Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trying to verify that my Windows 7 laptop is malware/virus/etc.. free


  • This topic is locked This topic is locked
22 replies to this topic

#1 nuclearmatt

nuclearmatt

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:07:47 PM

Posted 15 February 2018 - 10:34 AM

I'm very new to this forum (I just signed up this morning) and I just wanted to submit a generic request to ensure that there isn't anything nefarious hiding in my computer. I became concerned that there might be instances like that when I ran Hijack This (several entries bring up Unknown or Missing files), but Spybot S&D, and Microsoft Security Essentials don't seem to find anything out of the ordinary.

 

I greatly appreciate any assistance and direction you can offer, thank you!

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.02.2018
Ran by Matt (administrator) on PLASMONICS (15-02-2018 09:52:13)
Running from C:\Users\Matt\Desktop
Loaded Profiles: UpdatusUser & Matt (Available Profiles: UpdatusUser & Matt)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe
(Google Inc.) C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6469736 2012-03-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2871056 2012-04-12] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5727392 2012-01-19] (Dell Inc.)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [418280 2012-07-25] (Autodesk, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-09-01] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\Run: [Google Update] => C:\Users\Matt\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.)
HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5913720 2017-05-23] (Safer-Networking Ltd.)
HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\MountPoints2: {cd603e92-2639-11e5-b93f-c485080650fd} - D:\LiteAuto.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260928 2012-02-26] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-02-26] (NVIDIA Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{3E1AC35A-EDD0-46CE-9177-E5C831C5C7C8}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{A6E28D48-CDE9-4C6D-B50E-3AFF55B23817}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-416811638-4231456509-3825418720-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM -> DefaultScope {98889E97-0409-40C6-AD5E-A9FDD3C6547C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {98889E97-0409-40C6-AD5E-A9FDD3C6547C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {98889E97-0409-40C6-AD5E-A9FDD3C6547C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {98889E97-0409-40C6-AD5E-A9FDD3C6547C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-416811638-4231456509-3825418720-1001 -> DefaultScope {E9DB9E7B-A275-41D1-8158-D0423FBEBDEB} URL = hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&cof=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-416811638-4231456509-3825418720-1001 -> {352EC60E-97B3-4B61-A2CE-93917A40BDC5} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=18A4ACA3-D004-4227-A9B1-DBE41A8F7161&apn_sauid=E0D0A3EC-EFE0-4124-8DC8-D17C7BBC3C40
SearchScopes: HKU\S-1-5-21-416811638-4231456509-3825418720-1001 -> {98889E97-0409-40C6-AD5E-A9FDD3C6547C} URL = hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-416811638-4231456509-3825418720-1001 -> {E9DB9E7B-A275-41D1-8158-D0423FBEBDEB} URL = hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&cof=&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-02-06] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-02-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [2017-07-24] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-02-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-24] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-416811638-4231456509-3825418720-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-416811638-4231456509-3825418720-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2018-01-11] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-02-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-02-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-01-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-02-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-02-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll [2011-10-03] (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-416811638-4231456509-3825418720-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-416811638-4231456509-3825418720-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Profile 2
CHR HomePage: Profile 2 -> msn.com
CHR DefaultSearchURL: Profile 2 -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Profile 2 -> bing.com
CHR DefaultSuggestURL: Profile 2 -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 2 [2018-02-15]
CHR Extension: (Slides) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-23]
CHR Extension: (Docs) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-23]
CHR Extension: (Google Drive) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-24]
CHR Extension: (YouTube) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-23]
CHR Extension: (Sheets) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-23]
CHR Extension: (Google Docs Offline) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-24]
CHR Extension: (AdBlock) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-02-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-23]
CHR Extension: (Gmail) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-23]
CHR Extension: (Chrome Media Router) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-23]
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-20]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Matt\AppData\Local\funmoods.crx [2012-09-20]
CHR HKU\S-1-5-21-416811638-4231456509-3825418720-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Matt\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-14]
CHR HKU\S-1-5-21-416811638-4231456509-3825418720-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Matt\AppData\Local\funmoods.crx [2012-09-20]
CHR HKU\S-1-5-21-416811638-4231456509-3825418720-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Matt\AppData\Local\funmoods.crx [2012-09-20]
CHR HKLM-x32\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.YYZXVGEL4WR5CPE25TD4YVPPOU - C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7968432 2018-01-30] (Microsoft Corporation)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-02-06] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-01] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2011-05-18] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AVerPola; C:\Windows\System32\DRIVERS\AVerPola.sys [862336 2013-12-18] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
S1 DhaHelper; C:\Windows\SysWOW64\drivers\dhahelper.sys [7168 2009-05-08] (MPlayer <hxxp://svn.mplayerhq.hu/mplayer/trunk/vidix/dhahelperwin/>) [File not signed]
R3 hswpan; C:\Windows\System32\DRIVERS\hswpan.sys [109056 2012-01-27] (Ozmo Inc)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-02-07] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R1 MpKsl3c071b96; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD84F363-81F8-4EBC-B4C8-67867D90E62E}\MpKsl3c071b96.sys [58120 2018-02-14] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-02-23] (Novatel Wireless Inc.)
S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-02-23] (Novatel Wireless Inc.)
S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213376 2009-02-23] (Novatel Wireless Inc.)
S3 SmbDrvAMDASF; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [24848 2012-04-12] (Synaptics Incorporated)
R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [24848 2012-04-12] (Synaptics Incorporated)
S3 STTub30; C:\Windows\System32\Drivers\STTub30.sys [44184 2012-07-09] (STMicroelectronics)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [67184 2012-01-03] (STMicroelectronics)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 usbser; C:\Windows\SysWOW64\DRIVERS\usbser.sys [32768 2013-11-11] (Microsoft Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-10-16] (Cisco Systems, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-15 09:52 - 2018-02-15 09:52 - 000028416 _____ C:\Users\Matt\Desktop\FRST.txt
2018-02-15 09:51 - 2018-02-15 09:52 - 000000000 ____D C:\FRST
2018-02-15 09:50 - 2018-02-15 09:50 - 002405376 _____ (Farbar) C:\Users\Matt\Desktop\FRST64.exe
2018-02-15 09:25 - 2018-02-15 09:27 - 000000000 ____D C:\Users\Matt\Desktop\backups
2018-02-15 08:56 - 2018-02-15 08:56 - 000000000 ____D C:\Users\Matt\Desktop\MCINTYRE TAXES 2017
2018-02-15 08:33 - 2018-02-15 08:33 - 000198704 _____ C:\Users\Matt\Downloads\TaxDocument.pdf
2018-02-15 08:32 - 2018-02-15 08:32 - 000060202 _____ C:\Users\Matt\Downloads\Tax Document.pdf
2018-02-15 07:47 - 2018-02-15 07:49 - 121337803 _____ C:\Users\Matt\Desktop\Fixing Access Annoyances.pdf
2018-02-10 09:00 - 2018-02-10 09:08 - 000000000 ____D C:\Users\Matt\Desktop\TestFolder
2018-02-10 07:44 - 2018-02-15 09:51 - 026071040 _____ C:\Users\Matt\Desktop\FacilitiesDatabaseMcIntyreEXPERIMENTAL.accdb
2018-02-09 12:52 - 2018-02-09 17:47 - 000111110 _____ C:\Users\Matt\Desktop\newbook.xlsx
2018-02-08 15:06 - 2018-02-15 09:11 - 026071040 _____ C:\Users\Matt\Desktop\FacilitiesDatabaseMcIntyreLATEST.accdb
2018-02-08 15:06 - 2018-02-08 20:09 - 000789005 _____ C:\Users\Matt\Desktop\Physical Inventory Tracker LATEST.xlsx
2018-02-08 06:09 - 2018-02-08 06:28 - 000193432 _____ C:\Users\Matt\Desktop\McIntyreInfoCard.pdf
2018-02-05 21:44 - 2018-02-05 21:44 - 000001523 _____ C:\Users\Matt\Documents\LineItemSearchForm.html
2018-02-04 10:12 - 2018-02-04 10:12 - 000010941 _____ C:\Users\Matt\Downloads\subtitles.vtt
2018-02-01 07:06 - 2018-02-01 07:06 - 000128244 _____ C:\Users\Matt\Desktop\Navy_reading_your_LES.pdf
2018-01-30 16:54 - 2018-01-30 16:54 - 000000370 _____ C:\Users\Matt\Desktop\excel_codes.txt
2018-01-27 20:50 - 2018-01-27 20:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DB Browser for SQLite
2018-01-27 20:50 - 2018-01-27 20:50 - 000000000 ____D C:\Program Files\DB Browser for SQLite
2018-01-27 18:45 - 2018-01-27 21:44 - 000000000 ____D C:\Users\Matt\Desktop\sqlite_databases
2018-01-27 18:39 - 2018-01-27 18:41 - 000000000 ____D C:\SQLite3
2018-01-26 09:36 - 2018-02-07 21:38 - 002379919 _____ C:\Users\Matt\Desktop\Python For Data.pdf
2018-01-26 08:27 - 2018-01-31 18:39 - 000003174 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-416811638-4231456509-3825418720-1001
2018-01-24 23:01 - 2018-01-24 23:01 - 000002418 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2018-01-24 23:01 - 2018-01-24 23:01 - 000002417 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2018-01-24 23:01 - 2018-01-24 23:01 - 000002381 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2018-01-24 23:01 - 2018-01-24 23:01 - 000002380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2018-01-24 23:01 - 2018-01-24 23:01 - 000002374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2018-01-24 23:01 - 2018-01-24 23:01 - 000002368 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2018-01-24 23:01 - 2018-01-24 23:01 - 000002360 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-01-24 23:01 - 2018-01-24 23:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-01-24 23:00 - 2018-02-09 07:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-24 23:00 - 2018-01-24 22:52 - 021543568 _____ C:\Windows\MSYH.tt2
2018-01-24 23:00 - 2018-01-24 22:52 - 021302624 _____ C:\Windows\MSJH.tt2
2018-01-24 23:00 - 2018-01-24 22:52 - 014381616 _____ C:\Windows\MSYHBD.tt2
2018-01-24 23:00 - 2018-01-24 22:52 - 014343024 _____ C:\Windows\MSJHBD.tt2
2018-01-24 23:00 - 2018-01-24 22:52 - 000247348 _____ C:\Windows\MSUIGHUB.tt2
2018-01-24 22:47 - 2018-01-24 22:47 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-01-24 17:15 - 2016-07-22 09:58 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2018-01-24 17:15 - 2016-07-22 09:51 - 000123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2018-01-24 17:08 - 2018-02-13 11:34 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-01-24 16:41 - 2017-12-29 03:39 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-01-24 16:40 - 2017-12-31 21:21 - 005581544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-01-24 16:40 - 2017-12-31 21:21 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-01-24 16:40 - 2017-12-31 21:21 - 000948968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-01-24 16:40 - 2017-12-31 21:21 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-01-24 16:40 - 2017-12-31 21:21 - 000288488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2018-01-24 16:40 - 2017-12-31 21:21 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-01-24 16:40 - 2017-12-31 21:21 - 000213736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2018-01-24 16:40 - 2017-12-31 21:21 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-01-24 16:40 - 2017-12-31 21:21 - 000114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-01-24 16:40 - 2017-12-31 21:21 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-01-24 16:40 - 2017-12-31 21:19 - 001665384 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 014183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 002004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 001741312 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 001110528 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000977408 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000961024 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000863232 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2018-01-24 16:40 - 2017-12-31 21:18 - 000842752 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000705024 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2018-01-24 16:40 - 2017-12-31 21:18 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000473600 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000439296 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000366592 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2018-01-24 16:40 - 2017-12-31 21:18 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000264704 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000120320 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\ndptsp.tsp
2018-01-24 16:40 - 2017-12-31 21:18 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2018-01-24 16:40 - 2017-12-31 21:18 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\traffic.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapPeerProxy.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapAuthProxy.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\wshqos.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wshnetbs.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-01-24 16:40 - 2017-12-31 21:13 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-01-24 16:40 - 2017-12-31 21:04 - 000559616 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2018-01-24 16:40 - 2017-12-31 21:02 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 001390080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2P.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2018-01-24 16:40 - 2017-12-31 21:00 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWCN.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ndptsp.tsp
2018-01-24 16:40 - 2017-12-31 21:00 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\traffic.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:55 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2018-01-24 16:40 - 2017-12-31 20:55 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2018-01-24 16:40 - 2017-12-31 20:55 - 000058368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2018-01-24 16:40 - 2017-12-31 20:55 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
2018-01-24 16:40 - 2017-12-31 20:55 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2018-01-24 16:40 - 2017-12-31 20:54 - 004013800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-01-24 16:40 - 2017-12-31 20:54 - 003959016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-01-24 16:40 - 2017-12-31 20:54 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-01-24 16:40 - 2017-12-31 20:50 - 000455680 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2018-01-24 16:40 - 2017-12-31 20:49 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-01-24 16:40 - 2017-12-31 20:49 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-01-24 16:40 - 2017-12-31 20:49 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-01-24 16:40 - 2017-12-31 20:49 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-01-24 16:40 - 2017-12-31 20:46 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-01-24 16:40 - 2017-12-31 20:45 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-01-24 16:40 - 2017-12-31 20:43 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
2018-01-24 16:40 - 2017-12-31 20:43 - 000038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2018-01-24 16:40 - 2017-12-31 20:43 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2018-01-24 16:40 - 2017-12-31 20:43 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2018-01-24 16:40 - 2017-12-31 20:43 - 000020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapPeerProxy.dll
2018-01-24 16:40 - 2017-12-31 20:43 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapAuthProxy.dll
2018-01-24 16:40 - 2017-12-31 20:43 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2018-01-24 16:40 - 2017-12-31 20:43 - 000013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshqos.dll
2018-01-24 16:40 - 2017-12-31 20:42 - 000460288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-01-24 16:40 - 2017-12-31 20:42 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-01-24 16:40 - 2017-12-31 20:42 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-01-24 16:40 - 2017-12-31 20:42 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-01-24 16:40 - 2017-12-31 20:41 - 000754176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-01-24 16:40 - 2017-12-31 20:41 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-01-24 16:40 - 2017-12-31 20:41 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-01-24 16:40 - 2017-12-31 20:41 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-01-24 16:40 - 2017-12-31 20:41 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-01-24 16:40 - 2017-12-31 20:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-01-24 16:40 - 2017-12-31 20:41 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-01-24 16:40 - 2017-12-31 20:39 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-01-24 16:40 - 2017-12-31 20:36 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-01-24 16:40 - 2017-12-31 20:36 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-01-24 16:40 - 2017-12-31 20:36 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-01-24 16:40 - 2017-12-31 20:36 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-01-24 16:40 - 2017-12-31 20:35 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-01-24 16:40 - 2017-12-31 20:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-01-24 16:40 - 2017-12-30 02:29 - 000395968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-01-24 16:40 - 2017-12-30 01:42 - 000347328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-01-24 16:40 - 2017-12-29 13:39 - 020274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-01-24 16:40 - 2017-12-29 13:24 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-01-24 16:40 - 2017-12-29 13:13 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-01-24 16:40 - 2017-12-29 13:13 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-01-24 16:40 - 2017-12-29 13:12 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-01-24 16:40 - 2017-12-29 13:12 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-01-24 16:40 - 2017-12-29 13:11 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-01-24 16:40 - 2017-12-29 13:09 - 002294272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-01-24 16:40 - 2017-12-29 13:06 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-01-24 16:40 - 2017-12-29 13:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-01-24 16:40 - 2017-12-29 13:04 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-01-24 16:40 - 2017-12-29 13:03 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-01-24 16:40 - 2017-12-29 13:03 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-01-24 16:40 - 2017-12-29 13:03 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-01-24 16:40 - 2017-12-29 12:55 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-01-24 16:40 - 2017-12-29 12:51 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-01-24 16:40 - 2017-12-29 12:50 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-01-24 16:40 - 2017-12-29 12:50 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-01-24 16:40 - 2017-12-29 12:47 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-01-24 16:40 - 2017-12-29 12:47 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-01-24 16:40 - 2017-12-29 12:46 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-01-24 16:40 - 2017-12-29 12:45 - 004508160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-01-24 16:40 - 2017-12-29 12:44 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-01-24 16:40 - 2017-12-29 12:39 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-01-24 16:40 - 2017-12-29 12:38 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-01-24 16:40 - 2017-12-29 12:38 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-01-24 16:40 - 2017-12-29 12:37 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-01-24 16:40 - 2017-12-29 12:36 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-01-24 16:40 - 2017-12-29 12:19 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-01-24 16:40 - 2017-12-29 12:15 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-01-24 16:40 - 2017-12-29 12:13 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-01-24 16:40 - 2017-12-29 04:15 - 025737728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-01-24 16:40 - 2017-12-29 04:04 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-01-24 16:40 - 2017-12-29 04:04 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-01-24 16:40 - 2017-12-29 03:52 - 002900480 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-01-24 16:40 - 2017-12-29 03:51 - 005796352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-01-24 16:40 - 2017-12-29 03:51 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-01-24 16:40 - 2017-12-29 03:50 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-01-24 16:40 - 2017-12-29 03:50 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-01-24 16:40 - 2017-12-29 03:50 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-01-24 16:40 - 2017-12-29 03:50 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-01-24 16:40 - 2017-12-29 03:44 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-01-24 16:40 - 2017-12-29 03:43 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-01-24 16:40 - 2017-12-29 03:40 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-01-24 16:40 - 2017-12-29 03:39 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-01-24 16:40 - 2017-12-29 03:39 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-01-24 16:40 - 2017-12-29 03:39 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-01-24 16:40 - 2017-12-29 03:32 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-01-24 16:40 - 2017-12-29 03:28 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-01-24 16:40 - 2017-12-29 03:22 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-01-24 16:40 - 2017-12-29 03:22 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-01-24 16:40 - 2017-12-29 03:21 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-01-24 16:40 - 2017-12-29 03:18 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-01-24 16:40 - 2017-12-29 03:18 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-01-24 16:40 - 2017-12-29 03:16 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-01-24 16:40 - 2017-12-29 03:14 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-01-24 16:40 - 2017-12-29 03:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-01-24 16:40 - 2017-12-29 03:04 - 015284224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-01-24 16:40 - 2017-12-29 03:03 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-01-24 16:40 - 2017-12-29 03:03 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-01-24 16:40 - 2017-12-29 03:01 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-01-24 16:40 - 2017-12-29 03:01 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-01-24 16:40 - 2017-12-29 02:50 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-01-24 16:40 - 2017-12-29 02:39 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-01-24 16:40 - 2017-12-29 02:27 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-01-24 16:40 - 2017-12-21 01:27 - 000634312 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-01-24 16:40 - 2017-12-13 11:31 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-01-24 16:40 - 2017-12-13 11:27 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-01-24 16:40 - 2017-12-13 11:27 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-01-24 16:40 - 2017-12-13 11:27 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-01-24 16:40 - 2017-12-13 11:27 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-01-24 16:40 - 2017-12-13 11:15 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-01-24 16:40 - 2017-12-13 11:11 - 000071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-01-24 16:40 - 2017-12-13 11:11 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-01-24 16:40 - 2017-12-13 11:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-01-24 16:40 - 2017-12-13 10:50 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-01-24 16:40 - 2017-12-05 12:36 - 000625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2018-01-24 16:40 - 2017-12-05 12:36 - 000250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2018-01-24 16:40 - 2017-12-05 12:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2018-01-24 16:40 - 2017-12-05 12:08 - 000481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2018-01-24 16:40 - 2017-12-05 12:08 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2018-01-24 16:40 - 2017-12-05 10:59 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-01-24 16:40 - 2017-12-05 10:49 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2018-01-24 16:40 - 2017-11-07 11:31 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-01-24 16:40 - 2017-11-07 11:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-01-24 16:40 - 2017-11-04 10:31 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-01-24 16:40 - 2017-11-04 10:31 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-01-24 16:40 - 2017-11-04 10:10 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2018-01-24 16:40 - 2017-11-04 10:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-01-24 16:40 - 2017-11-02 11:55 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2018-01-24 16:40 - 2017-11-02 11:55 - 000138240 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll
2018-01-24 16:40 - 2017-11-02 11:55 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2018-01-24 16:40 - 2017-11-02 11:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll
2018-01-24 16:40 - 2017-11-02 10:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2018-01-24 16:40 - 2017-11-02 10:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtm.dll
2018-01-24 16:40 - 2017-11-02 10:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2018-01-24 16:40 - 2017-11-02 09:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtprio.dll
2018-01-24 16:40 - 2017-10-16 18:04 - 001001984 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2018-01-24 16:40 - 2017-10-16 17:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2018-01-24 16:40 - 2017-10-11 19:20 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2018-01-24 16:31 - 2018-01-24 16:31 - 000000000 ____D C:\Users\Matt\Documents\ProcAlyzer Dumps
2018-01-24 16:25 - 2018-02-10 07:43 - 000000000 ____D C:\Users\Matt\Desktop\628 CES
2018-01-24 16:17 - 2018-02-02 16:10 - 000000000 ____D C:\Users\Matt\Desktop\old
2018-01-24 16:09 - 2018-01-24 23:33 - 000007610 _____ C:\Users\Matt\AppData\Local\resmon.resmoncfg
2018-01-24 15:51 - 2009-06-10 16:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20180124-155142.backup
2018-01-24 11:26 - 2018-01-24 11:26 - 000000158 _____ C:\Windows\wininit.ini
2018-01-24 07:31 - 2018-01-24 07:31 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2018-01-24 07:30 - 2018-01-24 17:56 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-01-24 07:30 - 2018-01-24 15:50 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-01-24 07:30 - 2018-01-24 07:30 - 000001393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2018-01-24 07:30 - 2018-01-24 07:30 - 000001381 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2018-01-24 07:30 - 2018-01-24 07:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2018-01-24 07:30 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2018-01-23 21:13 - 2018-01-23 21:13 - 000000005 _____ C:\Windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp
2018-01-23 21:09 - 2018-02-09 07:23 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-01-23 20:44 - 2018-01-23 20:44 - 000388608 _____ (Trend Micro Inc.) C:\Users\Matt\Desktop\HijackThis.exe
2018-01-22 13:50 - 2018-01-27 18:09 - 001217536 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2018-01-22 13:50 - 2018-01-27 18:09 - 000005506 _____ C:\Windows\system32\sqlite3.def
2018-01-20 19:25 - 2018-01-23 21:14 - 000000008 __RSH C:\ProgramData\ntuser.pol
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-15 07:55 - 2012-09-04 22:50 - 000000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-416811638-4231456509-3825418720-1001UA.job
2018-02-15 07:19 - 2009-07-13 23:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-15 07:19 - 2009-07-13 23:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-14 22:55 - 2012-09-04 22:50 - 000000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-416811638-4231456509-3825418720-1001Core.job
2018-02-07 21:37 - 2015-03-12 21:16 - 000000000 ____D C:\Users\Matt\.spyder2
2018-02-06 19:49 - 2013-07-09 13:47 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-02-06 19:49 - 2012-06-15 09:46 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-02-06 19:49 - 2012-06-15 09:46 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-06 19:48 - 2012-06-15 09:46 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-02-06 19:48 - 2012-06-15 09:46 - 000000000 ____D C:\Windows\system32\Macromed
2018-02-05 21:52 - 2015-12-05 00:01 - 000000000 ____D C:\Users\Matt\Documents\2015 END
2018-02-05 21:51 - 2016-05-11 08:39 - 000000000 ____D C:\Users\Matt\Documents\New folder
2018-02-04 19:21 - 2015-01-21 10:41 - 000000000 ____D C:\Users\Matt\Documents\Python Scripts
2018-02-02 15:58 - 2015-03-12 21:15 - 000000000 ____D C:\Users\Matt\.matplotlib
2018-02-01 07:09 - 2016-03-24 20:35 - 000000000 ____D C:\ProgramData\CanonIJPLM
2018-01-31 18:39 - 2015-06-28 08:41 - 000000000 ___RD C:\Users\Matt\OneDrive
2018-01-31 18:38 - 2015-06-28 08:41 - 000002117 _____ C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2018-01-27 20:52 - 2017-01-18 00:06 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-27 19:50 - 2012-09-04 19:56 - 000000000 ____D C:\Users\Matt
2018-01-25 22:21 - 2012-09-04 19:57 - 000165024 _____ C:\Users\Matt\AppData\Local\GDIPFONTCACHEV1.DAT
2018-01-25 10:15 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2018-01-24 23:05 - 2015-06-28 08:41 - 000002102 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2018-01-24 23:05 - 2015-06-28 08:41 - 000002102 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2018-01-24 23:05 - 2015-06-28 08:41 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2018-01-24 22:59 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-01-24 22:47 - 2009-07-13 22:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-01-24 17:58 - 2012-12-08 22:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2018-01-24 17:50 - 2009-07-14 00:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-24 17:42 - 2012-06-15 11:38 - 000000000 ____D C:\ProgramData\NVIDIA
2018-01-24 17:42 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-24 17:27 - 2013-08-28 17:19 - 000000000 ____D C:\Users\Matt\AppData\Roaming\Mozilla
2018-01-24 17:27 - 2012-09-04 20:20 - 000000000 ____D C:\Users\Matt\AppData\Local\Google
2018-01-24 17:25 - 2012-11-06 20:09 - 000000000 ____D C:\Program Files (x86)\DjVuZone
2018-01-24 17:25 - 2012-09-04 23:23 - 000000000 ____D C:\Program Files (x86)\Google
2018-01-24 17:23 - 2012-09-20 16:04 - 000000000 ____D C:\Program Files (x86)\epson
2018-01-24 17:23 - 2012-06-15 10:01 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-01-24 17:05 - 2012-10-05 16:12 - 000000000 ___RD C:\Users\Matt\Podcasts
2018-01-24 17:03 - 2009-07-13 23:45 - 000572992 _____ C:\Windows\system32\FNTCACHE.DAT
2018-01-24 16:56 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\SysWOW64\Setup
2018-01-24 16:56 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\Setup
2018-01-24 16:52 - 2013-07-18 13:33 - 000000000 ____D C:\Windows\system32\MRT
2018-01-24 16:47 - 2017-11-14 20:53 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-01-24 16:47 - 2012-09-16 11:30 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-01-24 16:43 - 2011-02-10 11:10 - 000775084 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-01-24 16:06 - 2012-06-15 09:43 - 000000000 ____D C:\Users\UpdatusUser
2018-01-24 15:51 - 2009-07-13 21:34 - 000454512 ____R C:\Windows\system32\Drivers\etc\hosts.20180215-084637.backup
2018-01-24 07:13 - 2006-07-05 16:12 - 000186880 _____ (CEXX.ORG) C:\Users\Matt\Desktop\LSPFix.exe
2018-01-23 21:38 - 2010-11-21 02:16 - 000000000 ____D C:\Windows\ShellNew
2018-01-23 21:37 - 2012-09-20 10:34 - 000000000 ____D C:\ProgramData\Tarma Installer
2018-01-23 21:16 - 2017-01-18 00:08 - 000000000 ____D C:\ProgramData\Garmin
2018-01-23 21:16 - 2017-01-18 00:07 - 000000000 ____D C:\Program Files (x86)\Garmin
2018-01-23 21:15 - 2017-07-04 11:29 - 000000000 ____D C:\Program Files (x86)\OpenTX
2018-01-23 21:13 - 2017-10-29 10:28 - 000000000 ____D C:\Users\Matt\AppData\Roaming\HTC
2018-01-23 21:13 - 2017-10-29 10:27 - 000000000 ____D C:\Users\Matt\AppData\Local\HTC MediaHub
2018-01-23 21:13 - 2017-10-29 10:26 - 000000000 ____D C:\ProgramData\HTC
2018-01-23 21:13 - 2017-10-29 10:23 - 000000000 ____D C:\Program Files (x86)\HTC
2018-01-23 21:11 - 2012-12-08 22:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2018-01-23 21:00 - 2017-07-29 18:11 - 000000000 ____D C:\Windows\Driver Cache
2018-01-23 20:44 - 2012-09-04 19:57 - 000000000 ____D C:\Users\Matt\AppData\Local\VirtualStore
2018-01-23 13:58 - 2010-11-20 22:27 - 000548000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-01-21 16:41 - 2012-09-06 00:09 - 000000000 ____D C:\Users\Matt\.VirtualBox
2018-01-20 19:25 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2018-01-17 00:38 - 2018-01-15 20:26 - 000000000 ____D C:\Users\Matt\AppData\Roaming\FreeCAD
 
==================== Files in the root of some directories =======
 
2012-09-20 10:35 - 2012-09-20 10:35 - 000033958 _____ () C:\ProgramData\uninstaller.exe
2012-09-04 19:59 - 2012-09-04 20:10 - 000002610 _____ () C:\Users\Matt\AppData\Roaming\AbsoluteReminder.xml
2012-10-25 12:27 - 2012-11-29 13:56 - 000011776 _____ () C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-20 10:34 - 2012-09-20 10:34 - 000031465 _____ () C:\Users\Matt\AppData\Local\funmoods.crx
2013-09-07 12:36 - 2013-09-07 12:36 - 000000218 _____ () C:\Users\Matt\AppData\Local\recently-used.xbel
2018-01-24 16:09 - 2018-01-24 23:33 - 000007610 _____ () C:\Users\Matt\AppData\Local\resmon.resmoncfg
 
Some files in TEMP:
====================
2010-03-16 09:11 - 2010-03-16 09:11 - 000149352 ____R (Microsoft Corporation) C:\Users\Matt\AppData\Local\Temp\ose00000.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-02-08 07:02
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12.02.2018
Ran by Matt (15-02-2018 09:53:09)
Running from C:\Users\Matt\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-09-05 00:57:11)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-416811638-4231456509-3825418720-500 - Administrator - Disabled)
Guest (S-1-5-21-416811638-4231456509-3825418720-501 - Limited - Disabled)
Matt (S-1-5-21-416811638-4231456509-3825418720-1001 - Administrator - Enabled) => C:\Users\Matt
UpdatusUser (S-1-5-21-416811638-4231456509-3825418720-1000 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
AutoCAD 2013 - English (HKLM\...\{5783F2D7-B001-0000-0102-0060B0CE6BBA}) (Version: 19.0.114.0 - Autodesk) Hidden
AutoCAD 2013 - English (HKLM\...\{5783F2D7-B001-0409-2102-0060B0CE6BBA}) (Version: 19.0.55.0 - Autodesk) Hidden
AutoCAD 2013 - English (HKLM\...\AutoCAD 2013 - English) (Version: 19.0.55.0 - Autodesk)
AutoCAD 2013 - English SP1.1 (HKLM\...\AutoCAD 2013 - English SP1.1) (Version: 1 - Autodesk)
AutoCAD 2013 Language Pack - English (HKLM\...\{5783F2D7-B001-0409-1102-0060B0CE6BBA}) (Version: 19.0.55.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\{62F029AB-85F2-0000-866A-9FC0DD99DDBC}) (Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.0.84.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM-x32\...\{62F029AB-85F2-0001-866A-9FC0DD99DDBC}) (Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Inventor Fusion 2013 (HKLM\...\{FFF5619F-2013-0064-A85E-9994F70A9E5D}) (Version: 2.0.0.206 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion 2013 (HKLM\...\Autodesk Inventor Fusion 2013) (Version: 2.0.0.206 - Autodesk, Inc.)
Autodesk Inventor Fusion plug-in for AutoCAD 2013 (HKLM\...\{82C1E6E4-6718-4EFD-9DCC-E276D690EF46}) (Version: 0.2.0.230 - Autodesk) Hidden
Autodesk Inventor Fusion plug-in for AutoCAD 2013 (HKLM\...\Autodesk Inventor Fusion plug-in for AutoCAD 2013) (Version: 0.2.0.230 - Autodesk)
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013 (HKLM\...\{FE2F4875-095C-427C-9A97-4F8DE05ACF22}) (Version: 0.2.0.230 - Autodesk) Hidden
Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Sync (HKLM\...\{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.102.0 - Autodesk, Inc.)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.02 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MX420 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX420_series) (Version:  - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.3.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.2.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.6.1 - Canon Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05187 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{CC3BBF96-7A4C-4B1D-B34D-6AC88CE46C6C}) (Version: 3.1.05187 - Cisco Systems, Inc.) Hidden
Computer-Aided Thermodynamic Tables 3 (HKLM-x32\...\Catt3) (Version:  - )
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DB Browser for SQLite (HKLM-x32\...\DB Browser for SQLite) (Version: 3.10.1 - DB Browser for SQLite Team)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 15.3.45.91 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version:  - )
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
Fences (HKLM\...\{10CD364B-FFCC-48BE-B469-B9622A033075}) (Version: 1.0 - Stardock Corporation) Hidden
Fences (HKLM-x32\...\Fences) (Version:  - Stardock Corporation)
Geant4 9.6 (HKLM-x32\...\Geant4 9.6) (Version: 9.6.1 - Geant4 Collaboration)
Google Chrome (HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Drive (HKLM-x32\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.)
Google Gmail Notifier (HKLM-x32\...\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}) (Version:  - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Gtk+ Runtime Environment 2.6.8-rc1 (HKLM-x32\...\Gtk+ Runtime Environment) (Version: 2.6.8-rc1 - )
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2653 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}) (Version: 2.1.1.0153 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1021 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® WiDi (HKLM\...\{4E4282C3-F66E-4852-837A-7675527178C2}) (Version: 3.1.26.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Music device driver (HKLM\...\{4169B8AC-D144-4E38-A9CA-637EA44129ED}) (Version: 1.5.5323.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{54EB8041-1115-4406-AA4B-44D236E84B3B}) (Version: 15.01.1000.0927 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KingUpdater (HKLM-x32\...\{52ADEF6D-B288-4E6A-9B72-D77663B1220E}) (Version: 1.00.0000 - CenTech) Hidden
KingUpdater (HKLM-x32\...\InstallShield_{52ADEF6D-B288-4E6A-9B72-D77663B1220E}) (Version: 1.00.0000 - CenTech)
Mathematica Extras 8.0 (2609412) (HKLM\...\A-WIN-Extras 8.0.4 2609412_is1) (Version: 8.0.4 - Wolfram Research, Inc.)
MATLAB Student R2010a (HKLM-x32\...\MatlabR2010a) (Version: 7.10 - The MathWorks, Inc.)
Maxima 5.26.0 (HKLM-x32\...\Maxima-5.26.0_is1) (Version: 5.26.0 - The Maxima Development Team)
MCNP DATA (HKLM-x32\...\{F64EEEF1-231C-48A0-8C2C-E9248D46BF51}) (Version: July 2011 - )
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9001.2138 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Broadband Generic Drivers (HKLM-x32\...\{EA5BA1B6-38D7-4A8F-B623-8A587AF1D34F}) (Version: 2.03.03.002.17 - Novatel Wireless) Hidden
Mobile Broadband Generic Drivers (HKLM-x32\...\Mobile Broadband Generic Drivers) (Version: 2.03.03.002.17 - Novatel Wireless)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA 3D Vision Driver 296.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 296.01 - NVIDIA Corporation)
NVIDIA Graphics Driver 296.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.01 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.7.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.12 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9001.2138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9001.2138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9001.2138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9001.2138 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Oracle VM VirtualBox 4.2.6 (HKLM\...\{A8A0B1C1-FBC7-4790-8E26-9DA1A6A95452}) (Version: 4.2.6 - Oracle Corporation)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
Python 2.7.8 (Anaconda 2.1.0 64-bit) (HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\Python 2.7.8 (Anaconda 2.1.0 64-bit)) (Version: 2.1.0 - Continuum Analytics, Inc.) <==== ATTENTION
Python 3.2.3 (64-bit) (HKLM\...\{789C9644-9F82-44d3-B4CA-AC31F46F5883}) (Version: 3.2.3150 - Python Software Foundation)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.14.009 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6606 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.28094 - Realtek Semiconductor Corp.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.11.0018 - ST Microelectronics)
TeXnicCenter Version 2.02 Stable (HKLM\...\TeXnicCenter_is1) (Version: 2.02 Stable - The TeXnicCenter Team)
TiEmu 3.03 No Gdb (HKLM-x32\...\TiEmu3-gdb_is1) (Version:  - The TiEmu Team)
Virtual COM Port Driver (HKLM-x32\...\{9853299F-7AD8-4560-9896-60650BD8ACBF}) (Version: 1.3.1 - STMicroelectronics) Hidden
Virtual COM Port Driver (HKLM-x32\...\InstallShield_{9853299F-7AD8-4560-9896-60650BD8ACBF}) (Version: 1.3.1 - STMicroelectronics)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinEdt 8 (HKLM\...\WinEdt 8) (Version: 8.1 - WinEdt Team)
Wolfram CDF Player (M-WIN-D 8.0.4 2609533) (HKLM-x32\...\M-WIN-D 8.0.4 2609533_is1) (Version: 8.0.4 - Wolfram Research, Inc.)
Zint (HKLM-x32\...\Zint) (Version: 2.4.3.0 - Robin Stuart & BogDan Vatra)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Matt\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2013\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2012-02-06] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2012-02-06] (Autodesk)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2014-05-12] ()
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2015-04-30] (Microsoft Corporation)
ContextMenuHandlers1: [FencesShellExt] -> {1984DD45-52CF-49cd-AB77-18F378FEA264} => C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll [2010-06-22] (Stardock)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2015-04-30] (Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2015-04-30] (Microsoft Corporation)
ContextMenuHandlers4: [FencesShellExt] -> {1984DD45-52CF-49cd-AB77-18F378FEA264} => C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll [2010-06-22] (Stardock)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers5: [FencesShellExt] -> {1984DD45-52CF-49cd-AB77-18F378FEA264} => C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll [2010-06-22] (Stardock)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-02-14] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2012-02-25] (NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.)
ContextMenuHandlers6: [FencesShellExt] -> {1984DD45-52CF-49cd-AB77-18F378FEA264} => C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll [2010-06-22] (Stardock)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0542E9BC-C09B-4DEE-8008-E4FDFF74F86E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-06] (Adobe Systems Incorporated)
Task: {0C819FFF-9D19-4E97-941E-E8D27083CE32} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {177EDAEA-6B5A-4AC6-8EAE-9A66D647D9C3} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-02-06] (Microsoft Corporation)
Task: {2B381812-F88D-4226-BB23-1A1A1A22E673} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {3C9EC03D-ECED-454A-891B-7FA564287565} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-01-30] (Microsoft Corporation)
Task: {4928A571-D878-4345-AAD5-89912D62B453} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\MATLAB\R2010a Student\MATLAB R2010a Student.lnk [Argument = -sd $documents\MATLAB -r "setenv('PATH', ['C:\GTK\bin;C:\MCNP\mcnp5\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\Intel\iCLS Client\;c:\Program Files\Intel\iCLS Client\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\MATLAB\R2010a Student\bin']);"]
Task: {4D1520A5-7BCF-437F-9EB7-7B6107A4E523} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-416811638-4231456509-3825418720-1001Core => C:\Users\Matt\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {53C08900-53D6-4FCD-9A48-F7C86C75F90E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks [Argument = /run /TN "\Microsoft\Windows\Setup\gwx\refreshgwxconfig"]
Task: {6043938C-EFB6-4C7F-A6C1-ECD319EAB533} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-416811638-4231456509-3825418720-1001UA => C:\Users\Matt\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {88F313DB-83DA-4F17-9190-A11AA4E54F4E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-416811638-4231456509-3825418720-1001Core => C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {8F48800D-65A4-45AB-862B-585A24A5A75F} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate
Task: {8F48800D-65A4-45AB-862B-585A24A5A75F} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(2): %windir%\system32\rundll32.exe -> invagent.dll,RunUpdate -noappraiser
Task: {9E86C2B8-821D-4541-9338-4ABE97366476} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-02-06] (Intel)
Task: {A1C7A05D-D6A4-46F0-8DDC-A8152E4F6EDB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-416811638-4231456509-3825418720-1001UA => C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {AF3E0992-CE8D-40BB-8457-B37CC9E6438A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-02-06] (Microsoft Corporation)
Task: {B1C46434-EC47-401D-929A-D15AFE1CB1D1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-01-17] (Adobe Systems Incorporated)
Task: {BC6D28F1-2C64-4DAC-8993-708FAD7A442A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C22E433F-5553-401A-98E2-CF4E9FACE612} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-01-30] (Microsoft Corporation)
Task: {CA6863F1-B8E9-4F0D-B017-1ABB670B3F01} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {D478B054-5047-43D0-AE24-0121789B50B1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-02-06] (Microsoft Corporation)
Task: {D9B1428F-3CAF-4FB2-A31C-0CD9A7953191} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(2): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate -nolegacy
Task: {D9B1428F-3CAF-4FB2-A31C-0CD9A7953191} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(3): %windir%\system32\rundll32.exe -> appraiser.dll,DoScheduledTelemetryRun
Task: {DA136E37-7B2F-4A35-955F-062C3BA6A65B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {E31C746D-0D1C-4461-9B07-768FA2742AAA} - System32\Tasks\{944A96DE-0ACF-4A76-B0C9-991E38F2169C} => C:\Windows\system32\pcalua.exe -a C:\Users\Matt\Downloads\VirtualBox-4.2.6-82870-Win.exe -d C:\Users\Matt\Downloads
Task: {EAE44E51-F575-4D1D-BA8A-C004EEABD30F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-416811638-4231456509-3825418720-1001Core.job => C:\Users\Matt\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-416811638-4231456509-3825418720-1001UA.job => C:\Users\Matt\AppData\Local\Facebook\Update\FacebookUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda (64-bit)\Anaconda Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Users\Matt\Anaconda\Scripts\anaconda.bat"
ShortcutWithArgument: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda (64-bit)\Wakari (in the cloud).lnk -> C:\Users\Matt\Anaconda\pythonw.exe () -> -m webbrowser -t "hxxps://www.wakari.io/"
ShortcutWithArgument: C:\Users\Matt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Anaconda Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Users\Matt\Anaconda\Scripts\anaconda.bat"
ShortcutWithArgument: C:\Users\Matt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b2375b5d5fd7d5ac\Google Chrome.lnk -> C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-12-02 12:52 - 2014-12-02 12:52 - 000029184 _____ () C:\Windows\System32\ssm4mlm.dll
2017-09-01 01:49 - 2017-09-01 01:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-09-01 01:49 - 2017-09-01 01:49 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-24 20:35 - 2013-05-14 17:50 - 000140936 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-05-12 04:49 - 2014-05-12 04:49 - 000222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2012-06-15 11:13 - 2012-02-14 11:53 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-09-11 13:45 - 2017-09-11 13:45 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2017-09-11 13:45 - 2017-09-11 13:45 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2018-01-05 15:28 - 2018-01-03 04:20 - 004063064 _____ () C:\Users\Matt\AppData\Local\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-05 15:28 - 2018-01-03 04:20 - 000099672 _____ () C:\Users\Matt\AppData\Local\Google\Chrome\Application\63.0.3239.132\libegl.dll
2014-10-16 00:48 - 2014-10-16 00:48 - 000063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2018-01-24 07:30 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2018-01-24 07:30 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2018-01-24 07:30 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2018-01-24 07:30 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2018-01-24 16:53 - 2018-01-24 16:53 - 000172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\6673ce6dac4d89de35948e2f0390d97b\IsdiInterop.ni.dll
2012-06-15 10:03 - 2011-11-29 20:00 - 000059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-06-15 10:02 - 2012-02-01 16:44 - 001198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-416811638-4231456509-3825418720-1001\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7936 more sites.
 
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1000\...\123simsen.com -> www.123simsen.com
 
There are 7936 more sites.
 
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\123simsen.com -> www.123simsen.com
 
There are 7936 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2018-02-15 08:46 - 000454512 ____R C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15600 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-416811638-4231456509-3825418720-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\startupfolder: C:^Users^Matt^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk => C:\Windows\pss\Facebook Messenger.lnk.Startup
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: Epson Stylus NX430(Network) => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE /FU "C:\Users\Matt\AppData\Local\Temp\E_SA26C.tmp" /EF "HKCU"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Matt\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{903EB530-EC6B-4E92-8313-350030BB38F7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{205CD947-2F64-44E7-9AA8-AA8DF8DE795B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{E4E3ECA7-C3ED-46E6-B87A-83E220700F86}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{83D692A5-A270-4BA4-849B-D0056C46A325}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{7297DFE7-7B49-4422-8D2A-842A55F8DAC3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F4E9575E-5FDE-4729-BA70-A75FCC3D4ECD}] => (Allow) LPort=2869
FirewallRules: [{D01DD5F3-318E-46BB-9A90-0FAB67E80153}] => (Allow) LPort=1900
FirewallRules: [{C44A25DF-9D30-4F76-A3EE-D7AF776561FA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F61D8032-ED5B-4B29-BB10-24EE955837E5}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{1B1D8426-2EE9-4F87-AADF-28D4B3871775}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{EFB7590B-FF18-4B6C-84BC-C14AA96F5099}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{3A43095E-38EE-412A-8A30-ABDB08386ABF}] => (Allow) LPort=50248
FirewallRules: [TCP Query User{C157C923-459E-4AE5-892E-6805C9BCC5AF}C:\cygwin\bin\xwin.exe] => (Allow) C:\cygwin\bin\xwin.exe
FirewallRules: [UDP Query User{9B0CBC25-B723-48E2-BBA2-938B52BF18B1}C:\cygwin\bin\xwin.exe] => (Allow) C:\cygwin\bin\xwin.exe
FirewallRules: [{FFB24DC8-876E-4ADE-813A-A2248E819147}] => (Allow) C:\Users\Matt\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{93B6DDC4-2FC4-4F9B-9BB0-1B16884C3F18}] => (Allow) C:\Users\Matt\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [TCP Query User{A42C1EA1-FC2F-4DC4-B6CC-71A58CC4D965}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{634B527B-1831-4FF0-AAD6-FB0145FE400B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{CA8AAE0D-D50B-410B-B2B0-9051CF3FCF83}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{6510DB6A-B473-4FD9-BF4F-4A125B58E2B2}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{492DBD63-CD1D-49A0-8F0C-561A7878049E}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\8.0\WolframCDFPlayer.exe
FirewallRules: [{06FC3735-1145-487F-92F8-DB060E0D30E4}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\8.0\WolframCDFPlayer.exe
FirewallRules: [{7494DDC2-CA53-4F54-8670-DD8A775B84FE}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\8.0\math.exe
FirewallRules: [{B720DCEF-9EC8-4A0D-A5B7-DE32156C5978}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\8.0\math.exe
FirewallRules: [{6E368E32-9397-40AF-94B8-664D0EFD472B}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{546941A3-71F6-4F68-A6E1-FE44E4357A46}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{88386FAB-EEF4-4EE3-B4E7-2E031A0E69C2}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{03614D0D-0806-4A8C-A364-2176971799CF}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{00E75FCC-F5D3-473B-A3A0-810FD99F2969}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{33DB2689-4012-4252-8711-5479C5622189}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{2AEB2C53-DF8C-4B89-BD70-4FEE75872627}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{58046638-7BD3-4113-BA66-CF3F1C0C84F3}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{FD2866F5-66D4-4C42-B15C-7D40E7347C8C}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{77AAA06E-35F3-4616-9025-E70C6A0C64F9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E62DD3F5-F6AB-4E0B-9C08-EA2B4F7FDC80}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1BE0C035-BDCA-4BA5-B039-605BD848E1AE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F37F0384-00DA-445E-B2E8-9225F733DF04}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{727ACEF8-F0F1-4818-924E-2E3F8A28062F}] => (Allow) C:\Users\Matt\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [TCP Query User{CC93A81E-8E7E-4106-A7AF-A27473A1E004}C:\users\matt\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\matt\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{75653D10-8DB5-46FA-80E7-87C0D49A5292}C:\users\matt\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\matt\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{DB0D0C2D-7888-493F-A592-73084EED68A5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C4268B03-CDD6-46B9-8D7A-051C35D5F009}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
09-02-2018 08:28:09 Scheduled Checkpoint
10-02-2018 07:37:18 Windows Update
13-02-2018 11:33:17 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/15/2018 08:10:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RtkNGUI64.exe, version: 1.0.0.184, time stamp: 0x4f743b7d
Faulting module name: RtkNGUI64.exe, version: 1.0.0.184, time stamp: 0x4f743b7d
Exception code: 0xc0000005
Fault offset: 0x00000000000e7314
Faulting process id: 0x978
Faulting application start time: 0x01d3956665cb0a44
Faulting application path: C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
Faulting module path: C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
Report Id: 94d3b50c-1251-11e8-8c3a-c485080650fd
 
Error: (02/14/2018 05:59:53 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (02/13/2018 10:15:31 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 90080108).
 
Error: (02/13/2018 12:19:26 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (02/10/2018 09:11:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15101
 
Error: (02/10/2018 09:11:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15101
 
Error: (02/10/2018 09:11:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/10/2018 09:11:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14102
 
 
System errors:
=============
Error: (02/15/2018 09:28:05 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (02/15/2018 09:28:04 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (02/15/2018 09:23:23 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (02/15/2018 09:23:23 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (02/08/2018 04:31:45 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.261.885.0
 
Update Source: Microsoft Update Server
 
Update Stage: Search
 
 
Signature Type: AntiVirus
 
Update Type: Full
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: 
 
Previous Engine Version: 1.1.14500.5
 
Error code: 0x80072ee2
 
Error description: The operation timed out
 
Error: (02/08/2018 11:34:28 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (02/08/2018 06:04:44 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
 
Error: (02/01/2018 09:21:27 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3517U CPU @ 1.90GHz
Percentage of memory in use: 58%
Total physical RAM: 6568.31 MB
Available physical RAM: 2723.36 MB
Total Virtual: 13134.79 MB
Available Virtual: 8384.51 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:223.73 GB) (Free:27.56 GB) NTFS
 
\\?\Volume{17d9f959-b708-11e1-bf4c-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:18.25 GB) (Free:5.58 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 34D08F9A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=18.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=223.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=223.7 GB) - (Type=05)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 8 GB) (Disk ID: 34D08FB2)
Partition 1: (Not Active) - (Size=8 GB) - (Type=84)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:47 PM

Posted 15 February 2018 - 01:07 PM

nuclearmatt:

 
 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil.  May I address you by your first name?
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time.   Forum policy requires that I post within 48 hours after your last post, but I do endeavor to post within 24 hours of your last post.
 
I would ask that you please continue to copy and paste the contents of all requested log files directly into your replies.   Please do not use "code" or "quote" boxes.  Thank you for your anticipated cooperation.
 
I will need some time to review your FRST logs.  That could take a day or two.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#3 nuclearmatt

nuclearmatt
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:07:47 PM

Posted 15 February 2018 - 01:24 PM

Absolutely, my name is Matt.

 

Thank you so much for the help Phil, I won't run any scans, or make any changes until I hear from you again.

 

 

Very Respecfully,

 

Matt


Edited by nuclearmatt, 15 February 2018 - 01:25 PM.


#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:47 PM

Posted 15 February 2018 - 01:29 PM

Matt:

 

Thank you for your post and for permission to address you by your first name.

 

I am analyzing your FRST logs now.  I hope to post to you later today; but, if not today, tomorrow for sure.  Sometimes "real life" gets in the way! :(

 

Have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:47 PM

Posted 15 February 2018 - 02:57 PM

Matt:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: The logs show that Spybot Search & Destroy is installed on your computer. You should read this post by quietman7, one of the foremost computer security experts here at Bleeping Computer. Personally, I would not have this program on my computer. I would recommend that you uninstall it, but it is your computer. Please let me know what you decide to do. If you do uninstall it, later on I will ask for another set of FRST logs to ensure that no remnants of it are showing up in the new FRST scan logs.

.

:step2: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-416811638-4231456509-3825418720-1001 -> {352EC60E-97B3-4B61-A2CE-93917A40BDC5} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=18A4ACA3-D004-4227-A9B1-DBE41A8F7161&apn_sauid=E0D0A3EC-EFE0-4124-8DC8-D17C7BBC3C40
Toolbar: HKU\S-1-5-21-416811638-4231456509-3825418720-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Matt\AppData\Local\funmoods.crx [2012-09-20]
CHR HKU\S-1-5-21-416811638-4231456509-3825418720-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Matt\AppData\Local\funmoods.crx [2012-09-20]
CHR HKU\S-1-5-21-416811638-4231456509-3825418720-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Matt\AppData\Local\funmoods.crx [2012-09-20]
CHR HKLM-x32\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx
File: C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
2012-09-20 10:34 - 2012-09-20 10:34 - 000031465 _____ () C:\Users\Matt\AppData\Local\funmoods.crx
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Matt\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
File: C:\cygwin\bin\xwin.exe
EmptyTemp:
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#6 nuclearmatt

nuclearmatt
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:07:47 PM

Posted 15 February 2018 - 09:01 PM

Phil,

 

As per your recommendation, I uninstalled Spybot Search & Destroy. I then restarted my computer, copied the code block you provided me and ran FRST64 as an Administrator, then rebooted my computer as prompted.

 

Thank you again for your help, I truly do appreciate the time you take out to do this.

 

 

Here is the Fixlog generated:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 12.02.2018
Ran by Matt (15-02-2018 20:39:17) Run:1
Running from C:\Users\Matt\Desktop\SecurityTools
Loaded Profiles: Matt (Available Profiles: UpdatusUser & Matt)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-416811638-4231456509-3825418720-1001 -> {352EC60E-97B3-4B61-A2CE-93917A40BDC5} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=18A4ACA3-D004-4227-A9B1-DBE41A8F7161&apn_sauid=E0D0A3EC-EFE0-4124-8DC8-D17C7BBC3C40
Toolbar: HKU\S-1-5-21-416811638-4231456509-3825418720-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Matt\AppData\Local\funmoods.crx [2012-09-20]
CHR HKU\S-1-5-21-416811638-4231456509-3825418720-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Matt\AppData\Local\funmoods.crx [2012-09-20]
CHR HKU\S-1-5-21-416811638-4231456509-3825418720-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Matt\AppData\Local\funmoods.crx [2012-09-20]
CHR HKLM-x32\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx
File: C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
2012-09-20 10:34 - 2012-09-20 10:34 - 000031465 _____ () C:\Users\Matt\AppData\Local\funmoods.crx
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Matt\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
File: C:\cygwin\bin\xwin.exe
EmptyTemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => removed successfully
"HKU\S-1-5-21-416811638-4231456509-3825418720-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{352EC60E-97B3-4B61-A2CE-93917A40BDC5}" => removed successfully
HKLM\Software\Classes\CLSID\{352EC60E-97B3-4B61-A2CE-93917A40BDC5} => invalid subkey removed.
"HKU\S-1-5-21-416811638-4231456509-3825418720-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => removed successfully
HKLM\Software\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found
"HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh" => removed successfully
C:\Users\Matt\AppData\Local\funmoods.crx => moved successfully
"HKU\S-1-5-21-416811638-4231456509-3825418720-1001\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh" => removed successfully
"C:\Users\Matt\AppData\Local\funmoods.crx" => not found
"HKU\S-1-5-21-416811638-4231456509-3825418720-1001\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh" => removed successfully
"C:\Users\Matt\AppData\Local\funmoods.crx" => not found
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ccjleegmemocfpghkhpjmiccjcacackp" => removed successfully
 
========================= File: C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe ========================
 
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
File is digitally signed
MD5: BB15D361B629F50680894BFE78047D59
Creation and modification date: 2012-09-04 20:21 - 2018-01-03 04:20
Size: 001592664
Attributes: ----A
Company Name: Google Inc.
Internal Name: chrome_exe
Original Name: chrome.exe
Product: Google Chrome
Description: Google Chrome
File Version: 63.0.3239.132
Product Version: 63.0.3239.132
Copyright: Copyright 2016 Google Inc. All rights reserved.
 
====== End of File: ======
 
"C:\Users\Matt\AppData\Local\funmoods.crx" => not found
"HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => removed successfully
"HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}" => removed successfully
"HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}" => removed successfully
"HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => removed successfully
"HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}" => removed successfully
"HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}" => removed successfully
"HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => removed successfully
"HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => removed successfully
"HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => removed successfully
"HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}" => removed successfully
"HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => removed successfully
"HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => removed successfully
"HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}" => removed successfully
"HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => removed successfully
"HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => removed successfully
"HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => removed successfully
"HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => removed successfully
HKLM\Software\Classes\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found
 
========================= File: C:\cygwin\bin\xwin.exe ========================
 
C:\cygwin\bin\xwin.exe
File not signed
MD5: DDDC672CACA6593A44C48274609BF4D9
Creation and modification date: 2013-03-28 20:34 - 2013-03-09 14:12
Size: 002167325
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
====== End of File: ======
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 37269952 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 2368910 B
Edge => 0 B
Chrome => 732936636 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83391 B
systemprofile32 => 8659113 B
LocalService => 0 B
NetworkService => 142654832 B
UpdatusUser => 0 B
Matt => 154677393 B
 
RecycleBin => 252948 B
EmptyTemp: => 1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 20:43:02 ====


#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:47 PM

Posted 16 February 2018 - 12:24 PM

Matt:
 
Thank you for your post and for the copying and pasting the FRST "fixlog.txt" into your reply.  Looks good! :thumbup2:

Thank you also for your kind words. They are very much appreciated. A lot of people don't take time to thank us for volunteering our time, so I thank you for doing so!
 
As good as the FRST is, it does not detect all forms of malware, so I would like you to run some standard anti-malware scans for me.
 
.
 
:step1: ESET Online Scanner using Internet Explorer:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Then select: "Enable detection of potentially unwanted applications" - Yes.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected.

Don't forget to re-enable your antivirus when finished!

.

:step2: Please run a Malwarebytes Anti-Malware scan for me.

  • Please download Malwarebytes to your Desktop.
  • Double-click mb3-setup-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Next, please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Ensure that under "Potential Threat Protection", both switches are set to "Always Detect PUPs/PUMs (recommended).
  • Then scroll to the bottom of that page and ensure that "Automatic Quarantine" is turned "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.

The Scan log is available through History ->Application logs. Please copy and paste the contents of the log into your next reply.

.

:step3: Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait for it to complete the update.
  • Click on I Agree button.
  • Click on the Scan button.
  • AdwCleaner will begin its scan ... please be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, then make sure that you uncheck it before running the "Clean" process.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • After the scan has finished ...
  • Uncheck any PUP and adware applications that you want to keep.


If you are unsure about one or more of the detected programs, then please copy and paste the scan log, with your questions, and I will provide you with advice about those files.
The Scan logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Do not follow the remaining "Clean" instructions until directed to do so by me, if you have any questions about one or more of the detections.
If you have no questions about any of the detections, then please proceed to the "Clean" steps below.

  • Then click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Please copy and paste the contents of that logfile into your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

.

Thank you and have a great weekend. :)

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#8 nuclearmatt

nuclearmatt
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:07:47 PM

Posted 17 February 2018 - 06:25 PM

Phil,

 

I've completed the required scans, with one small variance; The first time I ran ESET I had forgotten to select "Scan Archives", so I let the first scan finish, removed the items it found, rebooted the computer, and then ran ESET again with ALL of the correct options you specified. Fortunately it turned up nothing the second time around, so the log I'm pasting into this reply is from the first time I ran ESET, so you can see what was found initially.

 

All other instructions went smoothly, I hope your weekend is going well!

 

 

 

ESET LOG:

 

C:\Users\All Users\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting
 
 
MALWAREBYTES LOG:
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 2/17/18
Scan Time: 5:25 PM
Log File: 6816af98-1431-11e8-a65c-c485080650fd.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3982
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Plasmonics\Matt
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 321043
Threats Detected: 82
Threats Quarantined: 82
Time Elapsed: 22 min, 11 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 64
PUP.Optional.WeCare, HKU\S-1-5-21-416811638-4231456509-3825418720-1001\SOFTWARE\wecarereminder, Quarantined, [3286], [190417],1.0.3982
Adware.Yontoo, HKLM\SOFTWARE\Tarma Installer, Quarantined, [136], [382206],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\funmoodsApp.appCore, Quarantined, [3343], [168018],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\funmoodsApp.appCore.1, Quarantined, [3343], [168018],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}, Quarantined, [3343], [168018],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}, Quarantined, [3343], [168018],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\TYPELIB\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}, Quarantined, [3343], [168014],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\funmoods.dskBnd, Quarantined, [3343], [168017],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\funmoods.dskBnd.1, Quarantined, [3343], [168017],1.0.3982
PUP.Optional.FunMoods, HKU\S-1-5-21-416811638-4231456509-3825418720-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, Quarantined, [3343], [168017],1.0.3982
PUP.Optional.FunMoods, HKU\S-1-5-21-416811638-4231456509-3825418720-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, Quarantined, [3343], [168017],1.0.3982
PUP.Optional.WeCare, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [3286], [169016],1.0.3982
PUP.Optional.WeCare, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [3286], [169016],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\f, Quarantined, [3343], [168021],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}, Quarantined, [3343], [168021],1.0.3982
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}, Quarantined, [3343], [168021],1.0.3982
Adware.1ClickDownload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}, Quarantined, [9908], [169918],1.0.3982
Adware.1ClickDownload, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}, Quarantined, [9908], [169918],1.0.3982
Adware.1ClickDownload, HKLM\SOFTWARE\CLASSES\APPID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}, Quarantined, [9908], [169918],1.0.3982
PUP.Optional.TopArcadeHits, HKU\S-1-5-21-416811638-4231456509-3825418720-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CF190686-9E72-403C-B99D-682ABDB63C5B}, Quarantined, [3262], [168916],1.0.3982
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 8
PUP.Optional.FunMoods, C:\Users\Matt\AppData\LocalLow\Funmoods\Funmoods\us\20101003, Quarantined, [3343], [177353],1.0.3982
PUP.Optional.FunMoods, C:\Users\Matt\AppData\LocalLow\Funmoods\Funmoods\us, Quarantined, [3343], [177353],1.0.3982
PUP.Optional.FunMoods, C:\Users\Matt\AppData\LocalLow\Funmoods\Funmoods, Quarantined, [3343], [177353],1.0.3982
PUP.Optional.FunMoods, C:\USERS\MATT\APPDATA\LOCALLOW\FUNMOODS, Quarantined, [3343], [177353],1.0.3982
PUP.Optional.WeCare, C:\PROGRAMDATA\WECAREREMINDER, Quarantined, [3286], [180446],1.0.3982
PUP.Optional.Yontoo, C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Cache, Quarantined, [30], [181476],1.0.3982
PUP.Optional.Yontoo, C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}, Quarantined, [30], [181476],1.0.3982
PUP.Optional.Yontoo, C:\PROGRAMDATA\TARMA INSTALLER, Quarantined, [30], [181476],1.0.3982
 
File: 10
PUP.Optional.FunMoods, C:\Users\Matt\AppData\LocalLow\Funmoods\Funmoods\us\20101003\kywrds.tat, Quarantined, [3343], [177353],1.0.3982
PUP.Optional.FunMoods, C:\Users\Matt\AppData\LocalLow\Funmoods\Funmoods\us\20101003\kywrds.ttr, Quarantined, [3343], [177353],1.0.3982
PUP.Optional.WeCare, C:\ProgramData\WeCareReminder\aspca.bmp, Quarantined, [3286], [180446],1.0.3982
PUP.Optional.Yontoo, C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.dat, Quarantined, [30], [181476],1.0.3982
PUP.Optional.Yontoo, C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.exe, Quarantined, [30], [181476],1.0.3982
PUP.Optional.Yontoo, C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.ico, Quarantined, [30], [181476],1.0.3982
PUP.Optional.Yontoo, C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setup.dll, Quarantined, [30], [181476],1.0.3982
PUP.Optional.Yontoo, C:\DOCUMENTS AND SETTINGS\ALL USERS\NTUSER.POL, Quarantined, [30], [-1],0.0.0
PUP.Optional.Yontoo, C:\PROGRAMDATA\NTUSER.POL, Quarantined, [30], [-1],0.0.0
PUP.Optional.WeCare, C:\PROGRAMDATA\READONLYINSTALLER.MSI, Quarantined, [3286], [8804],1.0.3982
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
 
ADW CLEANER C0 LOG:
 
# AdwCleaner 7.0.8.0 - Logfile created on Sat Feb 17 23:08:03 2018
# Updated on 2018/08/02 by Malwarebytes 
# Running on Windows 7 Home Premium (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
Deleted: C:\ProgramData\Ask
Deleted: C:\ProgramData\Application Data\Ask
Deleted: C:\Users\All Users\Ask
 
 
***** [ Files ] *****
 
Deleted: C:\ProgramData\uninstaller.exe
Deleted: C:\ProgramData\Application Data\uninstaller.exe
Deleted: C:\Users\All Users\uninstaller.exe
 
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Deleted: [Key] - HKLM\SOFTWARE\MimarSinan
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [4282 B] - [2018/2/17 23:5:42]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########


#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:47 PM

Posted 18 February 2018 - 06:56 AM

Matt:

 

Thank you for running those scans and for the logs.  A lot of "junk" was removed.  No serious malware was found, which is good news! :thumbup2:

 

OK, we have some housecleaning to do, because I did see some other non-malware issues in your first set of logs, but we will do that after I examine a new set of logs.

 

.

 

:step1: Thank you for uninstalling Spybot Search & Destroy.  As promised, I would like to get a fresh set of FRST logs to ensure that all of the remnants of that program were removed by its uninstaller.  Please run a FRST scan again for me.  Copy and paste the contents of the logs (FRST.txt and Addition.txt) into your next reply.

 

.

 

Thank you and have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#10 nuclearmatt

nuclearmatt
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:07:47 PM

Posted 18 February 2018 - 09:07 AM

Phil,

 

Sweet! This is excellent news to me. When we complete going through the remainder of your instructions, I would definitely appreciate any recommendations moving forward in terms of tools and software that would be prudent to have to keep protected. Thank you!

 

Here's my new set of logs:

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.02.2018
Ran by Matt (administrator) on PLASMONICS (18-02-2018 08:50:20)
Running from C:\Users\Matt\Desktop\SecurityTools
Loaded Profiles: Matt (Available Profiles: UpdatusUser & Matt)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6469736 2012-03-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2871056 2012-04-12] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5727392 2012-01-19] (Dell Inc.)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [418280 2012-07-25] (Autodesk, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-09-01] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\Run: [Google Update] => C:\Users\Matt\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.)
HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\MountPoints2: {cd603e92-2639-11e5-b93f-c485080650fd} - D:\LiteAuto.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260928 2012-02-26] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-02-26] (NVIDIA Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{3E1AC35A-EDD0-46CE-9177-E5C831C5C7C8}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{A6E28D48-CDE9-4C6D-B50E-3AFF55B23817}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-416811638-4231456509-3825418720-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM -> DefaultScope {98889E97-0409-40C6-AD5E-A9FDD3C6547C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {98889E97-0409-40C6-AD5E-A9FDD3C6547C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {98889E97-0409-40C6-AD5E-A9FDD3C6547C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {98889E97-0409-40C6-AD5E-A9FDD3C6547C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-416811638-4231456509-3825418720-1001 -> DefaultScope {E9DB9E7B-A275-41D1-8158-D0423FBEBDEB} URL = hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&cof=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-416811638-4231456509-3825418720-1001 -> {98889E97-0409-40C6-AD5E-A9FDD3C6547C} URL = hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-416811638-4231456509-3825418720-1001 -> {E9DB9E7B-A275-41D1-8158-D0423FBEBDEB} URL = hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&cof=&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-02-06] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-02-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [2017-07-24] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-02-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-24] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-416811638-4231456509-3825418720-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2018-01-11] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-02-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-02-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-01-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-02-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-02-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll [2011-10-03] (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-416811638-4231456509-3825418720-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-416811638-4231456509-3825418720-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Profile 2
CHR HomePage: Profile 2 -> msn.com
CHR DefaultSearchURL: Profile 2 -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Profile 2 -> bing.com
CHR DefaultSuggestURL: Profile 2 -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 2 [2018-02-18]
CHR Extension: (Slides) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-23]
CHR Extension: (Docs) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-23]
CHR Extension: (Google Drive) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-24]
CHR Extension: (YouTube) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-23]
CHR Extension: (Sheets) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-23]
CHR Extension: (Google Docs Offline) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-24]
CHR Extension: (AdBlock) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-02-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-23]
CHR Extension: (Gmail) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-23]
CHR Extension: (Chrome Media Router) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-23]
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\System Profile [2018-02-15]
CHR HKU\S-1-5-21-416811638-4231456509-3825418720-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Matt\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-14]
StartMenuInternet: Google Chrome.YYZXVGEL4WR5CPE25TD4YVPPOU - C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7968432 2018-01-30] (Microsoft Corporation)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-02-06] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-01] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2011-05-18] (Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AVerPola; C:\Windows\System32\DRIVERS\AVerPola.sys [862336 2013-12-18] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
S1 DhaHelper; C:\Windows\SysWOW64\drivers\dhahelper.sys [7168 2009-05-08] (MPlayer <hxxp://svn.mplayerhq.hu/mplayer/trunk/vidix/dhahelperwin/>) [File not signed]
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R3 hswpan; C:\Windows\System32\DRIVERS\hswpan.sys [109056 2012-01-27] (Ozmo Inc)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-02-07] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-02-17] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2018-02-17] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2018-02-18] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-17] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2018-02-18] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R1 MpKslbab28f56; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9946DF37-9A99-46B7-9134-004DA4DC6568}\MpKslbab28f56.sys [58120 2018-02-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-02-23] (Novatel Wireless Inc.)
S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-02-23] (Novatel Wireless Inc.)
S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213376 2009-02-23] (Novatel Wireless Inc.)
S3 SmbDrvAMDASF; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [24848 2012-04-12] (Synaptics Incorporated)
R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [24848 2012-04-12] (Synaptics Incorporated)
S3 STTub30; C:\Windows\System32\Drivers\STTub30.sys [44184 2012-07-09] (STMicroelectronics)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [67184 2012-01-03] (STMicroelectronics)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 usbser; C:\Windows\SysWOW64\DRIVERS\usbser.sys [32768 2013-11-11] (Microsoft Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-10-16] (Cisco Systems, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-17 18:03 - 2018-02-17 18:08 - 000000000 ____D C:\AdwCleaner
2018-02-17 17:23 - 2018-02-17 17:23 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-02-17 17:22 - 2018-02-18 05:16 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-02-17 17:22 - 2018-02-18 01:16 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-02-17 17:22 - 2018-02-17 18:12 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-02-17 17:22 - 2018-02-17 17:22 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-02-17 17:22 - 2018-02-17 17:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-17 17:22 - 2018-02-17 17:22 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-17 17:22 - 2018-02-17 17:22 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-17 17:22 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-02-17 12:28 - 2018-02-17 20:46 - 026071040 _____ C:\Users\Matt\Desktop\FacilitiesDatabaseMcIntyreV4.accdb
2018-02-17 12:03 - 2018-02-17 17:20 - 000000000 ____D C:\Users\Matt\Desktop\IconSets
2018-02-17 11:32 - 2018-02-17 11:32 - 005819581 _____ C:\Users\Matt\Downloads\quadrates_2_by_msergt-d4oegs0.rar
2018-02-17 11:31 - 2018-02-17 11:32 - 034252179 _____ C:\Users\Matt\Downloads\metro_ui_icon_set___725_icons_by_dakirby309-d4n4w3q.zip
2018-02-16 18:23 - 2018-02-17 12:28 - 026071040 _____ C:\Users\Matt\Desktop\FacilitiesDatabaseMcIntyreV3.accdb
2018-02-16 15:02 - 2018-02-16 15:02 - 000509032 _____ C:\Users\Matt\Desktop\Physical Inventory Tracker (NEW).xlsx
2018-02-15 10:38 - 2018-02-18 08:50 - 000000000 ___RD C:\Users\Matt\Desktop\SecurityTools
2018-02-15 09:51 - 2018-02-18 08:50 - 000000000 ____D C:\FRST
2018-02-15 08:56 - 2018-02-15 08:56 - 000000000 ____D C:\Users\Matt\Desktop\MCINTYRE TAXES 2017
2018-02-15 07:47 - 2018-02-15 07:49 - 121337803 _____ C:\Users\Matt\Desktop\Fixing Access Annoyances.pdf
2018-02-10 09:00 - 2018-02-17 09:13 - 000000000 ____D C:\Users\Matt\Desktop\TestFolder
2018-02-10 07:44 - 2018-02-16 18:22 - 026071040 _____ C:\Users\Matt\Desktop\FacilitiesDatabaseMcIntyreV2.accdb
2018-02-09 12:52 - 2018-02-09 17:47 - 000111110 _____ C:\Users\Matt\Desktop\newbook.xlsx
2018-02-08 15:06 - 2018-02-16 17:07 - 026071040 _____ C:\Users\Matt\Desktop\FacilitiesDatabaseMcIntyreV1.accdb
2018-02-08 15:06 - 2018-02-08 20:09 - 000789005 _____ C:\Users\Matt\Desktop\Physical Inventory Tracker LATEST.xlsx
2018-02-08 06:09 - 2018-02-08 06:28 - 000193432 _____ C:\Users\Matt\Desktop\McIntyreInfoCard.pdf
2018-02-05 21:44 - 2018-02-05 21:44 - 000001523 _____ C:\Users\Matt\Documents\LineItemSearchForm.html
2018-02-01 07:06 - 2018-02-01 07:06 - 000128244 _____ C:\Users\Matt\Desktop\Navy_reading_your_LES.pdf
2018-01-27 20:50 - 2018-01-27 20:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DB Browser for SQLite
2018-01-27 20:50 - 2018-01-27 20:50 - 000000000 ____D C:\Program Files\DB Browser for SQLite
2018-01-27 18:45 - 2018-01-27 21:44 - 000000000 ____D C:\Users\Matt\Desktop\sqlite_databases
2018-01-27 18:39 - 2018-01-27 18:41 - 000000000 ____D C:\SQLite3
2018-01-26 09:36 - 2018-02-07 21:38 - 002379919 _____ C:\Users\Matt\Desktop\Python For Data.pdf
2018-01-26 08:27 - 2018-01-31 18:39 - 000003174 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-416811638-4231456509-3825418720-1001
2018-01-24 23:01 - 2018-01-24 23:01 - 000002418 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2018-01-24 23:01 - 2018-01-24 23:01 - 000002417 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2018-01-24 23:01 - 2018-01-24 23:01 - 000002381 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2018-01-24 23:01 - 2018-01-24 23:01 - 000002380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2018-01-24 23:01 - 2018-01-24 23:01 - 000002374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2018-01-24 23:01 - 2018-01-24 23:01 - 000002368 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2018-01-24 23:01 - 2018-01-24 23:01 - 000002360 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-01-24 23:01 - 2018-01-24 23:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-01-24 23:00 - 2018-02-09 07:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-24 22:47 - 2018-01-24 22:47 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-01-24 17:15 - 2016-07-22 09:58 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2018-01-24 17:15 - 2016-07-22 09:51 - 000123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2018-01-24 17:08 - 2018-02-13 11:34 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-01-24 16:41 - 2017-12-29 03:39 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-01-24 16:40 - 2017-12-31 21:21 - 005581544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-01-24 16:40 - 2017-12-31 21:21 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-01-24 16:40 - 2017-12-31 21:21 - 000948968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-01-24 16:40 - 2017-12-31 21:21 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-01-24 16:40 - 2017-12-31 21:21 - 000288488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2018-01-24 16:40 - 2017-12-31 21:21 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-01-24 16:40 - 2017-12-31 21:21 - 000213736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2018-01-24 16:40 - 2017-12-31 21:21 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-01-24 16:40 - 2017-12-31 21:21 - 000114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-01-24 16:40 - 2017-12-31 21:21 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-01-24 16:40 - 2017-12-31 21:19 - 001665384 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 014183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 002004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 001741312 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 001110528 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000977408 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000961024 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000863232 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2018-01-24 16:40 - 2017-12-31 21:18 - 000842752 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000705024 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2018-01-24 16:40 - 2017-12-31 21:18 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000473600 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000439296 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000366592 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2018-01-24 16:40 - 2017-12-31 21:18 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000264704 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000120320 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\ndptsp.tsp
2018-01-24 16:40 - 2017-12-31 21:18 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2018-01-24 16:40 - 2017-12-31 21:18 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\traffic.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapPeerProxy.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapAuthProxy.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\wshqos.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wshnetbs.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 21:18 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-01-24 16:40 - 2017-12-31 21:13 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-01-24 16:40 - 2017-12-31 21:04 - 000559616 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2018-01-24 16:40 - 2017-12-31 21:02 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 001390080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2P.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2018-01-24 16:40 - 2017-12-31 21:00 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWCN.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ndptsp.tsp
2018-01-24 16:40 - 2017-12-31 21:00 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\traffic.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-01-24 16:40 - 2017-12-31 21:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:55 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2018-01-24 16:40 - 2017-12-31 20:55 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2018-01-24 16:40 - 2017-12-31 20:55 - 000058368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2018-01-24 16:40 - 2017-12-31 20:55 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
2018-01-24 16:40 - 2017-12-31 20:55 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2018-01-24 16:40 - 2017-12-31 20:54 - 004013800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-01-24 16:40 - 2017-12-31 20:54 - 003959016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-01-24 16:40 - 2017-12-31 20:54 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-01-24 16:40 - 2017-12-31 20:50 - 000455680 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2018-01-24 16:40 - 2017-12-31 20:49 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-01-24 16:40 - 2017-12-31 20:49 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-01-24 16:40 - 2017-12-31 20:49 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-01-24 16:40 - 2017-12-31 20:49 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-01-24 16:40 - 2017-12-31 20:46 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-01-24 16:40 - 2017-12-31 20:45 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-01-24 16:40 - 2017-12-31 20:43 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
2018-01-24 16:40 - 2017-12-31 20:43 - 000038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2018-01-24 16:40 - 2017-12-31 20:43 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2018-01-24 16:40 - 2017-12-31 20:43 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2018-01-24 16:40 - 2017-12-31 20:43 - 000020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapPeerProxy.dll
2018-01-24 16:40 - 2017-12-31 20:43 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapAuthProxy.dll
2018-01-24 16:40 - 2017-12-31 20:43 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2018-01-24 16:40 - 2017-12-31 20:43 - 000013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshqos.dll
2018-01-24 16:40 - 2017-12-31 20:42 - 000460288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-01-24 16:40 - 2017-12-31 20:42 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-01-24 16:40 - 2017-12-31 20:42 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-01-24 16:40 - 2017-12-31 20:42 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-01-24 16:40 - 2017-12-31 20:41 - 000754176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-01-24 16:40 - 2017-12-31 20:41 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-01-24 16:40 - 2017-12-31 20:41 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-01-24 16:40 - 2017-12-31 20:41 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-01-24 16:40 - 2017-12-31 20:41 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-01-24 16:40 - 2017-12-31 20:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-01-24 16:40 - 2017-12-31 20:41 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-01-24 16:40 - 2017-12-31 20:39 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-01-24 16:40 - 2017-12-31 20:36 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-01-24 16:40 - 2017-12-31 20:36 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-01-24 16:40 - 2017-12-31 20:36 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-01-24 16:40 - 2017-12-31 20:36 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-01-24 16:40 - 2017-12-31 20:35 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-01-24 16:40 - 2017-12-31 20:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-01-24 16:40 - 2017-12-31 20:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-01-24 16:40 - 2017-12-30 02:29 - 000395968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-01-24 16:40 - 2017-12-30 01:42 - 000347328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-01-24 16:40 - 2017-12-29 13:39 - 020274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-01-24 16:40 - 2017-12-29 13:24 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-01-24 16:40 - 2017-12-29 13:13 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-01-24 16:40 - 2017-12-29 13:13 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-01-24 16:40 - 2017-12-29 13:12 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-01-24 16:40 - 2017-12-29 13:12 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-01-24 16:40 - 2017-12-29 13:11 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-01-24 16:40 - 2017-12-29 13:09 - 002294272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-01-24 16:40 - 2017-12-29 13:06 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-01-24 16:40 - 2017-12-29 13:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-01-24 16:40 - 2017-12-29 13:04 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-01-24 16:40 - 2017-12-29 13:03 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-01-24 16:40 - 2017-12-29 13:03 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-01-24 16:40 - 2017-12-29 13:03 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-01-24 16:40 - 2017-12-29 12:55 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-01-24 16:40 - 2017-12-29 12:51 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-01-24 16:40 - 2017-12-29 12:50 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-01-24 16:40 - 2017-12-29 12:50 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-01-24 16:40 - 2017-12-29 12:47 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-01-24 16:40 - 2017-12-29 12:47 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-01-24 16:40 - 2017-12-29 12:46 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-01-24 16:40 - 2017-12-29 12:45 - 004508160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-01-24 16:40 - 2017-12-29 12:44 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-01-24 16:40 - 2017-12-29 12:39 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-01-24 16:40 - 2017-12-29 12:38 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-01-24 16:40 - 2017-12-29 12:38 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-01-24 16:40 - 2017-12-29 12:37 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-01-24 16:40 - 2017-12-29 12:36 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-01-24 16:40 - 2017-12-29 12:19 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-01-24 16:40 - 2017-12-29 12:15 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-01-24 16:40 - 2017-12-29 12:13 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-01-24 16:40 - 2017-12-29 04:15 - 025737728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-01-24 16:40 - 2017-12-29 04:04 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-01-24 16:40 - 2017-12-29 04:04 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-01-24 16:40 - 2017-12-29 03:52 - 002900480 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-01-24 16:40 - 2017-12-29 03:51 - 005796352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-01-24 16:40 - 2017-12-29 03:51 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-01-24 16:40 - 2017-12-29 03:50 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-01-24 16:40 - 2017-12-29 03:50 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-01-24 16:40 - 2017-12-29 03:50 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-01-24 16:40 - 2017-12-29 03:50 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-01-24 16:40 - 2017-12-29 03:44 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-01-24 16:40 - 2017-12-29 03:43 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-01-24 16:40 - 2017-12-29 03:40 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-01-24 16:40 - 2017-12-29 03:39 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-01-24 16:40 - 2017-12-29 03:39 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-01-24 16:40 - 2017-12-29 03:39 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-01-24 16:40 - 2017-12-29 03:32 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-01-24 16:40 - 2017-12-29 03:28 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-01-24 16:40 - 2017-12-29 03:22 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-01-24 16:40 - 2017-12-29 03:22 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-01-24 16:40 - 2017-12-29 03:21 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-01-24 16:40 - 2017-12-29 03:18 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-01-24 16:40 - 2017-12-29 03:18 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-01-24 16:40 - 2017-12-29 03:16 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-01-24 16:40 - 2017-12-29 03:14 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-01-24 16:40 - 2017-12-29 03:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-01-24 16:40 - 2017-12-29 03:04 - 015284224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-01-24 16:40 - 2017-12-29 03:03 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-01-24 16:40 - 2017-12-29 03:03 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-01-24 16:40 - 2017-12-29 03:01 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-01-24 16:40 - 2017-12-29 03:01 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-01-24 16:40 - 2017-12-29 02:50 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-01-24 16:40 - 2017-12-29 02:39 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-01-24 16:40 - 2017-12-29 02:27 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-01-24 16:40 - 2017-12-21 01:27 - 000634312 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-01-24 16:40 - 2017-12-13 11:31 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-01-24 16:40 - 2017-12-13 11:27 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-01-24 16:40 - 2017-12-13 11:27 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-01-24 16:40 - 2017-12-13 11:27 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-01-24 16:40 - 2017-12-13 11:27 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-01-24 16:40 - 2017-12-13 11:15 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-01-24 16:40 - 2017-12-13 11:11 - 000071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-01-24 16:40 - 2017-12-13 11:11 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-01-24 16:40 - 2017-12-13 11:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-01-24 16:40 - 2017-12-13 10:50 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-01-24 16:40 - 2017-12-05 12:36 - 000625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2018-01-24 16:40 - 2017-12-05 12:36 - 000250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2018-01-24 16:40 - 2017-12-05 12:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2018-01-24 16:40 - 2017-12-05 12:08 - 000481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2018-01-24 16:40 - 2017-12-05 12:08 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2018-01-24 16:40 - 2017-12-05 10:59 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-01-24 16:40 - 2017-12-05 10:49 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2018-01-24 16:40 - 2017-11-07 11:31 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-01-24 16:40 - 2017-11-07 11:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-01-24 16:40 - 2017-11-04 10:31 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-01-24 16:40 - 2017-11-04 10:31 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-01-24 16:40 - 2017-11-04 10:10 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2018-01-24 16:40 - 2017-11-04 10:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-01-24 16:40 - 2017-11-02 11:55 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2018-01-24 16:40 - 2017-11-02 11:55 - 000138240 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll
2018-01-24 16:40 - 2017-11-02 11:55 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2018-01-24 16:40 - 2017-11-02 11:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll
2018-01-24 16:40 - 2017-11-02 10:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2018-01-24 16:40 - 2017-11-02 10:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtm.dll
2018-01-24 16:40 - 2017-11-02 10:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2018-01-24 16:40 - 2017-11-02 09:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtprio.dll
2018-01-24 16:40 - 2017-10-16 18:04 - 001001984 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2018-01-24 16:40 - 2017-10-16 17:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2018-01-24 16:40 - 2017-10-11 19:20 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2018-01-24 16:31 - 2018-01-24 16:31 - 000000000 ____D C:\Users\Matt\Documents\ProcAlyzer Dumps
2018-01-24 16:25 - 2018-02-16 19:58 - 000000000 ____D C:\Users\Matt\Desktop\628 CES
2018-01-24 16:17 - 2018-02-15 10:41 - 000000000 ____D C:\Users\Matt\Desktop\old
2018-01-24 16:09 - 2018-01-24 23:33 - 000007610 _____ C:\Users\Matt\AppData\Local\resmon.resmoncfg
2018-01-24 15:51 - 2009-06-10 16:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20180124-155142.backup
2018-01-24 11:26 - 2018-02-15 20:32 - 000000208 _____ C:\Windows\wininit.ini
2018-01-24 07:31 - 2018-01-24 07:31 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2018-01-24 07:30 - 2018-02-15 20:33 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-01-24 07:30 - 2018-02-15 20:31 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-01-23 21:13 - 2018-01-23 21:13 - 000000005 _____ C:\Windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp
2018-01-23 21:09 - 2018-02-09 07:23 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-01-22 13:50 - 2018-01-27 18:09 - 001217536 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2018-01-22 13:50 - 2018-01-27 18:09 - 000005506 _____ C:\Windows\system32\sqlite3.def
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-18 07:55 - 2012-09-04 22:50 - 000000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-416811638-4231456509-3825418720-1001UA.job
2018-02-18 06:21 - 2009-07-13 23:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-18 06:21 - 2009-07-13 23:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-17 22:55 - 2012-09-04 22:50 - 000000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-416811638-4231456509-3825418720-1001Core.job
2018-02-17 18:16 - 2009-07-14 00:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-17 18:16 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-02-17 18:09 - 2012-06-15 11:38 - 000000000 ____D C:\ProgramData\NVIDIA
2018-02-17 18:09 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-15 20:42 - 2015-06-15 13:10 - 000000000 ____D C:\Users\Matt\AppData\LocalLow\Temp
2018-02-15 20:34 - 2009-07-13 23:45 - 000582192 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-07 21:37 - 2015-03-12 21:16 - 000000000 ____D C:\Users\Matt\.spyder2
2018-02-06 19:49 - 2013-07-09 13:47 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-02-06 19:49 - 2012-06-15 09:46 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-02-06 19:49 - 2012-06-15 09:46 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-06 19:48 - 2012-06-15 09:46 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-02-06 19:48 - 2012-06-15 09:46 - 000000000 ____D C:\Windows\system32\Macromed
2018-02-05 21:52 - 2015-12-05 00:01 - 000000000 ____D C:\Users\Matt\Documents\2015 END
2018-02-05 21:51 - 2016-05-11 08:39 - 000000000 ____D C:\Users\Matt\Documents\New folder
2018-02-04 19:21 - 2015-01-21 10:41 - 000000000 ____D C:\Users\Matt\Documents\Python Scripts
2018-02-02 15:58 - 2015-03-12 21:15 - 000000000 ____D C:\Users\Matt\.matplotlib
2018-02-01 07:09 - 2016-03-24 20:35 - 000000000 ____D C:\ProgramData\CanonIJPLM
2018-01-31 18:39 - 2015-06-28 08:41 - 000000000 ___RD C:\Users\Matt\OneDrive
2018-01-31 18:38 - 2015-06-28 08:41 - 000002117 _____ C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2018-01-27 20:52 - 2017-01-18 00:06 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-27 19:50 - 2012-09-04 19:56 - 000000000 ____D C:\Users\Matt
2018-01-25 22:21 - 2012-09-04 19:57 - 000165024 _____ C:\Users\Matt\AppData\Local\GDIPFONTCACHEV1.DAT
2018-01-25 10:15 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2018-01-24 23:05 - 2015-06-28 08:41 - 000002102 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2018-01-24 23:05 - 2015-06-28 08:41 - 000002102 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2018-01-24 23:05 - 2015-06-28 08:41 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2018-01-24 22:47 - 2009-07-13 22:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-01-24 17:58 - 2012-12-08 22:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2018-01-24 17:27 - 2013-08-28 17:19 - 000000000 ____D C:\Users\Matt\AppData\Roaming\Mozilla
2018-01-24 17:27 - 2012-09-04 20:20 - 000000000 ____D C:\Users\Matt\AppData\Local\Google
2018-01-24 17:25 - 2012-11-06 20:09 - 000000000 ____D C:\Program Files (x86)\DjVuZone
2018-01-24 17:25 - 2012-09-04 23:23 - 000000000 ____D C:\Program Files (x86)\Google
2018-01-24 17:23 - 2012-09-20 16:04 - 000000000 ____D C:\Program Files (x86)\epson
2018-01-24 17:23 - 2012-06-15 10:01 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-01-24 17:05 - 2012-10-05 16:12 - 000000000 ___RD C:\Users\Matt\Podcasts
2018-01-24 16:56 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\SysWOW64\Setup
2018-01-24 16:56 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\Setup
2018-01-24 16:52 - 2013-07-18 13:33 - 000000000 ____D C:\Windows\system32\MRT
2018-01-24 16:47 - 2017-11-14 20:53 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-01-24 16:47 - 2012-09-16 11:30 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-01-24 16:43 - 2011-02-10 11:10 - 000775084 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-01-24 16:06 - 2012-06-15 09:43 - 000000000 ____D C:\Users\UpdatusUser
2018-01-24 15:51 - 2009-07-13 21:34 - 000454512 ____R C:\Windows\system32\Drivers\etc\hosts.20180215-084637.backup
2018-01-23 21:38 - 2010-11-21 02:16 - 000000000 ____D C:\Windows\ShellNew
2018-01-23 21:16 - 2017-01-18 00:08 - 000000000 ____D C:\ProgramData\Garmin
2018-01-23 21:16 - 2017-01-18 00:07 - 000000000 ____D C:\Program Files (x86)\Garmin
2018-01-23 21:15 - 2017-07-04 11:29 - 000000000 ____D C:\Program Files (x86)\OpenTX
2018-01-23 21:13 - 2017-10-29 10:28 - 000000000 ____D C:\Users\Matt\AppData\Roaming\HTC
2018-01-23 21:13 - 2017-10-29 10:27 - 000000000 ____D C:\Users\Matt\AppData\Local\HTC MediaHub
2018-01-23 21:13 - 2017-10-29 10:26 - 000000000 ____D C:\ProgramData\HTC
2018-01-23 21:13 - 2017-10-29 10:23 - 000000000 ____D C:\Program Files (x86)\HTC
2018-01-23 21:11 - 2012-12-08 22:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2018-01-23 21:00 - 2017-07-29 18:11 - 000000000 ____D C:\Windows\Driver Cache
2018-01-23 20:44 - 2012-09-04 19:57 - 000000000 ____D C:\Users\Matt\AppData\Local\VirtualStore
2018-01-23 13:58 - 2010-11-20 22:27 - 000548000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-01-21 16:41 - 2012-09-06 00:09 - 000000000 ____D C:\Users\Matt\.VirtualBox
2018-01-20 19:25 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
 
==================== Files in the root of some directories =======
 
2012-09-04 19:59 - 2012-09-04 20:10 - 000002610 _____ () C:\Users\Matt\AppData\Roaming\AbsoluteReminder.xml
2012-10-25 12:27 - 2012-11-29 13:56 - 000011776 _____ () C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-07 12:36 - 2013-09-07 12:36 - 000000218 _____ () C:\Users\Matt\AppData\Local\recently-used.xbel
2018-01-24 16:09 - 2018-01-24 23:33 - 000007610 _____ () C:\Users\Matt\AppData\Local\resmon.resmoncfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-02-17 00:55
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.02.2018
Ran by Matt (18-02-2018 08:51:43)
Running from C:\Users\Matt\Desktop\SecurityTools
Windows 7 Home Premium Service Pack 1 (X64) (2012-09-05 00:57:11)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-416811638-4231456509-3825418720-500 - Administrator - Disabled)
Guest (S-1-5-21-416811638-4231456509-3825418720-501 - Limited - Disabled)
Matt (S-1-5-21-416811638-4231456509-3825418720-1001 - Administrator - Enabled) => C:\Users\Matt
UpdatusUser (S-1-5-21-416811638-4231456509-3825418720-1000 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
AutoCAD 2013 - English (HKLM\...\{5783F2D7-B001-0000-0102-0060B0CE6BBA}) (Version: 19.0.114.0 - Autodesk) Hidden
AutoCAD 2013 - English (HKLM\...\{5783F2D7-B001-0409-2102-0060B0CE6BBA}) (Version: 19.0.55.0 - Autodesk) Hidden
AutoCAD 2013 - English (HKLM\...\AutoCAD 2013 - English) (Version: 19.0.55.0 - Autodesk)
AutoCAD 2013 - English SP1.1 (HKLM\...\AutoCAD 2013 - English SP1.1) (Version: 1 - Autodesk)
AutoCAD 2013 Language Pack - English (HKLM\...\{5783F2D7-B001-0409-1102-0060B0CE6BBA}) (Version: 19.0.55.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\{62F029AB-85F2-0000-866A-9FC0DD99DDBC}) (Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.0.84.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM-x32\...\{62F029AB-85F2-0001-866A-9FC0DD99DDBC}) (Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Inventor Fusion 2013 (HKLM\...\{FFF5619F-2013-0064-A85E-9994F70A9E5D}) (Version: 2.0.0.206 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion 2013 (HKLM\...\Autodesk Inventor Fusion 2013) (Version: 2.0.0.206 - Autodesk, Inc.)
Autodesk Inventor Fusion plug-in for AutoCAD 2013 (HKLM\...\{82C1E6E4-6718-4EFD-9DCC-E276D690EF46}) (Version: 0.2.0.230 - Autodesk) Hidden
Autodesk Inventor Fusion plug-in for AutoCAD 2013 (HKLM\...\Autodesk Inventor Fusion plug-in for AutoCAD 2013) (Version: 0.2.0.230 - Autodesk)
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013 (HKLM\...\{FE2F4875-095C-427C-9A97-4F8DE05ACF22}) (Version: 0.2.0.230 - Autodesk) Hidden
Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Sync (HKLM\...\{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.102.0 - Autodesk, Inc.)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.02 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MX420 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX420_series) (Version:  - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.3.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.2.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.6.1 - Canon Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05187 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{CC3BBF96-7A4C-4B1D-B34D-6AC88CE46C6C}) (Version: 3.1.05187 - Cisco Systems, Inc.) Hidden
Computer-Aided Thermodynamic Tables 3 (HKLM-x32\...\Catt3) (Version:  - )
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DB Browser for SQLite (HKLM-x32\...\DB Browser for SQLite) (Version: 3.10.1 - DB Browser for SQLite Team)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 15.3.45.91 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version:  - )
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
Fences (HKLM\...\{10CD364B-FFCC-48BE-B469-B9622A033075}) (Version: 1.0 - Stardock Corporation) Hidden
Fences (HKLM-x32\...\Fences) (Version:  - Stardock Corporation)
Geant4 9.6 (HKLM-x32\...\Geant4 9.6) (Version: 9.6.1 - Geant4 Collaboration)
Google Chrome (HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Drive (HKLM-x32\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.)
Google Gmail Notifier (HKLM-x32\...\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}) (Version:  - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Gtk+ Runtime Environment 2.6.8-rc1 (HKLM-x32\...\Gtk+ Runtime Environment) (Version: 2.6.8-rc1 - )
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2653 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}) (Version: 2.1.1.0153 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1021 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® WiDi (HKLM\...\{4E4282C3-F66E-4852-837A-7675527178C2}) (Version: 3.1.26.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Music device driver (HKLM\...\{4169B8AC-D144-4E38-A9CA-637EA44129ED}) (Version: 1.5.5323.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{54EB8041-1115-4406-AA4B-44D236E84B3B}) (Version: 15.01.1000.0927 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KingUpdater (HKLM-x32\...\{52ADEF6D-B288-4E6A-9B72-D77663B1220E}) (Version: 1.00.0000 - CenTech) Hidden
KingUpdater (HKLM-x32\...\InstallShield_{52ADEF6D-B288-4E6A-9B72-D77663B1220E}) (Version: 1.00.0000 - CenTech)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Mathematica Extras 8.0 (2609412) (HKLM\...\A-WIN-Extras 8.0.4 2609412_is1) (Version: 8.0.4 - Wolfram Research, Inc.)
MATLAB Student R2010a (HKLM-x32\...\MatlabR2010a) (Version: 7.10 - The MathWorks, Inc.)
Maxima 5.26.0 (HKLM-x32\...\Maxima-5.26.0_is1) (Version: 5.26.0 - The Maxima Development Team)
MCNP DATA (HKLM-x32\...\{F64EEEF1-231C-48A0-8C2C-E9248D46BF51}) (Version: July 2011 - )
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9001.2138 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Broadband Generic Drivers (HKLM-x32\...\{EA5BA1B6-38D7-4A8F-B623-8A587AF1D34F}) (Version: 2.03.03.002.17 - Novatel Wireless) Hidden
Mobile Broadband Generic Drivers (HKLM-x32\...\Mobile Broadband Generic Drivers) (Version: 2.03.03.002.17 - Novatel Wireless)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA 3D Vision Driver 296.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 296.01 - NVIDIA Corporation)
NVIDIA Graphics Driver 296.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.01 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.7.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.12 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9001.2138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9001.2138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9001.2138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9001.2138 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Oracle VM VirtualBox 4.2.6 (HKLM\...\{A8A0B1C1-FBC7-4790-8E26-9DA1A6A95452}) (Version: 4.2.6 - Oracle Corporation)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
Python 2.7.8 (Anaconda 2.1.0 64-bit) (HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\Python 2.7.8 (Anaconda 2.1.0 64-bit)) (Version: 2.1.0 - Continuum Analytics, Inc.) <==== ATTENTION
Python 3.2.3 (64-bit) (HKLM\...\{789C9644-9F82-44d3-B4CA-AC31F46F5883}) (Version: 3.2.3150 - Python Software Foundation)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.14.009 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6606 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.28094 - Realtek Semiconductor Corp.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.11.0018 - ST Microelectronics)
TeXnicCenter Version 2.02 Stable (HKLM\...\TeXnicCenter_is1) (Version: 2.02 Stable - The TeXnicCenter Team)
TiEmu 3.03 No Gdb (HKLM-x32\...\TiEmu3-gdb_is1) (Version:  - The TiEmu Team)
Virtual COM Port Driver (HKLM-x32\...\{9853299F-7AD8-4560-9896-60650BD8ACBF}) (Version: 1.3.1 - STMicroelectronics) Hidden
Virtual COM Port Driver (HKLM-x32\...\InstallShield_{9853299F-7AD8-4560-9896-60650BD8ACBF}) (Version: 1.3.1 - STMicroelectronics)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinEdt 8 (HKLM\...\WinEdt 8) (Version: 8.1 - WinEdt Team)
Wolfram CDF Player (M-WIN-D 8.0.4 2609533) (HKLM-x32\...\M-WIN-D 8.0.4 2609533_is1) (Version: 8.0.4 - Wolfram Research, Inc.)
Zint (HKLM-x32\...\Zint) (Version: 2.4.3.0 - Robin Stuart & BogDan Vatra)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2013\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-416811638-4231456509-3825418720-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2012-02-06] (Autodesk, Inc.)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2012-02-06] (Autodesk)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2014-05-12] ()
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2015-04-30] (Microsoft Corporation)
ContextMenuHandlers1: [FencesShellExt] -> {1984DD45-52CF-49cd-AB77-18F378FEA264} => C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll [2010-06-22] (Stardock)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2015-04-30] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2015-04-30] (Microsoft Corporation)
ContextMenuHandlers4: [FencesShellExt] -> {1984DD45-52CF-49cd-AB77-18F378FEA264} => C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll [2010-06-22] (Stardock)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers5: [FencesShellExt] -> {1984DD45-52CF-49cd-AB77-18F378FEA264} => C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll [2010-06-22] (Stardock)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-02-14] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2012-02-25] (NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.)
ContextMenuHandlers6: [FencesShellExt] -> {1984DD45-52CF-49cd-AB77-18F378FEA264} => C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll [2010-06-22] (Stardock)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0542E9BC-C09B-4DEE-8008-E4FDFF74F86E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-06] (Adobe Systems Incorporated)
Task: {0C819FFF-9D19-4E97-941E-E8D27083CE32} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {177EDAEA-6B5A-4AC6-8EAE-9A66D647D9C3} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-02-06] (Microsoft Corporation)
Task: {3C9EC03D-ECED-454A-891B-7FA564287565} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-01-30] (Microsoft Corporation)
Task: {4928A571-D878-4345-AAD5-89912D62B453} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\MATLAB\R2010a Student\MATLAB R2010a Student.lnk [Argument = -sd $documents\MATLAB -r "setenv('PATH', ['C:\GTK\bin;C:\MCNP\mcnp5\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\Intel\iCLS Client\;c:\Program Files\Intel\iCLS Client\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\MATLAB\R2010a Student\bin']);"]
Task: {4D1520A5-7BCF-437F-9EB7-7B6107A4E523} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-416811638-4231456509-3825418720-1001Core => C:\Users\Matt\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {6043938C-EFB6-4C7F-A6C1-ECD319EAB533} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-416811638-4231456509-3825418720-1001UA => C:\Users\Matt\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {88F313DB-83DA-4F17-9190-A11AA4E54F4E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-416811638-4231456509-3825418720-1001Core => C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {8F48800D-65A4-45AB-862B-585A24A5A75F} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate
Task: {8F48800D-65A4-45AB-862B-585A24A5A75F} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(2): %windir%\system32\rundll32.exe -> invagent.dll,RunUpdate -noappraiser
Task: {9E86C2B8-821D-4541-9338-4ABE97366476} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-02-06] (Intel)
Task: {A08F92D6-C868-47A0-8AF2-B065FA3A0D9C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks [Argument = /run /TN "\Microsoft\Windows\Setup\gwx\refreshgwxconfig"]
Task: {A1C7A05D-D6A4-46F0-8DDC-A8152E4F6EDB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-416811638-4231456509-3825418720-1001UA => C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {AF3E0992-CE8D-40BB-8457-B37CC9E6438A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-02-06] (Microsoft Corporation)
Task: {B1C46434-EC47-401D-929A-D15AFE1CB1D1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-01-17] (Adobe Systems Incorporated)
Task: {BC6D28F1-2C64-4DAC-8993-708FAD7A442A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C22E433F-5553-401A-98E2-CF4E9FACE612} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-01-30] (Microsoft Corporation)
Task: {D478B054-5047-43D0-AE24-0121789B50B1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-02-06] (Microsoft Corporation)
Task: {D9B1428F-3CAF-4FB2-A31C-0CD9A7953191} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(2): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate -nolegacy
Task: {D9B1428F-3CAF-4FB2-A31C-0CD9A7953191} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(3): %windir%\system32\rundll32.exe -> appraiser.dll,DoScheduledTelemetryRun
Task: {E31C746D-0D1C-4461-9B07-768FA2742AAA} - System32\Tasks\{944A96DE-0ACF-4A76-B0C9-991E38F2169C} => C:\Windows\system32\pcalua.exe -a C:\Users\Matt\Downloads\VirtualBox-4.2.6-82870-Win.exe -d C:\Users\Matt\Downloads
Task: {EAE44E51-F575-4D1D-BA8A-C004EEABD30F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-416811638-4231456509-3825418720-1001Core.job => C:\Users\Matt\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-416811638-4231456509-3825418720-1001UA.job => C:\Users\Matt\AppData\Local\Facebook\Update\FacebookUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda (64-bit)\Anaconda Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Users\Matt\Anaconda\Scripts\anaconda.bat"
ShortcutWithArgument: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda (64-bit)\Wakari (in the cloud).lnk -> C:\Users\Matt\Anaconda\pythonw.exe () -> -m webbrowser -t "hxxps://www.wakari.io/"
ShortcutWithArgument: C:\Users\Matt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Anaconda Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Users\Matt\Anaconda\Scripts\anaconda.bat"
ShortcutWithArgument: C:\Users\Matt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b2375b5d5fd7d5ac\Google Chrome.lnk -> C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-12-02 12:52 - 2014-12-02 12:52 - 000029184 _____ () C:\Windows\System32\ssm4mlm.dll
2017-09-01 01:49 - 2017-09-01 01:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-09-01 01:49 - 2017-09-01 01:49 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-05-12 04:49 - 2014-05-12 04:49 - 000222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2012-06-15 11:13 - 2012-02-14 11:53 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-09-11 13:45 - 2017-09-11 13:45 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2017-09-11 13:45 - 2017-09-11 13:45 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2016-03-24 20:35 - 2013-05-14 17:50 - 000140936 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2018-02-17 17:22 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-02-17 17:22 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-01-05 15:28 - 2018-01-03 04:20 - 004063064 _____ () C:\Users\Matt\AppData\Local\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-05 15:28 - 2018-01-03 04:20 - 000099672 _____ () C:\Users\Matt\AppData\Local\Google\Chrome\Application\63.0.3239.132\libegl.dll
2014-10-16 00:48 - 2014-10-16 00:48 - 000063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2018-01-24 16:53 - 2018-01-24 16:53 - 000172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\6673ce6dac4d89de35948e2f0390d97b\IsdiInterop.ni.dll
2012-06-15 10:03 - 2011-11-29 20:00 - 000059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-06-15 10:02 - 2012-02-01 16:44 - 001198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-416811638-4231456509-3825418720-1001\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7936 more sites.
 
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-416811638-4231456509-3825418720-1001\...\123simsen.com -> www.123simsen.com
 
There are 7936 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2018-02-15 08:46 - 000454512 ____R C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15600 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-416811638-4231456509-3825418720-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\startupfolder: C:^Users^Matt^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk => C:\Windows\pss\Facebook Messenger.lnk.Startup
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: Epson Stylus NX430(Network) => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE /FU "C:\Users\Matt\AppData\Local\Temp\E_SA26C.tmp" /EF "HKCU"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Matt\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{903EB530-EC6B-4E92-8313-350030BB38F7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{205CD947-2F64-44E7-9AA8-AA8DF8DE795B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{E4E3ECA7-C3ED-46E6-B87A-83E220700F86}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{83D692A5-A270-4BA4-849B-D0056C46A325}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{7297DFE7-7B49-4422-8D2A-842A55F8DAC3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F4E9575E-5FDE-4729-BA70-A75FCC3D4ECD}] => (Allow) LPort=2869
FirewallRules: [{D01DD5F3-318E-46BB-9A90-0FAB67E80153}] => (Allow) LPort=1900
FirewallRules: [{C44A25DF-9D30-4F76-A3EE-D7AF776561FA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F61D8032-ED5B-4B29-BB10-24EE955837E5}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{1B1D8426-2EE9-4F87-AADF-28D4B3871775}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{EFB7590B-FF18-4B6C-84BC-C14AA96F5099}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{3A43095E-38EE-412A-8A30-ABDB08386ABF}] => (Allow) LPort=50248
FirewallRules: [TCP Query User{C157C923-459E-4AE5-892E-6805C9BCC5AF}C:\cygwin\bin\xwin.exe] => (Allow) C:\cygwin\bin\xwin.exe
FirewallRules: [UDP Query User{9B0CBC25-B723-48E2-BBA2-938B52BF18B1}C:\cygwin\bin\xwin.exe] => (Allow) C:\cygwin\bin\xwin.exe
FirewallRules: [{FFB24DC8-876E-4ADE-813A-A2248E819147}] => (Allow) C:\Users\Matt\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{93B6DDC4-2FC4-4F9B-9BB0-1B16884C3F18}] => (Allow) C:\Users\Matt\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [TCP Query User{A42C1EA1-FC2F-4DC4-B6CC-71A58CC4D965}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{634B527B-1831-4FF0-AAD6-FB0145FE400B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{CA8AAE0D-D50B-410B-B2B0-9051CF3FCF83}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{6510DB6A-B473-4FD9-BF4F-4A125B58E2B2}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{492DBD63-CD1D-49A0-8F0C-561A7878049E}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\8.0\WolframCDFPlayer.exe
FirewallRules: [{06FC3735-1145-487F-92F8-DB060E0D30E4}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\8.0\WolframCDFPlayer.exe
FirewallRules: [{7494DDC2-CA53-4F54-8670-DD8A775B84FE}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\8.0\math.exe
FirewallRules: [{B720DCEF-9EC8-4A0D-A5B7-DE32156C5978}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\8.0\math.exe
FirewallRules: [{6E368E32-9397-40AF-94B8-664D0EFD472B}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{546941A3-71F6-4F68-A6E1-FE44E4357A46}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{88386FAB-EEF4-4EE3-B4E7-2E031A0E69C2}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{03614D0D-0806-4A8C-A364-2176971799CF}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{00E75FCC-F5D3-473B-A3A0-810FD99F2969}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{33DB2689-4012-4252-8711-5479C5622189}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{2AEB2C53-DF8C-4B89-BD70-4FEE75872627}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{58046638-7BD3-4113-BA66-CF3F1C0C84F3}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{FD2866F5-66D4-4C42-B15C-7D40E7347C8C}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{77AAA06E-35F3-4616-9025-E70C6A0C64F9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E62DD3F5-F6AB-4E0B-9C08-EA2B4F7FDC80}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1BE0C035-BDCA-4BA5-B039-605BD848E1AE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F37F0384-00DA-445E-B2E8-9225F733DF04}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{727ACEF8-F0F1-4818-924E-2E3F8A28062F}] => (Allow) C:\Users\Matt\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [TCP Query User{CC93A81E-8E7E-4106-A7AF-A27473A1E004}C:\users\matt\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\matt\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{75653D10-8DB5-46FA-80E7-87C0D49A5292}C:\users\matt\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\matt\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{DB0D0C2D-7888-493F-A592-73084EED68A5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C4268B03-CDD6-46B9-8D7A-051C35D5F009}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
 
==================== Restore Points =========================
 
15-02-2018 20:39:40 Restore Point Created by FRST
16-02-2018 21:02:27 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/17/2018 09:06:28 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (02/17/2018 06:13:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (02/17/2018 05:55:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (02/17/2018 12:04:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\Matt\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (02/17/2018 12:04:21 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\Matt\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (02/17/2018 12:04:21 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\Matt\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (02/17/2018 12:04:21 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\Matt\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (02/17/2018 09:18:36 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\Matt\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
 
System errors:
=============
Error: (02/17/2018 06:14:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
The service did not start due to a logon failure.
 
Error: (02/17/2018 06:14:42 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
Logon failure: the specified account password has expired.
 
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (02/17/2018 06:12:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated with the following error: 
%%-2147196306
 
Error: (02/17/2018 06:12:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
DhaHelper
 
Error: (02/17/2018 06:11:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/17/2018 06:09:16 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\dhahelper.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (02/17/2018 06:08:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
The service did not start due to a logon failure.
 
Error: (02/17/2018 06:08:28 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: 
The request is not supported.
 
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3517U CPU @ 1.90GHz
Percentage of memory in use: 49%
Total physical RAM: 6568.31 MB
Available physical RAM: 3344.38 MB
Total Virtual: 13134.79 MB
Available Virtual: 9849.1 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:223.73 GB) (Free:39.27 GB) NTFS
 
\\?\Volume{17d9f959-b708-11e1-bf4c-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:18.25 GB) (Free:5.58 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 34D08F9A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=18.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=223.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=223.7 GB) - (Type=05)
 
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 8 GB) (Disk ID: 34D08FB2)
Partition 1: (Not Active) - (Size=8 GB) - (Type=84)
 
==================== End of Addition.txt ============================


#11 nuclearmatt

nuclearmatt
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:07:47 PM

Posted 18 February 2018 - 09:10 AM

Phil,

 

I should also add that I did not select the "Fix" option after running the scan, I only selected "Scan" and then copy pasted the results into my reply.



#12 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:47 PM

Posted 18 February 2018 - 11:10 AM

Matt:

 

Thank you for your new set of FRST logs.  I will get to work checking them out.

 

You did the right thing: there was no FRST "fixlist" script to execute, so nothing would have happened if you had pressed "Fix."  Unlike most other anti-malware tools and scanners, FRST does not "fix" things by itself.  It is therefore harmless when used as a scanner, but it is very effective in executing "fixlist" scripts.  That is why the capability to respond to Logs in this Forum is restricted to those trained and qualified to identify malware and in the use of anti-malware tools to safely remove infections.  You can check out the training program, here.  The time required to graduate is a little understated! :)  It took me 19 months to become qualified, and that is pretty fast.  Normally it is about two to four years, depending upon your entry knowledge, and the time that you have to devote to malware removal studies.  Being retired, I could devote a lot of time.  I am a Bleeping Computer Malware Removal Study Hall graduate, but there are other accredited "schools" as well, like GeekU.

 

In any event, I will post back once I have analyzed your newest FRST logs.

 

Have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#13 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:47 PM

Posted 18 February 2018 - 11:57 AM

Matt:

Thank you for your patience while I analyzed your newest FRST logs. I see some traces of Spybot Search & Destroy and McAfee remaining, so I will get rid of those for you.


:step1: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.

 

Start::
CreateRestorePoint:
2018-01-24 07:30 - 2018-02-15 20:33 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-01-24 07:30 - 2018-02-15 20:31 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
FirewallRules: [{1B1D8426-2EE9-4F87-AADF-28D4B3871775}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{EFB7590B-FF18-4B6C-84BC-C14AA96F5099}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

:step2: You are a few versions behind in OpenOffice. You have 4.1.1. installed. The current version is 4.1.5. You can update this program from within OpenOffice, by going to "Help" and "Check for updates"; or, you can go their site and download the most current version. It is important to always have the newest version of software programs because, apart from performance improvements and enhanced features in the updates, security vulnerabilities are also patched.

.

:step3: Your Adobe Reader is out of date as well. You should go to the Adobe Reader DC site and download the current version of Adobe Reader. The Adobe Reader software program is a target for malware authors because its use is so widespread, so there are always security patches in each new version to address security vulnerabilities.

IMPORTANT: Un-check the optional McAfee offers BEFORE beginning the update download.

.

:step4: The FRST logs also show that you have QuickTime installed. I would recommend that you uninstall it from your computer, since it is no longer being maintained by Apple and therefore poses a security risk to your computer. Please see this link for more information.

.

:step5: I am seeing system and event errors in your "Addition.txt" log file. I would like to determine whether they are serious. Please run a System File Checker (SFC) scan to assess the integrity of the Windows file system.

  • Click on the "Start" button.
  • In the "search" box at the bottom, type cmd.
  • Look for Cmd.exe to appear at the top of the menu.
  • Right-click on cmd.exe and choose Run As Administrator.
  • Type sfc /scannow. Ensure that there is a space between "sfc" and "/scannow"
  • The scan will start and may take from 20 minutes to an hour to run.
  • Please report the results from the System File Checker in your next post. Does it report "No Resource Integrity Violations Found", "Errors Repaired", or "Unable to Repair", or words to that effect?
  • If the System File Checker scan reports that some errors were corrected, and some errors were not corrected, please re-run the System File Checker scan again, as it does happen that it can not fix all of the errors detected in a single run.
  • If it again reports that some errors were corrected, and some errors were not corrected, please run it a third time.

If SFC continues to report uncorrectable errors, please immediately navigate to the folder: C:\Windows\Logs\CBS, locate the file "CBS.log", and copy, not move it, to your Desktop. That file is "volatile", so we need to ensure that it is not overwritten with new results.

.

Sorry for all of the homework, Matt! :busy: We should be getting to close to being finished with your computer unless the SFC reports uncorrectable errors ... . Let's hope for the best! :bowdown:

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#14 nuclearmatt

nuclearmatt
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:07:47 PM

Posted 18 February 2018 - 02:48 PM

Phil,

 

No worries about the homework! It's actually something I really enjoy since the benefits are tremendous.

 

After executing the FRST script that you provided me, I proceeded to uninstall OpenOffice (Since I did not really need it, nor would it update properly from within the application), QuickTime, and several other applications that I don't use anymore or simply don't need. 

 

I attempted to install Adobe Reader DC from their website, however when I run the .exe only a blank pop up window loads with the title "Adobe Download Manager" and it does nothing. I also experienced a licensing error with my Adobe Reader X Pro (which I use to create forms and such) and had to follow instructions from Adobe to run a patch. (https://helpx.adobe.com/acrobat/kb/error-213-19-licensing-acrobat.html)

 

I ran the System File Checker, and it found corrupt files, but it was able to repair all of them the first time. Unfortunately the CBS text file is very large, and when I try and paste it into this text box it causes the webpage to crash (I've lost my responses twice so far, haha).

 

Thank you Phil.

 

 

FRST Results:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.02.2018
Ran by Matt (18-02-2018 12:45:59) Run:2
Running from C:\Users\Matt\Desktop\SecurityTools
Loaded Profiles: Matt (Available Profiles: UpdatusUser & Matt)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
2018-01-24 07:30 - 2018-02-15 20:33 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-01-24 07:30 - 2018-02-15 20:31 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
FirewallRules: [{1B1D8426-2EE9-4F87-AADF-28D4B3871775}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{EFB7590B-FF18-4B6C-84BC-C14AA96F5099}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
 
*****************
 
Restore point was successfully created.
C:\Program Files (x86)\Spybot - Search & Destroy 2 => moved successfully
C:\ProgramData\Spybot - Search & Destroy => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1B1D8426-2EE9-4F87-AADF-28D4B3871775}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EFB7590B-FF18-4B6C-84BC-C14AA96F5099}" => removed successfully
 
==== End of Fixlog 12:46:23 ====


#15 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:47 PM

Posted 18 February 2018 - 03:22 PM

Matt:
 
Thank you for your post and for the contents of the FRST "fixlog.txt" file.  That is perfect!  I love it when a script runs flawlessly! :)
 
As for Adobe Reader DC, the errors that SFC later corrected might have been responsible for your issues, but you could also try the offline installer file.  See this link.  There are other links as well if you search "Adobe Reader DC offline installer".
 
I am really pleased that SFC was able to correct the errors that it detected. :thumbsup:  I have no need for the "CBS.log" file in that event, or if no errors are detected, so you can stop trying to crash our web page! :)  I will clarify my instructions for future people who I help.  I had one user recently who I had to refer to the Sysnative Forum, since they have the expertise to correct errors that SFC cannot correct.  There is a training course for that, as well, offered by Sysnative, but I keep busy enough just staying on top of the mutating malware threats! :busy:  We do have some members here who were trained there and are certified to use SFCFix.exe.  I know that limits of my expertise, and I have gone to Sysnative myself on one occasion for their assistance.  It is an excellent site and people ... just like here! :)
 
.
 
OK, it all looks great, Matt. :thumbup2:  You should have your computer back and working just fine.  Let's clean up the mess that I made! :)
 
.
 
:step1: We will now remove the tools we used during this fix using Delfix.

bwebb7v.jpgDownload Delfix from here and save it to your desktop.

  • Ensure Remove disinfection tools is checked.
  • Also place a checkmark next to:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click the Run button.

When the tool is finished, a log will open in notepad. Please copy and paste the log in your next reply.

.

:step2: . . . Some Final Advice . . .

The most common cause of an infected machine is the Trojan Horse, or programs which appear to be legitimate but which contain malicious payloads, or which are simply malicious in and of themselves. No antivirus, firewall, host-based intrusion prevention system (HIPS), or other security software can fully protect you against this kind of attack. The best way to project yourself is not to run email attachments from untrusted sources, and avoid software downloaded from the internet wherever possible. Remember, when you run an application, you are giving that application permission to do to your machine anything you can do to the machine, including create, modify, or destroy files or other data. In the Windows (and most other systems' such as Unix) security model, applications don't have privileges, users do.

The second most common cause of infection is out of date software. Leaving your system unpatched leaves holes through which attackers can execute code on your behalf without your consent. This goes for far more than common targets such as Windows and Internet Explorer. Most recent threats target other third party software, such as Adobe's Adobe Reader, Shockwave Player, or Flash Player, or Oracle's Java browser plugins. You can check your system for out of date software manually, or by using automated tools such as Secunia's Personal Software Inspector. This goes doubly for security applications such as antivirus and other antimalware products based on definition lists, where out-of-date lists mean no detection of newer malware.

Finally, occasionally you will be forced to run some potentially infected binary, or attackers will use a hole which is unpatched by software vendors, so a last line of defense is needed. That means turning on a firewall (Windows Firewall included with Windows Vista or later is fine) and leaving it on, and using and keeping up-to-date an antivirus solution such as Bitdefender. Antiviral solutions don't even have to cost money; later versions of Windows Defender provide perfectly acceptable protection for free. If for some reason you don't like Windows Defender, there are other free products available as well:

  • Avira (shows nag screen to purchase full product when updating, home use only)
  • Bitdefender Free (home use only)

That should be fine for the majority of users. However, if you absolutely want additional protection, consider one or more of the following products:

If you want more information on methods malware uses to infect your computer, consider browsing our How did I get infected? topic.

.

It has been a pleasure assisting you and I hope that you will avoid any further infections in the future. Your most important protection step is to ALWAYS HAVE MORE THAN ONE RECENT BACKUP OF YOUR ENTIRE SYSTEM on an external drive that is only connected to your computer long enough to backup or restore. I do system images weekly. With the free backup software out there (Easeus ToDo Backup Home, Macrium Reflect, etc.), and the very reasonable prices for external USB hard drives, there is no reason to not have a backup.

Please copy and paste the contents of the Delfix log into your next reply. If that looks good, then we can conclude your topic.

On behalf of the Bleeping Computer Community, Matt, thank you for choosing BC to assist you with your computer issues, stay safe out there in cyberspace, and have a great day.

Regards,
-Phil
 


Member of the Unified Network of Instructors and Trusted Eliminators





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users