Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Attempting to remove "iSkySoft Helper Compact"


  • This topic is locked This topic is locked
2 replies to this topic

#1 sort0008

sort0008

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 15 June 2017 - 02:02 PM

Hi there,
 
I'm having an issue with "iSkySoft Helper Compact" (from Shenzen Yi Xi Investment Co). It asks for permission each time I start my computer to make changes to my hard drive, and I keep selecting "no".  

 
I see that this problem has been solved on previous submissions, but that the solution might be tailored specifically to each individual user.
 
As has been requested in other threads regarding this issue, I'll post the FRST and Addition logs below.
 
Thank you in advance!
 
FRST log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2017
Ran by Joseph (administrator) on ASIMO (15-06-2017 08:18:13)
Running from C:\Users\Joseph\Desktop
Loaded Profiles: Joseph (Available Profiles: Joseph)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Felix Belzile) C:\Program Files (x86)\Cold Turkey\CTService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Dropbox, Inc.) C:\Users\Joseph\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
(Dropbox, Inc.) C:\Users\Joseph\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\HP\QuickPlay\QPService.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Dropbox, Inc.) C:\Users\Joseph\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Joseph\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\Joseph\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre1.8.0_31\bin\jusched.exe"
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [QPService] => C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296096 2012-09-16] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2080768 2014-09-11] (iSkySoft)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-652979366-1497595974-799173072-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\S-1-5-21-652979366-1497595974-799173072-1000\...\Run: [NortonOnlineBackupReminder] => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
HKU\S-1-5-21-652979366-1497595974-799173072-1000\...\Run: [ctfmon.exe] => C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-652979366-1497595974-799173072-1000\...\Run: [Dropbox Update] => C:\Users\Joseph\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-652979366-1497595974-799173072-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-652979366-1497595974-799173072-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-652979366-1497595974-799173072-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-24] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat Assistant.lnk [2013-03-29]
ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
Startup: C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-06-14]
ShortcutTarget: Dropbox.lnk -> C:\Users\Joseph\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{3DC90021-B8C9-42BC-B7FB-B45A8BA8812E}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{60A7777A-12FE-4F07-BDF2-648B91C37E97}: [DhcpNameServer] 209.18.47.62 209.18.47.61
 
Internet Explorer:
==================
HKU\S-1-5-21-652979366-1497595974-799173072-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
HKU\S-1-5-21-652979366-1497595974-799173072-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
SearchScopes: HKLM -> DefaultScope {3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-06-30] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-09-16] (RealPlayer)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-05] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-05] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-06-30] (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-652979366-1497595974-799173072-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
 
FireFox:
========
FF ProfilePath: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\e1vgvtw8.default [2017-06-13]
FF user.js: detected! => C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\e1vgvtw8.default\user.js [2014-12-16]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\e1vgvtw8.default -> Google.com (in English)
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\e1vgvtw8.default -> Google.com (in English)
FF Extension: (Youtube and more - Easy Video Downloader) - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\e1vgvtw8.default\Extensions\vdpure@link64.xpi [2016-02-11]
FF Extension: (LeechBlock) - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\e1vgvtw8.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387} [2016-09-19]
FF Extension: (Adblock Plus) - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\e1vgvtw8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-07-27]
FF Extension: (Greasemonkey) - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\e1vgvtw8.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-09-19]
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\e1vgvtw8.default\searchplugins\dictionary.xml [2010-04-11]
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\e1vgvtw8.default\searchplugins\discogs.xml [2013-02-15]
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\e1vgvtw8.default\searchplugins\googlecom-in-english.xml [2010-08-29]
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\e1vgvtw8.default\searchplugins\imdb.xml [2010-04-01]
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\e1vgvtw8.default\searchplugins\youtube.xml [2010-08-10]
FF ProfilePath: C:\Users\Joseph\AppData\Roaming\Greyfirst\Celtx\Profiles\uhj2dpvk.default [2016-04-03]
FF Extension: (Blackened) - C:\Program Files (x86)\Celtx\extensions\messagestyle-blackened@addons.instantbird.org [2012-01-02] [not signed]
FF Extension: (Default Shot Palette) - C:\Program Files (x86)\Celtx\extensions\default-palette@celtx.com [2012-01-02] [not signed]
FF Extension: (Depth) - C:\Program Files (x86)\Celtx\extensions\messagestyle-depth@addons.instantbird.org [2012-01-02] [not signed]
FF Extension: (DOM Inspector) - C:\Program Files (x86)\Celtx\extensions\inspector@mozilla.org [2012-01-02] [not signed]
FF Extension: (Minimal) - C:\Program Files (x86)\Celtx\extensions\messagestyle-minimal20@addons.instantbird.org [2012-01-02] [not signed]
FF Extension: (MSN-Smileys) - C:\Program Files (x86)\Celtx\extensions\emoticons-msn-smileys@m513901.de [2012-01-02] [not signed]
FF Extension: (Timezone Definitions for Mozilla Calendar) - C:\Program Files (x86)\Celtx\extensions\calendar-timezones@mozilla.org [2012-01-02] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2016-02-11] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-02-11] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-02-11] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-08-15] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-09-16] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-05] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2012-09-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2012-09-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-09-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-09-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2012-09-16] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-652979366-1497595974-799173072-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Joseph\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-01-26] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2012-09-16] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll [2012-09-16] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2012-09-16] (RealPlayer)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://mmweb/
CHR StartupUrls: Default -> "hxxp://www.weather.com/weather/5-day/New+York+NY+10016:4:US","hxxp://gmail.com/"
CHR Profile: C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default [2017-06-15]
CHR Extension: (Flash Video Downloader) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-03-15]
CHR Extension: (Google Docs) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-05]
CHR Extension: (YouTube) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Adblock Plus) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-23]
CHR Extension: (Google Search) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-05]
CHR Extension: (Video Downloader professional) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-07-25]
CHR Extension: (Google Docs Offline) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-31]
CHR Extension: (Pinterest Save Button) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-04-25]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-08-06]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-05-24]
CHR Extension: (Pocket) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2016-09-22]
CHR Extension: (Save to Pocket) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2017-06-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-15]
CHR Extension: (Gmail) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-15]
CHR Profile: C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\System Profile [2016-12-28]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-09-16]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 CTService; C:\Program Files (x86)\Cold Turkey\\CTService.exe [323072 2015-01-18] (Felix Belzile) [File not signed]
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-09] (Hewlett-Packard) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-15 08:18 - 2017-06-15 08:21 - 00028039 _____ C:\Users\Joseph\Desktop\FRST.txt
2017-06-15 08:17 - 2017-06-15 08:18 - 00000000 ____D C:\FRST
2017-06-15 08:16 - 2017-06-15 08:17 - 02438656 _____ (Farbar) C:\Users\Joseph\Desktop\FRST64.exe
2017-06-15 07:55 - 2017-06-15 08:09 - 00003336 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-652979366-1497595974-799173072-1000
2017-06-15 07:55 - 2017-06-15 08:09 - 00003204 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-652979366-1497595974-799173072-1000
2017-06-15 07:43 - 2017-06-15 07:43 - 04110280 _____ C:\Users\Joseph\Downloads\adwcleaner_6.047.exe
2017-06-15 07:35 - 2017-06-15 07:36 - 64232976 _____ (Malwarebytes ) C:\Users\Joseph\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe
2017-06-14 16:29 - 2017-06-14 16:29 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-06-14 10:10 - 2017-06-09 08:08 - 02100499 _____ C:\Users\Joseph\Downloads\Video.mp4
2017-06-14 08:58 - 2017-06-14 08:58 - 00239785 _____ C:\Users\Joseph\Downloads\NN-10008B.swf
2017-06-14 08:57 - 2017-06-14 08:57 - 00057460 _____ C:\Users\Joseph\Downloads\NN-10007B.swf
2017-06-14 08:57 - 2017-06-14 08:57 - 00032865 _____ C:\Users\Joseph\Downloads\NN-10008A.swf
2017-06-14 08:49 - 2017-06-14 08:50 - 00396399 _____ C:\Users\Joseph\Downloads\NN-10007A.swf
2017-06-14 05:24 - 2017-05-14 16:19 - 25738752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-06-14 05:24 - 2017-05-14 15:11 - 20274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-06-14 05:24 - 2017-05-14 14:54 - 15252992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-06-14 05:24 - 2017-04-27 18:50 - 03550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-06-14 05:24 - 2017-04-12 09:05 - 04296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-06-14 05:23 - 2017-06-02 04:28 - 02317824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-06-14 05:23 - 2017-06-02 04:28 - 02222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-06-14 05:23 - 2017-06-02 04:28 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-06-14 05:23 - 2017-06-02 04:28 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-06-14 05:23 - 2017-06-02 04:28 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-06-14 05:23 - 2017-06-02 04:28 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-06-14 05:23 - 2017-06-02 04:28 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-06-14 05:23 - 2017-06-02 04:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-06-14 05:23 - 2017-06-02 04:28 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-06-14 05:23 - 2017-06-02 04:11 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-06-14 05:23 - 2017-06-02 04:11 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-06-14 05:23 - 2017-06-02 04:10 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-06-14 05:23 - 2017-06-02 04:10 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-06-14 05:23 - 2017-06-02 04:09 - 01549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-06-14 05:23 - 2017-06-02 04:09 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-06-14 05:23 - 2017-06-02 04:09 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-06-14 05:23 - 2017-06-02 04:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-06-14 05:23 - 2017-06-02 04:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-06-14 05:23 - 2017-06-02 04:09 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-06-14 05:23 - 2017-06-02 04:09 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-06-14 05:23 - 2017-06-02 04:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-06-14 05:23 - 2017-06-02 03:58 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-06-14 05:23 - 2017-06-02 03:58 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-06-14 05:23 - 2017-06-02 03:57 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-06-14 05:23 - 2017-06-02 03:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-06-14 05:23 - 2017-05-21 00:28 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-06-14 05:23 - 2017-05-21 00:28 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-06-14 05:23 - 2017-05-21 00:24 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-06-14 05:23 - 2017-05-20 23:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-06-14 05:23 - 2017-05-20 23:48 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-06-14 05:23 - 2017-05-20 23:48 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-06-14 05:23 - 2017-05-20 23:48 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-06-14 05:23 - 2017-05-20 23:47 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-06-14 05:23 - 2017-05-20 23:46 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-06-14 05:23 - 2017-05-20 23:42 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-06-14 05:23 - 2017-05-16 14:19 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-06-14 05:23 - 2017-05-16 13:35 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-06-14 05:23 - 2017-05-14 16:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-06-14 05:23 - 2017-05-14 16:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-06-14 05:23 - 2017-05-14 16:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-06-14 05:23 - 2017-05-14 16:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-06-14 05:23 - 2017-05-14 16:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-06-14 05:23 - 2017-05-14 16:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-06-14 05:23 - 2017-05-14 16:26 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-06-14 05:23 - 2017-05-14 16:24 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-06-14 05:23 - 2017-05-14 16:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-06-14 05:23 - 2017-05-14 16:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-06-14 05:23 - 2017-05-14 16:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-06-14 05:23 - 2017-05-14 16:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-06-14 05:23 - 2017-05-14 16:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-06-14 05:23 - 2017-05-14 16:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-06-14 05:23 - 2017-05-14 16:10 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-06-14 05:23 - 2017-05-14 16:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-06-14 05:23 - 2017-05-14 15:57 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-06-14 05:23 - 2017-05-14 15:55 - 05975040 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-06-14 05:23 - 2017-05-14 15:48 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-06-14 05:23 - 2017-05-14 15:47 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-06-14 05:23 - 2017-05-14 15:46 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-06-14 05:23 - 2017-05-14 15:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-06-14 05:23 - 2017-05-14 15:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-06-14 05:23 - 2017-05-14 15:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-06-14 05:23 - 2017-05-14 15:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-06-14 05:23 - 2017-05-14 15:36 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-06-14 05:23 - 2017-05-14 15:23 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-06-14 05:23 - 2017-05-14 15:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-06-14 05:23 - 2017-05-14 15:22 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-06-14 05:23 - 2017-05-14 15:22 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-06-14 05:23 - 2017-05-14 15:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-06-14 05:23 - 2017-05-14 15:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-06-14 05:23 - 2017-05-14 15:20 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-06-14 05:23 - 2017-05-14 15:19 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-06-14 05:23 - 2017-05-14 15:18 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-06-14 05:23 - 2017-05-14 15:17 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-06-14 05:23 - 2017-05-14 15:16 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-06-14 05:23 - 2017-05-14 15:15 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-06-14 05:23 - 2017-05-14 15:14 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-06-14 05:23 - 2017-05-14 15:12 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-06-14 05:23 - 2017-05-14 15:11 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-06-14 05:23 - 2017-05-14 15:10 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-06-14 05:23 - 2017-05-14 15:10 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-06-14 05:23 - 2017-05-14 15:02 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-06-14 05:23 - 2017-05-14 14:57 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-06-14 05:23 - 2017-05-14 14:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-06-14 05:23 - 2017-05-14 14:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-06-14 05:23 - 2017-05-14 14:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-06-14 05:23 - 2017-05-14 14:52 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-06-14 05:23 - 2017-05-14 14:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-06-14 05:23 - 2017-05-14 14:50 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-06-14 05:23 - 2017-05-14 14:49 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-06-14 05:23 - 2017-05-14 14:44 - 04549120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-06-14 05:23 - 2017-05-14 14:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-06-14 05:23 - 2017-05-14 14:40 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-06-14 05:23 - 2017-05-14 14:39 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-06-14 05:23 - 2017-05-14 14:38 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-06-14 05:23 - 2017-05-14 14:37 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-06-14 05:23 - 2017-05-14 14:30 - 13664768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-06-14 05:23 - 2017-05-14 14:27 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-06-14 05:23 - 2017-05-14 14:15 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-06-14 05:23 - 2017-05-14 14:11 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-06-14 05:23 - 2017-05-14 14:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-06-14 05:23 - 2017-05-12 14:27 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-06-14 05:23 - 2017-05-12 14:26 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-06-14 05:23 - 2017-05-12 14:26 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-06-14 05:23 - 2017-05-12 14:26 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-06-14 05:23 - 2017-05-12 14:24 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:07 - 04001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-06-14 05:23 - 2017-05-12 14:07 - 03945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-06-14 05:23 - 2017-05-12 14:07 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-06-14 05:23 - 2017-05-12 14:04 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 13:55 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-06-14 05:23 - 2017-05-12 13:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-06-14 05:23 - 2017-05-12 13:54 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-06-14 05:23 - 2017-05-12 13:52 - 03222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-06-14 05:23 - 2017-05-12 13:51 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-06-14 05:23 - 2017-05-12 13:50 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-06-14 05:23 - 2017-05-12 13:46 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-06-14 05:23 - 2017-05-12 13:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-06-14 05:23 - 2017-05-12 13:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-06-14 05:23 - 2017-05-12 13:41 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-06-14 05:23 - 2017-05-12 13:41 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-06-14 05:23 - 2017-05-12 13:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-06-14 05:23 - 2017-05-12 13:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 13:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 13:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 13:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 12:25 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-06-14 05:23 - 2017-05-12 11:58 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-06-14 05:23 - 2017-05-12 11:58 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-06-14 05:23 - 2017-05-10 11:33 - 00091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe
2017-06-14 05:23 - 2017-05-10 11:29 - 14183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-06-14 05:23 - 2017-05-10 11:29 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-06-14 05:23 - 2017-05-10 11:29 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-06-14 05:23 - 2017-05-10 11:29 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-06-14 05:23 - 2017-05-10 11:29 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-06-14 05:23 - 2017-05-10 11:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-06-14 05:23 - 2017-05-10 11:16 - 00091368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MigAutoPlay.exe
2017-06-14 05:23 - 2017-05-10 11:14 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-06-14 05:23 - 2017-05-10 11:13 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-06-14 05:23 - 2017-05-10 11:13 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-06-14 05:23 - 2017-05-10 11:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-06-14 05:23 - 2017-05-10 11:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-06-14 05:23 - 2017-05-10 11:13 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-06-14 05:23 - 2017-05-10 11:13 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-06-14 05:23 - 2017-05-10 11:12 - 12880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-06-14 05:23 - 2017-05-10 11:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-06-14 05:23 - 2017-05-10 11:12 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-06-14 05:23 - 2017-05-10 11:00 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-06-14 05:23 - 2017-05-10 11:00 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-06-14 05:23 - 2017-05-10 11:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-06-14 05:23 - 2017-05-10 11:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-06-14 05:23 - 2017-05-10 10:52 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-06-14 05:23 - 2017-05-09 11:30 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-06-14 05:23 - 2017-05-09 11:29 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-06-14 05:23 - 2017-05-09 11:11 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-06-14 05:23 - 2017-05-07 11:33 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-06-14 05:23 - 2017-05-07 11:29 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-06-14 05:23 - 2017-03-30 11:03 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe
2017-06-14 05:23 - 2017-03-30 10:58 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
2017-06-13 19:54 - 2017-06-13 19:54 - 00008933 _____ C:\Users\Joseph\.recently-used.xbel
2017-06-08 12:53 - 2017-06-08 12:53 - 00097281 _____ C:\Users\Joseph\Downloads\Joseph_Sortland_Resume (2).pdf
2017-06-05 17:40 - 2017-06-05 17:41 - 01130328 _____ (Google Inc.) C:\Users\Joseph\Downloads\GoogleVoiceAndVideoSetup.exe
2017-06-05 15:30 - 2017-06-05 15:30 - 00125129 _____ C:\Users\Joseph\Downloads\Capital-Projects-Analyst-Community-Associate-extension-6-17__593188a688d5d.pdf
2017-05-26 11:58 - 2017-05-26 11:58 - 00033374 _____ C:\Users\Joseph\Downloads\4-Bilhete_CP_Elisa_Benson.pdf
2017-05-26 11:57 - 2017-05-26 11:57 - 00033387 _____ C:\Users\Joseph\Downloads\2-Bilhete_CP_Tanner_Stransky.pdf
2017-05-26 11:57 - 2017-05-26 11:57 - 00033384 _____ C:\Users\Joseph\Downloads\3-Bilhete_CP_Gena_Kaufman.pdf
2017-05-26 11:57 - 2017-05-26 11:57 - 00033377 _____ C:\Users\Joseph\Downloads\1-Bilhete_CP_Joseph_Sortland.pdf
2017-05-24 16:36 - 2017-05-24 16:36 - 00303929 _____ C:\Users\Joseph\Downloads\Uva do Monte - Blueberry Farm to Casa Mãe - Google Maps3.pdf
2017-05-24 16:34 - 2017-05-24 16:37 - 00267912 _____ C:\Users\Joseph\Downloads\Uva do Monte - Blueberry Farm to Casa Mãe - Google Maps2.pdf
2017-05-24 16:33 - 2017-05-24 16:33 - 00817238 _____ C:\Users\Joseph\Downloads\Uva do Monte - Blueberry Farm to Casa Mãe - Google Maps.pdf
2017-05-24 16:29 - 2017-05-24 16:29 - 00305882 _____ C:\Users\Joseph\Downloads\Sixt Rent a Car to Uva do Monte - Blueberry Farm - Google Maps3.pdf
2017-05-24 16:28 - 2017-05-24 16:28 - 00389513 _____ C:\Users\Joseph\Downloads\Sixt Rent a Car to Uva do Monte - Blueberry Farm - Google Maps2.pdf
2017-05-24 16:25 - 2017-05-24 16:25 - 00663915 _____ C:\Users\Joseph\Downloads\Sixt Rent a Car to Uva do Monte - Blueberry Farm - Google Maps.pdf
2017-05-24 12:59 - 2017-05-24 12:59 - 00087024 _____ C:\Users\Joseph\Downloads\Job Posting- Contract Consultant.pdf
2017-05-23 14:17 - 2017-05-23 14:17 - 00174038 _____ C:\Users\Joseph\Downloads\Climber-and-Pruner-2017-Until-Filled__591f0a135cba7.pdf
2017-05-23 14:16 - 2017-05-23 14:17 - 00109015 _____ C:\Users\Joseph\Downloads\EL2546-Community-Associate-Queens__591f029f5a2f1 (1).pdf
2017-05-19 16:41 - 2017-05-19 16:41 - 00097258 _____ C:\Users\Joseph\Downloads\Joseph_Sortland_Resume (1).pdf
2017-05-19 14:34 - 2017-05-19 14:34 - 00097267 _____ C:\Users\Joseph\Downloads\Joseph_Sortland_Resume_051917.pdf
2017-05-19 13:51 - 2017-05-19 13:51 - 00109015 _____ C:\Users\Joseph\Downloads\EL2546-Community-Associate-Queens__591f029f5a2f1.pdf
2017-05-16 15:59 - 2017-05-16 16:00 - 00150038 _____ C:\Users\Joseph\Downloads\Capital-Projects-Grants-Analyst-Comm-Coord-5-17-extension__5915cd6e6da6d.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-15 08:18 - 2015-06-17 13:23 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-652979366-1497595974-799173072-1000UA.job
2017-06-15 08:11 - 2009-10-15 04:52 - 00000290 _____ C:\ProgramData\hpqp.ini
2017-06-15 08:09 - 2010-03-17 17:39 - 00000187 _____ C:\ProgramData\HPWALog.txt
2017-06-15 08:08 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-15 08:02 - 2016-12-17 15:54 - 00000000 ____D C:\Users\Public\Documents\iskysoft
2017-06-15 08:02 - 2009-07-14 00:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-15 08:02 - 2009-07-14 00:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-15 07:51 - 2012-04-09 21:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-06-15 07:49 - 2014-10-10 20:11 - 00000000 ____D C:\AdwCleaner
2017-06-15 04:33 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-06-15 03:51 - 2009-07-14 01:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-15 03:51 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-06-15 03:43 - 2013-03-18 10:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-15 03:43 - 2013-03-18 10:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-15 03:43 - 2009-07-14 00:45 - 00353632 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-15 03:38 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2017-06-15 03:38 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\migwiz
2017-06-15 03:17 - 2013-03-18 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-15 03:14 - 2013-08-09 07:55 - 00000000 ____D C:\Windows\system32\MRT
2017-06-15 03:09 - 2010-09-29 18:09 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-06-14 20:18 - 2015-06-17 13:23 - 00000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-652979366-1497595974-799173072-1000Core.job
2017-06-14 16:29 - 2011-10-02 12:53 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Dropbox
2017-06-14 16:28 - 2015-06-17 13:23 - 00000000 ____D C:\Users\Joseph\AppData\Local\Dropbox
2017-06-13 22:19 - 2017-01-22 17:43 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-06-13 22:07 - 2017-01-24 22:38 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Fade In
2017-06-13 19:59 - 2010-11-14 12:12 - 00000000 ____D C:\Users\Joseph\.gimp-2.6
2017-06-13 19:54 - 2010-11-14 12:15 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\gtk-2.0
2017-06-13 19:54 - 2010-03-17 17:32 - 00000000 ____D C:\Users\Joseph
2017-06-12 17:24 - 2010-03-18 22:50 - 00181248 ___SH C:\Users\Joseph\Thumbs.db
2017-05-30 16:45 - 2010-03-17 17:53 - 00565416 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-05-19 13:24 - 2017-03-31 15:17 - 00097258 _____ C:\Users\Joseph\Downloads\Joseph_Sortland_Resume.pdf
 
==================== Files in the root of some directories =======
 
2010-03-17 18:14 - 2010-03-17 18:14 - 0000000 _____ () C:\Users\Joseph\AppData\Roaming\wklnhst.dat
2010-03-17 17:39 - 2010-03-17 17:39 - 0000000 _____ () C:\Users\Joseph\AppData\Local\AtStart.txt
2010-03-17 17:39 - 2010-03-17 17:39 - 0000000 _____ () C:\Users\Joseph\AppData\Local\DSwitch.txt
2011-05-12 00:08 - 2011-05-12 17:01 - 0008672 ___SH () C:\Users\Joseph\AppData\Local\hb1063ox02jw5osotj772n0331qq46l5ev7571wj512
2010-03-17 17:39 - 2010-03-17 17:39 - 0000000 _____ () C:\Users\Joseph\AppData\Local\QSwitch.txt
2017-01-20 19:30 - 2017-01-20 19:30 - 0000000 _____ () C:\Users\Joseph\AppData\Local\{5348ED0E-700B-4FBD-8A8F-3738E487D6BD}
2010-07-19 23:25 - 2010-07-19 23:25 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-05-12 00:08 - 2011-05-12 00:08 - 0003216 ___SH () C:\ProgramData\hb1063ox02jw5osotj772n0331qq46l5ev7571wj512
2009-10-15 04:52 - 2017-06-15 08:11 - 0000290 _____ () C:\ProgramData\hpqp.ini
2010-03-17 17:39 - 2017-06-15 08:09 - 0000187 _____ () C:\ProgramData\HPWALog.txt
2010-09-01 23:59 - 2010-09-02 00:07 - 0000359 _____ () C:\ProgramData\hpzinstall.log
2009-10-15 04:54 - 2009-10-15 04:54 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-08-15 02:49 - 2009-08-15 02:50 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-10-15 04:54 - 2009-10-15 04:54 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-08-15 02:44 - 2009-08-15 02:45 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-10-15 04:53 - 2009-10-15 04:53 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2009-10-15 04:54 - 2009-10-15 04:54 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-08-15 02:43 - 2009-08-15 02:43 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-08-15 02:45 - 2009-08-15 02:49 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-10-15 04:54 - 2009-10-15 04:54 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-12 13:40
 
==================== End of FRST.txt ============================

Addition Log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017
Ran by Joseph (15-06-2017 08:23:07)
Running from C:\Users\Joseph\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-03-17 21:32:25)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-652979366-1497595974-799173072-500 - Administrator - Disabled)
Guest (S-1-5-21-652979366-1497595974-799173072-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-652979366-1497595974-799173072-1002 - Limited - Enabled)
Joseph (S-1-5-21-652979366-1497595974-799173072-1000 - Administrator - Enabled) => C:\Users\Joseph
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.12 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.12 - Amazon Services LLC)
Any Video Converter 5.7.8 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (64-bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avery Wizard 3.1 (HKLM-x32\...\{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}) (Version: 3.1.5 - Avery)
Batch PDF Merger (HKLM-x32\...\com.essexreddevelopment.mergepdfmac) (Version: v1 - Essex Redevelopment Group)
Batch PDF Merger (x32 Version: 1 - Essex Redevelopment Group) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bullzip PDF Printer 11.1.0.2600 (HKLM\...\Bullzip PDF Printer_is1) (Version: 11.1.0.2600 - Bullzip)
Celtx (2.9.1) (HKLM-x32\...\Celtx (2.9.1)) (Version: 2.9.1 (en-US) - Greyfirst)
Cisco AnyConnect VPN Client (HKLM-x32\...\{835A6F5F-BC13-48DF-BEBE-8D80B419D145}) (Version: 2.5.0217 - Cisco Systems, Inc.)
Cold Turkey (Basic) (HKLM-x32\...\{6498E673-B9C2-4544-A722-1E854B5B573E}_is1) (Version: 1.2.6 Basic - Felix Belzile)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-652979366-1497595974-799173072-1000\...\Dropbox) (Version: 28.4.14 - Dropbox, Inc.)
Fade In Professional Screenwriting Software (HKLM-x32\...\Fade In Professional Screenwriting Software Demo_is1) (Version:  - Fade In Professional Screenwriting Software)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google SketchUp 8 (HKLM-x32\...\{B700113B-24A8-4D4C-8484-0CC944F764C8}) (Version: 3.0.3117 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
HP DVD Play 3.7 (HKLM-x32\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.6623 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 131.1.35898 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}) (Version: 4.1.11.3 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0148 (HKLM-x32\...\{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}) (Version: 1.01.0005 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6225.0 - IDT)
Inpaint 6.2 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version:  - Teorex)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.1.94 - LSI Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.8.7 - )
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
PuTTY development snapshot 2011-02-08:r9078 (HKLM-x32\...\PuTTY_is1) (Version: 2011-02-08:r9078 - Simon Tatham)
qBittorrent 3.2.3 (HKLM-x32\...\qBittorrent) (Version: 3.2.3 - The qBittorrent project)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Scribus 1.4.5 (HKLM-x32\...\Scribus 1.4.5) (Version: 1.4.5 - The Scribus Team)
SP45575 - Wallpaper Picture Position Enabler for Windows 7 (HKLM-x32\...\{86391634-A94B-4355-8397-3D85C2F942DA}) (Version: 1.0.0 - Hewlett-Packard International Pte. Ltd.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Swiff Player 1.7.2 (HKLM-x32\...\Swiff Player_is1) (Version: 1.7.2 - GlobFX Technologies)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-652979366-1497595974-799173072-1000\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinRAR 4.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}) (Version: 15.0.9334 - WinZip Computing, S.L. )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-652979366-1497595974-799173072-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Joseph\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-652979366-1497595974-799173072-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-652979366-1497595974-799173072-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-652979366-1497595974-799173072-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-652979366-1497595974-799173072-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-652979366-1497595974-799173072-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-652979366-1497595974-799173072-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-652979366-1497595974-799173072-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-652979366-1497595974-799173072-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-652979366-1497595974-799173072-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-652979366-1497595974-799173072-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-652979366-1497595974-799173072-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-652979366-1497595974-799173072-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0171E67C-0F85-4658-A620-6EA5534E0CC5} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-652979366-1497595974-799173072-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {03CB8991-3CB5-4B26-8D5B-A06BF621274F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {1C0A97AC-26BD-4B8E-80F9-1C4948EFE67B} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-04-26] (Apple Inc.)
Task: {200F4F3E-520D-4BE3-AE19-594BF2C4502A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-652979366-1497595974-799173072-1000UA => C:\Users\Joseph\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {34C7F8FF-4058-4890-92C3-B4DA82F716F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {382CD98E-D759-4C44-998A-B9C73C3865A1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2016-05-12] (Microsoft)
Task: {388C7102-9B88-4B58-80C2-DE3A6930923B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {4976A9E5-1388-4C49-A713-BBFD981C0A93} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-09] (Hewlett-Packard)
Task: {4977172E-D120-436C-8C0C-951518DFB758} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-09] (Hewlett-Packard)
Task: {4FBB81DA-76BD-48A8-AE67-1918D6950ACD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {53A6A921-9FB9-4037-8B7C-642A1E3E0127} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {5AB78D9C-5FF7-4063-8E5F-F2A2BDD2E73A} - System32\Tasks\{65DAF7B1-06DE-4D66-B54A-E1DFB7F40A93} => C:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {819261B7-8B34-4516-A214-CB95B2D916A7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {85E3184E-9B74-45F5-BC29-A1495112C6AB} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {971003B9-7210-48D0-A24C-1CE474208F99} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-652979366-1497595974-799173072-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {A79B283D-EC19-4AE1-A263-6B2C1B52DAC2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2016-05-12] (Microsoft)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {C28D4D79-C083-49BB-8969-7E612313ABFD} - System32\Tasks\GoogleUpdateTaskMachineCore1d1e9373c72fb9d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C569C7A8-257A-4D96-B71D-2B11B82CE2A1} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e9373d144709 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {DABACC4A-9FB1-4D40-833D-828A5F883130} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {E2DDCFEC-2F7A-41B7-B242-8CB6AA0AB4C4} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-652979366-1497595974-799173072-1000Core => C:\Users\Joseph\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {E7ECF8BF-031A-447F-8C22-64FC5708703C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {E9B85B44-F426-45D5-B00C-2B762D4637D3} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-652979366-1497595974-799173072-1000Core.job => C:\Users\Joseph\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-652979366-1497595974-799173072-1000UA.job => C:\Users\Joseph\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-07-21 14:34 - 2013-10-23 14:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2015-09-23 16:47 - 2015-09-23 16:47 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-23 16:47 - 2015-09-23 16:47 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-28 15:55 - 2012-02-17 22:55 - 00193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2010-11-08 11:15 - 2010-11-08 11:15 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2009-07-01 18:44 - 2009-07-01 18:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2017-05-10 19:48 - 2017-05-09 05:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-10 19:48 - 2017-05-09 05:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2015-02-02 16:06 - 2014-03-02 22:35 - 00075776 _____ () C:\Program Files (x86)\Cold Turkey\PcapDotNet.Core.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-06-14 16:28 - 2017-06-12 07:52 - 00775488 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2017-06-14 16:28 - 2017-06-12 07:52 - 01787200 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2017-06-14 16:29 - 2017-06-12 07:52 - 00100296 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2017-06-14 16:29 - 2017-06-12 07:52 - 00018888 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\select.pyd
2017-06-14 16:29 - 2017-06-12 07:54 - 00019776 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2017-06-14 16:29 - 2017-06-12 07:52 - 00035792 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2017-06-14 16:28 - 2017-06-12 07:54 - 00020824 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2017-06-14 16:29 - 2017-06-12 07:52 - 00123856 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-06-14 16:29 - 2017-06-12 07:52 - 00694224 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-06-14 16:28 - 2017-06-12 07:54 - 01729360 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-06-14 16:28 - 2017-06-12 07:54 - 00020816 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-06-14 16:28 - 2017-06-12 07:52 - 00145864 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-06-14 16:28 - 2017-06-12 07:52 - 00019408 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2017-06-14 16:28 - 2017-06-12 07:52 - 00116688 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2017-06-14 16:29 - 2017-06-12 07:52 - 00105928 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\win32api.pyd
2017-06-14 16:29 - 2017-06-12 07:55 - 00022864 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-06-14 16:28 - 2017-06-12 07:54 - 00060736 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-06-14 16:28 - 2017-06-12 07:54 - 00038712 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-06-14 16:29 - 2017-06-12 07:52 - 00024528 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\win32event.pyd
2017-06-14 16:28 - 2017-06-12 07:52 - 00392656 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-06-14 16:28 - 2017-06-12 07:52 - 00020936 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2017-06-14 16:29 - 2017-06-12 07:52 - 00116176 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\win32security.pyd
2017-06-14 16:29 - 2017-06-12 07:54 - 00392512 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2017-06-14 16:29 - 2017-06-12 07:52 - 00124880 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\win32file.pyd
2017-06-14 16:29 - 2017-06-12 07:55 - 00026456 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-06-14 16:29 - 2017-06-12 07:52 - 00024016 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2017-06-14 16:29 - 2017-06-12 07:52 - 00175560 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\win32gui.pyd
2017-06-14 16:29 - 2017-06-12 07:52 - 00030160 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2017-06-14 16:29 - 2017-06-12 07:52 - 00043472 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\win32process.pyd
2017-06-14 16:29 - 2017-06-12 07:52 - 00048592 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\win32service.pyd
2017-06-14 16:29 - 2017-06-12 07:52 - 00057808 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2017-06-14 16:29 - 2017-06-12 07:52 - 00024016 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-06-14 16:28 - 2017-06-12 07:54 - 00022336 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-06-14 16:29 - 2017-06-12 07:55 - 00082264 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2017-06-14 16:29 - 2017-06-12 07:55 - 00025432 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2017-06-14 16:28 - 2017-06-12 07:54 - 00246608 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2017-06-14 16:28 - 2017-06-12 07:54 - 00027488 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-06-14 16:28 - 2017-06-12 07:54 - 03928896 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-06-14 16:29 - 2017-06-12 07:52 - 00083912 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\sip.pyd
2017-06-14 16:28 - 2017-06-12 07:54 - 01826104 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2017-06-14 16:28 - 2017-06-12 07:54 - 01972024 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-06-14 16:29 - 2017-06-12 07:52 - 00028616 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-06-14 16:28 - 2017-06-12 07:54 - 00171336 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-06-14 16:28 - 2017-06-12 07:54 - 00042816 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-06-14 16:28 - 2017-06-12 07:54 - 00531264 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2017-06-14 16:28 - 2017-06-12 07:54 - 00133432 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-06-14 16:28 - 2017-06-12 07:54 - 00224064 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-06-14 16:28 - 2017-06-12 07:54 - 00207680 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-06-14 16:29 - 2017-06-12 07:52 - 00060880 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-06-14 16:29 - 2017-06-12 07:55 - 00054608 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2017-06-14 16:29 - 2017-06-12 07:55 - 00022864 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-06-14 16:29 - 2017-06-12 07:55 - 00022872 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-06-14 16:29 - 2017-06-12 07:55 - 00021848 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-06-14 16:29 - 2017-06-12 07:55 - 00022872 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2017-06-14 16:29 - 2017-06-12 07:52 - 00349128 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2017-06-14 16:29 - 2017-06-12 07:55 - 00023896 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-06-14 16:28 - 2017-06-12 07:54 - 00025936 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-06-14 16:28 - 2017-06-12 07:52 - 00036296 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\librsync.dll
2017-06-14 16:28 - 2017-06-12 07:54 - 00084288 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-06-14 16:29 - 2017-06-12 07:54 - 00030536 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2017-06-14 16:28 - 2017-06-12 07:52 - 00017864 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\libEGL.dll
2017-06-14 16:28 - 2017-06-12 07:52 - 01631184 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-06-14 16:29 - 2017-06-12 07:55 - 00026456 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-06-14 16:29 - 2017-06-12 07:54 - 00023368 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\wincrashpad.compiled._Crashpad.pyd
2017-06-14 16:28 - 2017-06-12 07:54 - 00546104 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2017-06-14 16:28 - 2017-06-12 07:54 - 00357688 _____ () C:\Users\Joseph\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-12-17 15:59 - 2014-09-11 19:58 - 01498112 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2016-12-17 15:59 - 2014-05-19 18:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2017-01-22 17:43 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-01-22 17:43 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-01-22 17:43 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Joseph\Downloads\10483396_513598745439099_421404936_n.jpg:com.dropbox.attributes [424]
AlternateDataStreams: C:\Users\Joseph\Downloads\2014-11-06 11.11.00 HDR.jpg:com.dropbox.attributes [1064]
AlternateDataStreams: C:\Users\Joseph\Downloads\2015-03-06 17.56.16-1.jpg:com.dropbox.attributes [1080]
AlternateDataStreams: C:\Users\Joseph\Downloads\929206_492241900879158_330560349_n.jpg:com.dropbox.attributes [212]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2016-03-24 19:58 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-652979366-1497595974-799173072-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{A5B72E1F-F3C3-4A75-88FB-4425899FEB5D}] => (Allow) svchost.exe
FirewallRules: [{C459E7DE-8966-40C8-9512-DE055F697B36}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{9CB746DF-0E5C-4F06-BFB8-B42690BCDF2F}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QP.exe
FirewallRules: [{0B732DCD-2383-481D-B20F-1B06D3BB3ADE}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QPService.exe
FirewallRules: [{1472C280-774C-49CF-AF11-BCDBA3B15960}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{882F02E8-47AB-4BF8-B0D7-F26EE9A3467E}] => (Allow) C:\Users\Joseph\AppData\Local\Temp\7zS17F9\setup\hpznui40.exe
FirewallRules: [{35F4E6C4-944A-4198-8DDC-83B75E5DA1A1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{FA70EA71-45A2-4A53-884A-5A5D43C1404E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{97C447E5-DD6C-4E50-8BD2-2734E7442F18}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{53A8C3E8-CF04-421D-9ACE-2EAF08728C0D}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{F192EB6A-E97B-4C35-8995-37DAD7E9EFAC}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{2CC97F4A-7629-4C9B-A2F7-A3E9E7A559EF}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{E12AB5C0-379E-4A2B-9C57-0CE4CF06231B}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [{7EAF08B4-F279-4FE1-96BD-1D0129E119C4}] => (Block) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [{79298866-39BE-4B35-BD62-DD2BC32A7716}] => (Block) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [{F37DD750-72DA-442B-9590-93AE6A2E0828}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4234005D-7689-4344-BC61-1C5E37C08A60}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{94912D0D-05BD-4D58-891B-F3F14E471615}] => (Allow) C:\Users\Joseph\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7E7C0239-D5C5-4F68-A41B-CB12AC18C6BD}] => (Allow) C:\Users\Joseph\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{ADB1714E-BA70-4885-A98E-9DFA252B8D53}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6B88780D-9BC6-4666-B3E1-21EBC4B3551F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A222C609-7F28-4B46-A3BD-C31345C5C852}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sid meier's railroads\RailRoads.exe
FirewallRules: [{FC76A88D-400F-4E45-A6A0-7074B12BEEC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sid meier's railroads\RailRoads.exe
FirewallRules: [{FD8A9A57-1837-4BD6-BC31-4E15BF963B74}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{12AC8613-B4C0-4D46-82F1-C2D6A1CD5009}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{A3421F6C-58AF-4B61-9464-0183FAEBDED7}C:\users\joseph\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joseph\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{F5C27218-53B8-4610-80EF-CFE89BE13C8C}C:\users\joseph\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joseph\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{0F734FAE-4E3B-4CFB-AC5D-C597F6A3F983}C:\users\joseph\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\joseph\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3D51C584-C615-4CCE-9DE2-2BC9C81CB1D2}C:\users\joseph\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\joseph\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{C0F46ACC-6A11-4023-97B0-E5762B94D9E0}C:\users\joseph\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\joseph\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{AD36DB2A-8BAC-4266-98D5-E26E0FCEB734}C:\users\joseph\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\joseph\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{5132B121-3DEC-4DD0-B8F4-9DC2B5186EDA}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Allow) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe
FirewallRules: [UDP Query User{333135AC-A9B9-4FD5-938C-38AE9BC4A96B}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Allow) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe
FirewallRules: [TCP Query User{2E1D2006-A5CA-47EA-8E0D-C176C9DDCD86}C:\program files\comicrack\comicrack.exe] => (Block) C:\program files\comicrack\comicrack.exe
FirewallRules: [UDP Query User{D7C7F7DA-BF07-44FA-977A-0157710F5007}C:\program files\comicrack\comicrack.exe] => (Block) C:\program files\comicrack\comicrack.exe
FirewallRules: [{F2DE4AB4-AD0D-4ECF-94A8-1F42C7323804}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{A1851D69-EF90-4AB0-B7A2-6DAA4BE55E09}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{1B813D78-ACA0-48BA-AF08-3818CCB462B9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FAF8A36C-D6A5-4D19-82FC-2600B27A9EF9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3437496A-4016-4E2C-B4E9-B4122CE1AE32}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{53F04D0C-B5DB-4FED-B624-21B8F5465181}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8C11DADE-DBC1-49AC-BFF7-DF56B46F1AE9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{FD407C60-F3E3-4E17-BC21-57CE9470C947}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3668885B-EC1D-4D55-912E-C01750A8C68A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6739F177-25C2-4F57-93E1-A8149048D6B5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
05-06-2017 14:45:02 Scheduled Checkpoint
06-06-2017 13:41:42 Windows Update
12-06-2017 09:07:34 Windows Update
15-06-2017 03:01:26 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/13/2017 10:19:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdSvc.exe, version: 2.5.44.79, time stamp: 0x57e24e33
Faulting module name: rtl150.bpl, version: 15.0.3953.35171, time stamp: 0x4cca139f
Exception code: 0xc0000005
Fault offset: 0x0000a116
Faulting process id: 0x120
Faulting application start time: 0x01d2e434eed9bfc6
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\rtl150.bpl
Report Id: e93d8d7d-50a7-11e7-9af0-00269ebe5af5
 
Error: (05/19/2017 06:26:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.23537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 798
 
Start Time: 01d2cd7e960a8fa1
 
Termination Time: 1716
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: 10a8d387-3ce2-11e7-bc72-00269ebe5af5
 
Error: (04/14/2017 01:22:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AVCFree.exe version 5.7.8.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 176c
 
Start Time: 01d2b54076cca1eb
 
Termination Time: 60
 
Application Path: C:\Program Files (x86)\Anvsoft\Any Video Converter\AVCFree.exe
 
Report Id: e57f2de7-2136-11e7-8692-00269ebe5af5
 
Error: (01/30/2017 02:39:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iTunes.exe version 12.3.0.44 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 4e3c
 
Start Time: 01d27b27dc73b41f
 
Termination Time: 127
 
Application Path: C:\Program Files\iTunes\iTunes.exe
 
Report Id:
 
Error: (01/21/2017 01:44:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 55.0.2883.87 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: ef4
 
Start Time: 01d26e9fe1bdb872
 
Termination Time: 60000
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: 39cbabb3-e000-11e6-981e-00269ebe5af5
 
Error: (01/08/2017 02:00:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: RPCRT4.dll, version: 6.1.7601.23601, time stamp: 0x5833390c
Exception code: 0xc0000005
Fault offset: 0x0000000000054211
Faulting process id: 0x3d8
Faulting application start time: 0x01d255e5ebcf25f7
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: C:\Windows\system32\RPCRT4.dll
Report Id: c288a2f0-d567-11e6-8be4-00269ebe5af5
 
Error: (12/17/2016 03:04:07 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: ASIMO)
Description: Application or service 'Windows Search' could not be shut down.
 
Error: (06/26/2016 10:51:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14758
 
Error: (06/26/2016 10:51:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14758
 
Error: (06/26/2016 10:51:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (06/15/2017 08:09:42 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Spybot-S&D 2 Security Center Service service depends the following service: wscsvc. This service might not be installed.
 
Error: (06/15/2017 08:09:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/15/2017 08:09:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (06/15/2017 08:06:30 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024001e: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.245.923.0).
 
Error: (06/15/2017 08:06:30 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.245.877.0
 
Update Source: Microsoft Update Server
 
Update Stage: Install
 
Source Path: http://www.microsoft.com
 
Signature Type: AntiVirus
 
Update Type: Full
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: 
 
Previous Engine Version: 1.1.13804.0
 
Error code: 0x8024001e
 
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
 
Error: (06/15/2017 07:52:36 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Spybot-S&D 2 Security Center Service service depends the following service: wscsvc. This service might not be installed.
 
Error: (06/15/2017 07:50:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device Service service failed to start due to the following error: 
The pipe has been ended.
 
Error: (06/15/2017 07:50:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Print Spooler service failed to start due to the following error: 
The service did not start due to a logon failure.
 
Error: (06/15/2017 07:50:44 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
The request is not supported.
 
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (06/15/2017 07:49:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The hpqwmiex service terminated unexpectedly.  It has done this 1 time(s).
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 83%
Total physical RAM: 3998.93 MB
Available physical RAM: 670.81 MB
Total Virtual: 7996.04 MB
Available Virtual: 4252.24 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:285.73 GB) (Free:133.9 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:12.16 GB) (Free:2 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: E7E8E0A0)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=285.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.2 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


Edited by hamluis, 15 June 2017 - 03:56 PM.
Merged posts - Hamluis.


BC AdBot (Login to Remove)

 


#2 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:11:47 AM

Posted 16 June 2017 - 12:42 AM

Hi sort0008,

Welcome to BleepingComputer. My name is dbrisendine and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at BleepingComputer are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.


    - Save ALL Tools to your Desktop-

    All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

    Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
    Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
    "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

  • Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
    and the click the "Select Folder" button. Click OK to get out of the Options menu.

  • IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
    select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
    NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
     

Let's get started....

FIRST >>>>


Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

QuickTime 7

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


SECOND >>>>

1- Please double-click on FRST64
2- Press Ctrl+y (Ctrl and y keys at the same time)
3- A fixlist.txt file opens up in notepad.exe. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad.




Start::
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2080768 2014-09-11] (iSkySoft)
C:\Program Files (x86)\Common Files\iSkysoft
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-652979366-1497595974-799173072-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-18\...\Run: [] => [X]
SearchScopes: HKLM -> DefaultScope {3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
Toolbar: HKU\S-1-5-21-652979366-1497595974-799173072-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
FF user.js: detected! => C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\e1vgvtw8.default\user.js [2014-12-16]
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\e1vgvtw8.default\searchplugins\dictionary.xml [2010-04-11]
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\e1vgvtw8.default\searchplugins\discogs.xml [2013-02-15]
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\e1vgvtw8.default\searchplugins\googlecom-in-english.xml [2010-08-29]
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\e1vgvtw8.default\searchplugins\imdb.xml [2010-04-01]
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\e1vgvtw8.default\searchplugins\youtube.xml [2010-08-10]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2016-02-11] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Google Drive) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-05]
CHR Extension: (Google Search) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-15]
CHR Extension: (Chrome Media Router) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-15]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
2017-06-15 08:02 - 2016-12-17 15:54 - 00000000 ____D C:\Users\Public\Documents\iskysoft
2011-05-12 00:08 - 2011-05-12 17:01 - 0008672 ___SH () C:\Users\Joseph\AppData\Local\hb1063ox02jw5osotj772n0331qq46l5ev7571wj512
2011-05-12 00:08 - 2011-05-12 00:08 - 0003216 ___SH () C:\ProgramData\hb1063ox02jw5osotj772n0331qq46l5ev7571wj512
2009-10-15 04:54 - 2009-10-15 04:54 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-08-15 02:49 - 2009-08-15 02:50 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-10-15 04:54 - 2009-10-15 04:54 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-08-15 02:44 - 2009-08-15 02:45 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-10-15 04:53 - 2009-10-15 04:53 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2009-10-15 04:54 - 2009-10-15 04:54 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-08-15 02:43 - 2009-08-15 02:43 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-08-15 02:45 - 2009-08-15 02:49 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-10-15 04:54 - 2009-10-15 04:54 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {85E3184E-9B74-45F5-BC29-A1495112C6AB} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {E9B85B44-F426-45D5-B00C-2B762D4637D3} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Joseph\Downloads\10483396_513598745439099_421404936_n.jpg:com.dropbox.attributes [424]
AlternateDataStreams: C:\Users\Joseph\Downloads\2014-11-06 11.11.00 HDR.jpg:com.dropbox.attributes [1064]
AlternateDataStreams: C:\Users\Joseph\Downloads\2015-03-06 17.56.16-1.jpg:com.dropbox.attributes [1080]
AlternateDataStreams: C:\Users\Joseph\Downloads\929206_492241900879158_330560349_n.jpg:com.dropbox.attributes [212]
C:\programdata\videodownloaderultimatewinapp
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
End::


4- Press Ctrl+s to save. Close the fixlist.txt file.
5- Press Fix button.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


THIRD >>>>

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.


LAST >>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
[ul]
Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:
AdwCleaner_v6_start_zps5nymee4e.png

Click the Scan button and wait for the scan to finish.

After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don't want to remove.

Click the Clean button.

Everything checked will be deleted.

When the program has finished cleaning a report appears.

Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg

On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C#].txt
[/ul]

Optional:
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#3 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:11:47 AM

Posted 18 June 2017 - 10:16 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users