-07 21:37 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2017-04-12 09:46 - 2017-03-07 21:36 - 05548264 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2017-04-12 09:46 - 2017-03-07 21:36 - 00706792 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2017-04-12 09:46 - 2017-03-07 21:36 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2017-04-12 09:46 - 2017-03-07 21:36 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2017-04-12 09:46 - 2017-03-07 21:34 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2017-04-12 09:46 - 2017-03-07 21:33 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2017-04-12 09:46 - 2017-03-07 21:33 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2017-04-12 09:46 - 2017-03-07 21:33 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2017-04-12 09:46 - 2017-03-07 21:33 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2017-04-12 09:46 - 2017-03-07 21:26 - 04000488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2017-04-12 09:46 - 2017-03-07 21:26 - 03945192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2017-04-12 09:46 - 2017-03-07 21:24 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2017-04-12 09:46 - 2017-03-07 21:22 - 01416192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2017-04-12 09:46 - 2017-03-07 21:22 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2017-04-12 09:46 - 2017-03-07 21:21 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2017-04-12 09:46 - 2017-03-07 20:56 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2017-04-12 09:46 - 2017-03-07 09:30 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll
2017-04-12 09:46 - 2017-03-07 09:17 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\asycfilt.dll
2017-04-12 09:46 - 2017-03-07 07:05 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2017-04-12 09:46 - 2017-03-03 18:27 - 01574912 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2017-04-12 09:46 - 2017-03-03 18:27 - 00093696 _____ (Microsoft Corporation) C:\windows\system32\mfmjpegdec.dll
2017-04-12 09:46 - 2017-03-03 18:14 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2017-04-12 09:46 - 2017-03-03 18:14 - 00077312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmjpegdec.dll
2017-04-12 09:46 - 2017-02-14 09:33 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2017-04-12 09:46 - 2017-02-14 09:19 - 00497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32spl.dll
2017-04-12 09:46 - 2017-02-09 09:32 - 00769536 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2017-04-12 09:46 - 2017-02-09 09:32 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2017-04-12 09:46 - 2017-02-09 09:14 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2017-04-12 09:46 - 2017-01-18 08:36 - 00994760 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2017-04-12 09:46 - 2017-01-18 08:36 - 00063840 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:36 - 00020832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:36 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:36 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:36 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:36 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:36 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:36 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:36 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-12 09:46 - 2017-01-18 08:36 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:36 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:36 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:36 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:36 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:36 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:36 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:36 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-12 09:46 - 2017-01-18 08:36 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-12 09:46 - 2017-01-18 08:36 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:36 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:36 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:36 - 00011608 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-12 09:46 - 2017-01-18 08:35 - 00922432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2017-04-12 09:46 - 2017-01-18 08:35 - 00066400 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:35 - 00022368 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:35 - 00019808 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:35 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:35 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:35 - 00016224 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:35 - 00015712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:35 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:35 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-12 09:46 - 2017-01-18 08:35 - 00013664 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:35 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:35 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:35 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:35 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:35 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:35 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:35 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-12 09:46 - 2017-01-18 08:35 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-12 09:46 - 2017-01-18 08:35 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:35 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:35 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-12 09:46 - 2017-01-18 08:35 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-12 09:45 - 2017-03-25 11:47 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2017-04-12 09:45 - 2017-03-25 11:47 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2017-04-12 09:45 - 2017-03-25 11:46 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2017-04-12 09:45 - 2017-03-25 11:46 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2017-04-12 09:45 - 2017-03-25 11:46 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2017-04-12 09:45 - 2017-03-25 11:46 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-04-12 09:45 - 2017-03-25 11:46 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2017-04-12 09:45 - 2017-03-25 11:45 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2017-04-12 09:45 - 2017-03-25 11:45 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2017-04-12 09:45 - 2017-03-25 11:45 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2017-04-12 09:45 - 2017-03-25 11:45 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2017-04-12 09:45 - 2017-03-25 11:45 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2017-04-12 09:45 - 2017-03-25 11:45 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2017-04-12 09:45 - 2017-03-25 11:45 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2017-04-12 09:45 - 2017-03-25 11:44 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2017-04-12 09:45 - 2017-03-25 11:44 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2017-04-12 09:45 - 2017-03-25 11:35 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2017-04-12 09:45 - 2017-03-25 11:35 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2017-04-12 09:45 - 2017-03-25 11:16 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2017-04-12 09:45 - 2017-03-25 11:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2017-04-12 09:45 - 2017-03-25 11:13 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2017-04-12 09:45 - 2017-03-25 11:04 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2017-04-12 09:45 - 2017-03-25 11:02 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2017-04-12 09:45 - 2017-03-25 10:56 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2017-04-12 09:45 - 2017-03-25 10:56 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2017-04-12 09:45 - 2017-03-25 10:56 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2017-04-12 09:45 - 2017-03-25 10:45 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2017-04-12 09:45 - 2017-03-25 10:41 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2017-04-12 09:45 - 2017-03-25 10:30 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2017-04-12 09:45 - 2017-03-25 10:29 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2017-04-12 09:45 - 2017-03-25 10:24 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2017-04-12 09:45 - 2017-03-25 10:23 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2017-04-12 09:45 - 2017-03-25 10:20 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2017-04-12 09:45 - 2017-03-25 10:19 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2017-04-12 09:45 - 2017-03-25 10:17 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2017-04-12 09:45 - 2017-03-25 10:06 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2017-04-12 09:45 - 2017-03-22 08:30 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2017-04-12 09:45 - 2017-03-22 08:15 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2017-04-12 09:45 - 2017-03-22 08:15 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2017-04-12 09:45 - 2017-03-22 08:05 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2017-04-12 09:45 - 2017-03-14 08:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2017-04-12 09:45 - 2017-03-10 09:31 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2017-04-12 09:45 - 2017-03-10 09:31 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2017-04-12 09:45 - 2017-03-10 09:31 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2017-04-12 09:45 - 2017-03-10 09:31 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2017-04-12 09:45 - 2017-03-10 09:20 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2017-04-12 09:45 - 2017-03-10 09:19 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2017-04-12 09:45 - 2017-03-10 09:19 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2017-04-12 09:45 - 2017-03-10 08:53 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:22 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2017-04-12 09:45 - 2017-03-07 21:22 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2017-04-12 09:45 - 2017-03-07 21:22 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2017-04-12 09:45 - 2017-03-07 21:22 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2017-04-12 09:45 - 2017-03-07 21:22 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2017-04-12 09:45 - 2017-03-07 21:22 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2017-04-12 09:45 - 2017-03-07 21:22 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2017-04-12 09:45 - 2017-03-07 21:22 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2017-04-12 09:45 - 2017-03-07 21:22 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2017-04-12 09:45 - 2017-03-07 21:22 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2017-04-12 09:45 - 2017-03-07 21:22 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2017-04-12 09:45 - 2017-03-07 21:22 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2017-04-12 09:45 - 2017-03-07 21:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2017-04-12 09:45 - 2017-03-07 21:22 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2017-04-12 09:45 - 2017-03-07 21:22 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2017-04-12 09:45 - 2017-03-07 21:22 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2017-04-12 09:45 - 2017-03-07 21:22 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2017-04-12 09:45 - 2017-03-07 21:21 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2017-04-12 09:45 - 2017-03-07 21:21 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2017-04-12 09:45 - 2017-03-07 21:21 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2017-04-12 09:45 - 2017-03-07 21:21 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2017-04-12 09:45 - 2017-03-07 21:21 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:21 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:21 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:21 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:21 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:21 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:21 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:21 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:21 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:21 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:21 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:21 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:21 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 21:03 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2017-04-12 09:45 - 2017-03-07 21:03 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2017-04-12 09:45 - 2017-03-07 21:03 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2017-04-12 09:45 - 2017-03-07 21:03 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2017-04-12 09:45 - 2017-03-07 21:00 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2017-04-12 09:45 - 2017-03-07 20:59 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2017-04-12 09:45 - 2017-03-07 20:57 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2017-04-12 09:45 - 2017-03-07 20:56 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2017-04-12 09:45 - 2017-03-07 20:56 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2017-04-12 09:45 - 2017-03-07 20:55 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2017-04-12 09:45 - 2017-03-07 20:55 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2017-04-12 09:45 - 2017-03-07 20:54 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2017-04-12 09:45 - 2017-03-07 20:54 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2017-04-12 09:45 - 2017-03-07 20:54 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2017-04-12 09:45 - 2017-03-07 20:54 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2017-04-12 09:45 - 2017-03-07 20:53 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2017-04-12 09:45 - 2017-03-07 20:53 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 20:53 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 20:53 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-12 09:45 - 2017-03-07 20:53 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-12 09:45 - 2017-02-11 09:33 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2017-04-12 09:45 - 2017-02-11 09:16 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2017-04-12 09:45 - 2016-03-23 15:40 - 03181568 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2017-04-12 09:45 - 2016-03-23 15:40 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2017-04-06 11:16 - 2017-04-06 11:16 - 00059542 _____ C:\Users\MandM\Desktop\SW SEO Report Content Analysis Feb 2017.pdf
2017-04-06 11:16 - 2017-04-06 11:16 - 00059258 _____ C:\Users\MandM\Desktop\SW SEO Report Visitor Acquisition Analysis Feb 2017.pdf
2017-04-06 11:15 - 2017-04-06 11:15 - 00065472 _____ C:\Users\MandM\Desktop\SW SEO Dashboard Feb 2017.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2099-01-16 06:10 - 2013-06-28 11:45 - 00000522 _____ C:\Users\MandM\Downloads\generator_config.txt
2099-01-16 06:10 - 2013-06-28 11:45 - 00000506 _____ C:\Users\MandM\Downloads\stylesheet.css
2099-01-16 06:10 - 2013-06-28 11:45 - 00000000 ____D C:\Users\MandM\Downloads\specimen_files
2017-05-03 09:32 - 2012-05-01 18:38 - 00000000 ____D C:\Users\MandM\AppData\Local\Adobe
2017-05-03 09:30 - 2009-07-13 22:13 - 00782470 _____ C:\windows\system32\PerfStringBackup.INI
2017-05-03 09:30 - 2009-07-13 20:20 - 00000000 ____D C:\windows\inf
2017-05-03 09:29 - 2009-07-13 21:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-03 09:29 - 2009-07-13 21:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-03 09:20 - 2014-03-29 11:45 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1cf4b7fa345566.job
2017-05-03 09:20 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-05-02 22:49 - 2016-06-26 11:04 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2017-05-02 22:49 - 2014-06-02 10:25 - 00000562 _____ C:\windows\Tasks\G2MUpdateTask-S-1-5-21-3993427723-2147256850-2466095620-1000.job
2017-05-02 22:49 - 2009-07-13 22:08 - 00032624 _____ C:\windows\Tasks\SCHEDLGU.TXT
2017-05-02 15:53 - 2014-05-10 11:58 - 00000856 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3993427723-2147256850-2466095620-1000Core1cf6c81d5342bc3.job
2017-05-02 15:20 - 2012-05-01 18:33 - 00000000 ____D C:\Users\MandM
2017-05-02 15:17 - 2016-11-17 12:41 - 00000000 ____D C:\Users\MandM\AppData\LocalLow\Mozilla
2017-05-02 15:10 - 2012-03-20 03:02 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2017-05-02 15:10 - 2012-03-20 03:02 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2017-05-02 15:10 - 2012-03-20 02:53 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2017-05-02 15:05 - 2014-11-27 13:17 - 00000000 ____D C:\AdwCleaner
2017-05-02 14:54 - 2012-05-22 22:09 - 00002356 _____ C:\Users\MandM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-02 14:42 - 2016-09-15 08:23 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-05-02 14:40 - 2012-06-28 10:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-02 13:34 - 2012-05-01 20:26 - 00802904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-05-02 13:34 - 2012-03-20 02:12 - 00144472 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-02 13:34 - 2012-03-20 02:12 - 00000000 ____D C:\windows\SysWOW64\Macromed
2017-05-02 10:01 - 2012-03-20 02:12 - 00000000 ____D C:\Program Files (x86)\Java
2017-05-02 10:00 - 2015-06-30 15:44 - 00000000 ____D C:\Users\MandM\Desktop\CLUB-SV
2017-05-02 09:49 - 2016-10-06 13:58 - 00000000 ___RD C:\Users\MandM\OneDrive
2017-05-02 09:40 - 2013-10-16 08:59 - 00000000 ____D C:\ProgramData\Oracle
2017-05-02 09:02 - 2013-11-06 09:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-01 17:51 - 2012-07-22 10:37 - 00000000 ____D C:\ProgramData\Yahoo!
2017-05-01 17:51 - 2012-07-22 10:36 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2017-04-30 11:59 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-04-30 11:56 - 2012-03-20 02:48 - 00000000 ____D C:\ProgramData\WildTangent
2017-04-30 11:54 - 2012-05-22 22:16 - 00000000 ____D C:\Users\MandM\AppData\Roaming\Apple Computer
2017-04-30 11:54 - 2012-05-22 22:16 - 00000000 ____D C:\Users\MandM\AppData\Local\Apple Computer
2017-04-30 11:50 - 2016-08-14 13:46 - 00000000 ____D C:\Users\MandM\AppData\Local\Box
2017-04-30 11:36 - 2012-03-20 02:18 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-04-29 14:37 - 2014-11-14 09:40 - 00003202 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1cff3913f899028
2017-04-29 14:37 - 2012-08-23 11:05 - 00003330 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-29 14:15 - 2012-06-18 15:27 - 00000000 ____D C:\mike
2017-04-29 14:12 - 2016-01-05 18:44 - 00000000 ____D C:\Users\MandM\AppData\Local\CrashDumps
2017-04-28 09:08 - 2014-11-14 09:53 - 00003236 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3993427723-2147256850-2466095620-1000Core1cfee77304897b9
2017-04-28 09:08 - 2012-05-22 22:09 - 00003508 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3993427723-2147256850-2466095620-1000UA
2017-04-27 18:21 - 2014-08-09 09:27 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-25 12:42 - 2014-06-30 15:20 - 00000000 ____D C:\Users\MandM\AppData\Local\ElevatedDiagnostics
2017-04-25 12:42 - 2009-07-13 20:20 - 00000000 ____D C:\windows\system32\NDF
2017-04-24 09:49 - 2015-09-28 09:00 - 00000000 ____D C:\Users\MandM\Desktop\K2
2017-04-20 16:30 - 2015-01-13 18:40 - 00000000 ____D C:\InfinityCapital
2017-04-20 09:33 - 2017-02-07 15:36 - 00000000 ____D C:\Users\MandM\Desktop\MAUI2017
2017-04-16 13:26 - 2016-12-31 10:56 - 00003166 _____ C:\windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-12 15:40 - 2009-07-13 21:45 - 04983312 _____ C:\windows\system32\FNTCACHE.DAT
2017-04-12 14:55 - 2012-11-09 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-04-12 14:54 - 2012-11-09 16:28 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-04-12 14:54 - 2012-11-09 16:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-04-12 14:48 - 2013-07-20 10:35 - 00000000 ____D C:\windows\system32\MRT
2017-04-12 14:48 - 2012-05-20 16:49 - 148601744 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-04-12 14:44 - 2012-02-26 03:54 - 00775084 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2017-04-12 10:44 - 2015-01-06 16:28 - 00000000 ____D C:\Users\MandM\Desktop\BORABORA -July2016
2017-04-07 15:06 - 2010-11-20 20:27 - 00532136 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2017-04-07 13:08 - 2009-07-13 20:20 - 00000000 ____D C:\windows\rescache
2017-04-05 15:01 - 2012-05-01 18:33 - 00104264 _____ C:\Users\MandM\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-05 11:30 - 2016-10-06 13:28 - 00000000 ____D C:\Value_Shift
2017-04-05 11:27 - 2012-07-20 10:24 - 00000000 ____D C:\spaatlakeside
2017-04-05 11:24 - 2013-01-16 15:09 - 00000000 ____D C:\jbwhite
2017-04-05 11:20 - 2016-09-30 08:24 - 00000000 ____D C:\myfreeimplants
2017-04-05 11:19 - 2017-02-16 09:30 - 00000000 ____D C:\DragonRidge

==================== Files in the root of some directories =======

2013-05-08 17:22 - 2010-01-26 10:11 - 0444283 _____ () C:\Program Files\Common Files\WinPcapNmap.exe
2012-07-12 01:28 - 2012-07-12 01:28 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2012-05-15 14:08 - 2015-06-01 13:40 - 0000132 _____ () C:\Users\MandM\AppData\Roaming\Adobe GIF Format CS5 Prefs
2012-07-13 14:35 - 2015-12-30 13:20 - 0000132 _____ () C:\Users\MandM\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
2012-05-15 14:54 - 2017-03-04 15:47 - 0000132 _____ () C:\Users\MandM\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-06-02 00:34 - 2016-01-08 12:19 - 0001456 _____ () C:\Users\MandM\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-09-04 20:11 - 2012-09-04 20:24 - 0000600 _____ () C:\Users\MandM\AppData\Local\PUTTY.RND
2012-06-21 08:29 - 2012-06-21 17:06 - 0000000 _____ () C:\ProgramData\-W6Hiqwv1kgqDS1

Files to move or delete:
====================
C:\Windows\Tasks\{43B383D7-A224-47EE-90BF-79F20F62D7F3}.job


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-07 13:01

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-05-2017
Ran by MandM (03-05-2017 09:33:06)
Running from C:\Users\MandM\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-05-02 01:33:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3993427723-2147256850-2466095620-500 - Administrator - Disabled)
Guest (S-1-5-21-3993427723-2147256850-2466095620-501 - Limited - Disabled)
MandM (S-1-5-21-3993427723-2147256850-2466095620-1000 - Administrator - Enabled) => C:\Users\MandM

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20053 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0.3.0 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{57CC96D5-EC41-6CFA-9BBE-2F004C839318}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform)
ChromecastApp (HKU\S-1-5-21-3993427723-2147256850-2466095620-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Custom Help (Version: 15.06.1000.0142 - Intel Corporation) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Digital Delivery (HKLM-x32\...\{AFC08A81-D3C5-46F4-8F08-876E4BA606EA}) (Version: 1.7.4502.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell System Detect (HKU\S-1-5-21-3993427723-2147256850-2466095620-1000\...\9204f5692a8faf3b) (Version: 5.11.0.2 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2214 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.3.0.2214 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Freemake Video Converter version 3.1.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 3.1.2 - Ellora Assets Corporation)
Google Chrome (HKU\S-1-5-21-3993427723-2147256850-2466095620-1000\...\Google Chrome) (Version: 58.0.3029.96 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
GoToMeeting 6.4.10.2185 (HKU\S-1-5-21-3993427723-2147256850-2466095620-1000\...\GoToMeeting) (Version: 6.4.10.2185 - CitrixOnline)
HASP Device Drivers (HKLM-x32\...\HASP Device Drivers) (Version:  - )
HP Officejet 4630 series Basic Device Software (HKLM\...\{1EEDD93E-B341-4353-92D6-9A009443C91A}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.2.0.0587 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless Software (HKLM-x32\...\{fae8de85-97ab-4053-a8bb-03bfc86ac533}) (Version: 15.6.1 - Intel Corporation)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Jing (HKLM-x32\...\{8C784F8B-89D0-4A59-A000-7EEF129E1574}) (Version: 2.9.15255.1 - TechSmith Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 53.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0 (x86 en-US)) (Version: 53.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.0.6312 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
MyPublisher (HKLM-x32\...\MyPublisher) (Version:  - MyPublisher, Inc.)
Network Recording Player (HKLM-x32\...\{199DB693-9278-40EC-8BC8-5DE939DA03C5}) (Version: 2.29.3216 - Cisco WebEx LLC)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team)
P@H-Protocol (HKLM-x32\...\{A2CB3AFC-E449-408A-BF4F-FE64EB1899D8}) (Version: 3.0.8.7 - Valassis)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.16100 - Nero AG)
SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WampServer 2.2 (HKLM-x32\...\WampServer 2_is1) (Version:  - Hervé Leclerc (HeL))
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.388 - Zemana Ltd.)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\MandM\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\MandM\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\MandM\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\MandM\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\MandM\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\MandM\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\MandM\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\MandM\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\MandM\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\MandM\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\MandM\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\MandM\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09F1A46C-1AF8-4CC0-A640-1E9C6B32AF15} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-04-10] (Piriform Ltd)
Task: {1032C548-7E78-4094-9B44-0CF46ED17285} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => %windir%\system32\GWX\GWXConfigManager.exe
Task: {173AFB92-508C-41A2-BF36-6110E2FF50C1} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => %windir%\system32\GWX\GWXConfigManager.exe
Task: {23D2E19E-76C5-498C-A969-15670EECB356} - System32\Tasks\Microsoft\Windows\Setup\gwx\rundetector => %windir%\system32\GWX\GWXDetector.exe
Task: {29A4C4DE-5136-4B52-ADA1-1E8CFBFD1D5C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {2D7A8973-3827-4D10-A33A-1C6119DAFE26} - System32\Tasks\{DBABE8E7-266B-469B-9BB8-F98BCC21DE54} => pcalua.exe -a "C:\CAPITALIQ\Training\02 Software\Training\02 Software\ecldevup.exe" -d "C:\CAPITALIQ\Training\02 Software\Training\02 Software"
Task: {344C14AD-B6CA-4435-89C3-1BEA5DE73DFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3486E7DA-75E2-470C-B1E4-BC2F96C4DB74} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {4462414C-CF1E-4118-A951-E70A3E82998A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3993427723-2147256850-2466095620-1000Core1cfee77304897b9 => C:\Users\MandM\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {5713A0C3-E756-41A9-A327-1B3A6928CC4F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => %windir%\system32\GWX\GWXConfigManager.exe
Task: {598D6420-A329-402F-990E-02F586FE4DFC} - System32\Tasks\GoogleUpdateTaskMachineCore1cf4b7fa345566 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {5A001C4B-5D88-46BE-AD25-5D87E0969C65} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3993427723-2147256850-2466095620-1000Core1cf273eb452fcbf => C:\Users\MandM\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {6438C411-D381-44E4-B9DC-41A00778D964} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {650F1905-DF93-498F-ABD5-5F548A3F0F0C} - System32\Tasks\{8DC7421E-7DA0-49BC-AD45-475A24A7497A} => pcalua.exe -a "C:\CAPITALIQ\Training\02 Software\Eclipse VOX\Eclipse VOX\install.exe" -d "C:\CAPITALIQ\Training\02 Software\Eclipse VOX\Eclipse VOX"
Task: {6CBD4E7F-4A1A-4F13-B6EA-34B19FBDEA2E} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
Task: {6FB7D8C2-859F-42BC-B1B4-C11D3015A546} - System32\Tasks\OneDrive Standalone Update Task v2 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {72054AFA-0AA2-43E0-B691-E13ADC99EF92} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3993427723-2147256850-2466095620-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {742889D8-84BF-43F7-8395-CAE6FB2FF62C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => %windir%\system32\GWX\GWXConfigManager.exe
Task: {7939D98F-2498-4827-9206-6252FE4E5B66} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3993427723-2147256850-2466095620-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {7DE302AD-50AD-4694-8C0E-A8E4F5C3090D} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3993427723-2147256850-2466095620-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {80993C9E-0056-4EDE-9DB9-B5E47CC4262C} - System32\Tasks\AdobeAAMUpdater-1.0-Zooti-MandM => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {88986EA0-F978-40EF-B28E-5FBF90ECCAE1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3993427723-2147256850-2466095620-1000UA => C:\Users\MandM\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {893939B5-5A91-43F3-B0EF-C8AD53A0125A} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => %windir%\system32\GWX\GWX.exe
Task: {A84FE0E7-F00C-4EA2-97FB-CAC9BF7A7B71} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => %windir%\system32\GWX\GWXUXWorker.exe
Task: {A938E4B5-2544-4F31-9B9E-D1DC263A1B8E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-02] (Adobe Systems Incorporated)
Task: {BDC1D24B-5DBE-4D54-BEB7-532A50BE9B11} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {C0BD1DD6-B3D7-4E98-8262-85629CC93B5E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => %windir%\system32\GWX\GWXUXWorker.exe
Task: {CF7BD2AD-24E1-4EF0-8967-E9F4999710EF} - System32\Tasks\G2MUpdateTask-S-1-5-21-3993427723-2147256850-2466095620-1000 => C:\Users\MandM\AppData\Local\Citrix\GoToMeeting\2185\g2mupdate.exe [2015-01-21] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {DB8B4072-E315-4CF9-9B3D-F40A183B1414} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3993427723-2147256850-2466095620-1000Core => C:\Users\MandM\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {DEFC8E80-B542-4F68-AC92-1176DB2AEB56} - System32\Tasks\GoogleUpdateTaskMachineCore1cff3913f899028 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E89FA5F7-0FD0-41F2-A9D2-AAD82B842DBF} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3993427723-2147256850-2466095620-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {E998E755-4778-4C13-BB64-51B6451E3211} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3993427723-2147256850-2466095620-1000Core1cf6c81d5342bc3 => C:\Users\MandM\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E99A9C5F-8DFA-401A-BA96-44FDD361136A} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {F43676F0-CD9B-42FB-9470-56AEDA071DE3} - System32\Tasks\{D194A8D3-8BF2-431A-BDA3-D07305D7B990} => pcalua.exe -a C:\Users\MandM\Desktop\Audio_IDT_W7_A03_Setup-8H18M_ZPE.exe -d C:\Users\MandM\Desktop
Task: {F7CDFEF2-6FC8-4D8E-9970-F478648C94A6} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {FE8F085D-9C95-4171-A6C6-F02F2BAF475D} - System32\Tasks\{40977FB7-C966-4902-8AAD-ACEE223A166F} => pcalua.exe -a "C:\CAPITALIQ\Training\02 Software\ecldevup.exe" -d "C:\CAPITALIQ\Training\02 Software"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FaxApplications.exe_{04A1CC5D-A42B-4BF9-AE8B-BFD0454D7778}.job => C:\Program Files\HP\HP Officejet 4630 series\Bin\FaxApplications.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-3993427723-2147256850-2466095620-1000.job => C:\Users\MandM\AppData\Local\Citrix\GoToMeeting\2185\g2mupdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1cf4b7fa345566.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3993427723-2147256850-2466095620-1000Core1cf6c81d5342bc3.job => C:\Users\MandM\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ScanToPCActivationApp.exe_{DB1210F1-35D3-4378-B2E6-390A436D610B}.job => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
Task: C:\windows\Tasks\Toolbox.exe_{4021E327-2925-4187-8057-1B8F10E928CC}.job => C:\Program Files\HP\HP Officejet 4630 series\Bin\Toolbox.exe
Task: C:\windows\Tasks\{43B383D7-A224-47EE-90BF-79F20F62D7F3}.job => c:\program files (x86)\mozilla firefox\firefox.exe Ihxxp:/ui.skype.com/ui/0/6.16.0.105/en/

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-11-17 02:28 - 2016-11-17 02:28 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 02:28 - 2016-11-17 02:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-04-07 00:41 - 2017-04-07 00:41 - 00054488 _____ () C:\Program Files\CCleaner\branding.dll
2016-05-20 08:37 - 2016-05-20 08:37 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f1b815cf32572cea383bc47659c174fa\IsdiInterop.ni.dll
2012-03-20 02:11 - 2010-11-05 21:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\MandM\Cookies:IWKhOjlUZOf8VP8s4UalGkbrH [2126]
AlternateDataStreams: C:\Users\MandM\AppData\Local\Temp:Dn5bA7i8kvgo2aNls [2176]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2012-06-23 21:25 - 00000027 ____N C:\windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3993427723-2147256850-2466095620-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MandM\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: NeroLauncher => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
MSCONFIG\startupreg: Spotify => "C:\Users\MandM\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\MandM\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{436E757E-BE51-4A27-AA14-518B8896FFA0}] => (Allow) LPort=9700
FirewallRules: [{E72BEFED-E69E-4BF6-9AA5-A82B9FE749AB}] => (Allow) LPort=9701
FirewallRules: [{E0FCD11A-6C00-4DE6-A0EF-BC33FDF00639}] => (Allow) LPort=9702
FirewallRules: [{F3F2AC92-8299-4ACD-BF79-804F9AD67A8A}] => (Allow) LPort=9700
FirewallRules: [{2A3935FD-FF4C-4DC8-AF3C-8CE560E7ACA1}] => (Allow) C:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{35377595-2A90-4360-8645-54DCA45BC308}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{A6CA3397-EBC5-439B-959F-A9511FD4801C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{67764BE3-34E4-4B0D-8D11-A24DC206B8C6}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe
FirewallRules: [{C746358E-C402-40F0-9CA0-DB48025B1E49}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe
FirewallRules: [{AA56B4C3-F36C-4E14-B253-E090C72FCBEC}] => (Allow) LPort=7935
FirewallRules: [{EB8B2363-16FF-4A31-801D-295EA613C206}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{22BD7812-0E0E-443F-AB42-48C0F9257242}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CB4744D5-F860-4BA8-991D-E78512BF3BAA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1ED54779-FAB7-437A-A543-063F0DE39F19}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B0A7486B-C1AA-4747-9140-1B8C6CEE0B82}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{517A67A4-857A-4038-B1CD-611319C259CB}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{D72FDDC0-2883-4A21-A5C3-D1D6E04E730E}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{5C48772F-40BA-4F54-8CA3-46534C5EA182}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [TCP Query User{E4DBA9F7-E791-4229-8D69-8FF8555B0942}C:\program files (x86)\adobe\adobe dreamweaver cs5.5\dreamweaver.exe] => (Block) C:\program files (x86)\adobe\adobe dreamweaver cs5.5\dreamweaver.exe
FirewallRules: [UDP Query User{C174A999-E9B6-4FA4-9AB9-E3F835B5C7E7}C:\program files (x86)\adobe\adobe dreamweaver cs5.5\dreamweaver.exe] => (Block) C:\program files (x86)\adobe\adobe dreamweaver cs5.5\dreamweaver.exe
FirewallRules: [{14F0DC7D-D086-4C79-B364-16B8BFF6A87A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{835D0ECD-EFEE-429A-938B-3B4A410E4A7A}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\FaxApplications.exe
FirewallRules: [{67B1331E-2E8E-4904-8D3B-7521C90A4DB5}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\DigitalWizards.exe
FirewallRules: [{9F171D93-03AD-4E74-B614-B376DD0F400B}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\SendAFax.exe
FirewallRules: [{F33C5724-DF76-46FA-A9D5-482F76562537}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\DeviceSetup.exe
FirewallRules: [{52C6DAE3-D2ED-4616-9862-9D7AA4EA1350}] => (Allow) LPort=5357
FirewallRules: [{B9901B5E-54D3-4053-8190-8B2EDB2E6936}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{7CBA6788-269E-45FA-ACEB-BB1001348DB4}C:\users\mandm\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\mandm\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{0CBF594C-8172-4AF3-8447-ED1A9B15DF45}C:\users\mandm\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\mandm\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{8FCBE50A-46EB-4E93-AB16-17998B44EAEA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A725419F-31EA-4B2B-8CE3-FA5FA1570EA9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{239227F9-ACFF-4D21-BA0E-4BE20230054C}C:\users\mandm\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\mandm\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{ED620847-5758-4C85-82F9-C97506695F86}C:\users\mandm\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\mandm\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{C37CCB6C-EEBB-4C92-9AAB-378EFB294C25}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{0940110D-2BF0-44DE-A0EC-2C70BE315954}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{FDBE18E1-3174-4EEF-900F-B4A98C442527}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E52456E0-9569-40E7-9DD1-1E4DE30A7DF4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3089DBA6-B273-4680-A3C5-1FD4C6FAEEBB}] => (Allow) C:\Users\MandM\AppData\Local\Temp\7zS01AE\HPDiagnosticCoreUI.exe
FirewallRules: [{782D5F6C-BE8C-490B-9AE4-930AFC9C65E1}] => (Allow) C:\Users\MandM\AppData\Local\Temp\7zS01AE\HPDiagnosticCoreUI.exe
FirewallRules: [{74F92AFD-2E24-4D24-8851-A8BCE617C7DC}] => (Allow) C:\Users\MandM\AppData\Local\Temp\7zS021A\HPDiagnosticCoreUI.exe
FirewallRules: [{032D808C-EB88-4557-80C8-DDE27FAF5448}] => (Allow) C:\Users\MandM\AppData\Local\Temp\7zS021A\HPDiagnosticCoreUI.exe
FirewallRules: [{AC6C55A1-B16A-4604-A345-037095089685}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D9EA4238-3780-4523-AECB-9AEDF9B9D702}] => (Allow) LPort=2869
FirewallRules: [{AE94E28A-12B5-4B6E-A7DB-E76F50376EC4}] => (Allow) LPort=1900
FirewallRules: [{EF7F4352-0158-4EED-A17A-B1A8111D32B7}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{0B95FD83-657D-45E0-A3D8-D40FDE5A6F62}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{08EF6D5C-B149-4DC6-A1E5-6BAB042FAEAB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3AA3174B-E98F-47AB-8FE9-F37AB4C19BDF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{77E83A28-5449-4608-9727-78A5B6108077}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ED8FFBC3-619B-43AD-B161-3F144D9F8740}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

23-04-2017 10:42:00 Windows Update
27-04-2017 09:02:30 Windows Update
29-04-2017 14:35:50 JRT Pre-Junkware Removal
30-04-2017 11:35:29 Revo Uninstaller Pro's restore point - Adobe AIR
30-04-2017 11:38:38 Revo Uninstaller Pro's restore point - Adobe Flash Player 21 ActiveX
30-04-2017 11:41:01 Revo Uninstaller Pro's restore point - Java 8 Update 101
30-04-2017 11:41:12 Removed Java 8 Update 101
30-04-2017 11:43:55 Revo Uninstaller Pro's restore point - JavaFX 2.1.1
30-04-2017 11:44:09 Removed JavaFX 2.1.1
30-04-2017 11:46:27 Revo Uninstaller Pro's restore point - QuickTime 7
30-04-2017 11:48:50 Revo Uninstaller Pro's restore point - Box Tools
30-04-2017 11:49:02 Removed Box Tools
30-04-2017 11:50:29 Revo Uninstaller Pro's restore point - Coupon Printer for Windows
30-04-2017 11:51:07 Revo Uninstaller Pro's restore point - Coupon Printer for Windows
30-04-2017 11:52:31 Revo Uninstaller Pro's restore point - Safari
30-04-2017 11:55:18 Revo Uninstaller Pro's restore point - WildTangent Games
30-04-2017 14:07:04 Windows Update
02-05-2017 09:57:57 Removed Java 8 Update 131
02-05-2017 15:12:21 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2017 09:33:50 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (05/03/2017 09:33:50 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (05/03/2017 09:33:48 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (05/03/2017 09:33:48 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (05/03/2017 09:33:44 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (05/03/2017 09:33:36 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (05/03/2017 09:31:43 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (05/03/2017 09:31:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (05/03/2017 09:26:13 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (05/03/2017 09:24:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (05/03/2017 09:24:52 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
An instance of the service is already running.

Error: (05/03/2017 09:21:52 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:
An instance of the service is already running.

Error: (05/02/2017 10:49:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Update service terminated unexpectedly.  It has done this 2 time(s).

Error: (05/02/2017 10:49:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (05/02/2017 10:49:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Themes service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (05/02/2017 10:49:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The System Event Notification Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (05/02/2017 10:49:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Secondary Logon service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (05/02/2017 10:49:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Task Scheduler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (05/02/2017 10:49:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Remote Access Connection Manager service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (05/02/2017 10:49:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Profile Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2017-05-02 15:07:38.999
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-02 15:07:38.906
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-02 14:41:46.259
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-02 14:41:46.165
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-04-30 11:13:23.666
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-04-30 11:13:23.572
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-04-29 14:22:37.016
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-04-29 14:22:36.922
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-04-28 08:51:13.426
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-04-28 08:51:13.332
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 45%
Total physical RAM: 6051.18 MB
Available physical RAM: 3277.89 MB
Total Virtual: 12100.54 MB
Available Virtual: 9185.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.77 GB) (Free:695.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3A3F9270)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=916.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:59 AM

Posted 04 May 2017 - 07:53 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3993427723-2147256850-2466095620-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore => not found
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MandM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Chrome Media Router) - C:\Users\MandM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-29]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
CustomCLSID: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\MandM\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\MandM\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\MandM\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\MandM\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\MandM\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\MandM\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\MandM\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\MandM\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\MandM\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
AlternateDataStreams: C:\Users\MandM\Cookies:IWKhOjlUZOf8VP8s4UalGkbrH [2126]
AlternateDataStreams: C:\Users\MandM\AppData\Local\Temp:Dn5bA7i8kvgo2aNls [2176]
RemoveProxy:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

p.s.

when I try to post on a site for example like reddit,
i am unable to post, and i see a javascript:viod(0) appear in the bottom left of the browser


If the error still persists look at the solution for FireFox on this page.
https://appuals.com/solved-javascriptvoid0/

There is no need to use the Reimage Plus Software suggested on the page at the moment.

#3 zooter

zooter
  • Topic Starter

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 AM

Posted 04 May 2017 - 11:20 AM

here is the log
Note: I tried following the instructions on this page https://appuals.com/solved-javascriptvoid0/

for the javascript error however there was no Java ™ Platform plugin in the  Add-ons’.

listed in the ‘Plugins’ tab.

this is all that is listed there https://www.screencast.com/t/WcWp9P5o

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 03-05-2017 01
Ran by MandM (04-05-2017 09:04:22) Run:1
Running from C:\FRST
Loaded Profiles: MandM (Available Profiles: MandM)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3993427723-2147256850-2466095620-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore => not found
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MandM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Chrome Media Router) - C:\Users\MandM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-29]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
CustomCLSID: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\MandM\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\MandM\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\MandM\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\MandM\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\MandM\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\MandM\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\MandM\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\MandM\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\MandM\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
AlternateDataStreams: C:\Users\MandM\Cookies:IWKhOjlUZOf8VP8s4UalGkbrH [2126]
AlternateDataStreams: C:\Users\MandM\AppData\Local\Temp:Dn5bA7i8kvgo2aNls [2176]
RemoveProxy:

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-3993427723-2147256850-2466095620-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} => key removed successfully
HKCR\Wow6432Node\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} => key not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} => value removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0 => key removed successfully
C:\Users\MandM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\MandM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully
catchme => service removed successfully
HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => key removed successfully
HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key removed successfully
HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully
HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key removed successfully
HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => key removed successfully
HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => key removed successfully
HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04} => key removed successfully
HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => key removed successfully
HKU\S-1-5-21-3993427723-2147256850-2466095620-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key removed successfully
C:\Users\MandM\Cookies => ":IWKhOjlUZOf8VP8s4UalGkbrH" ADS removed successfully.
C:\Users\MandM\AppData\Local\Temp => ":Dn5bA7i8kvgo2aNls" ADS removed successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3993427723-2147256850-2466095620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3993427723-2147256850-2466095620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18664998 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 543068 B
Edge => 0 B
Chrome => 8756002 B
Firefox => 426902338 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 50830 B
systemprofile32 => 49699 B
LocalService => 0 B
NetworkService => 8188468 B
MandM => 223054724 B

RecycleBin => 15166368 B
EmptyTemp: => 676.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:08:07 ====



#4 zooter

zooter
  • Topic Starter

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 AM

Posted 04 May 2017 - 11:51 AM

Update:

I did this

Option 2: Reload the page by bypassing the cache

This option refreshes corrupted or possibly outdated files. While holding the shift key, click on the Reload button. The shortcut for this is CTRL + F5.

 

and that corrected the issue



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:59 AM

Posted 04 May 2017 - 01:19 PM

Good work.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#6 zooter

zooter
  • Topic Starter

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 AM

Posted 04 May 2017 - 01:22 PM

Great thank you

So no other issues then?



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:59 AM

Posted 05 May 2017 - 07:49 AM

You can come back if you have issues.
I will close the topic in 5 days.

#8 zooter

zooter
  • Topic Starter

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 AM

Posted 05 May 2017 - 11:31 AM

Great thank you






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users