Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unspecified malware... possible DLL redirect?


  • This topic is locked This topic is locked
7 replies to this topic

#1 Exodius999

Exodius999

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 04 April 2018 - 11:19 PM

UPDATE 2 - sorry for the bump...
After AVG requiring me to restart the PC again after my MBAM rescan, I'm back to experiencing slowness, issues starting or configuring security software etc so the issue seems to persist. Help appreciated. Thanks.   I restarted again - shutdown took FOREVER... but did get there.  And on restart 'normal' system behaviour seems to have returned.  Seems like every second boot just now is 'problematic' with slowness, interference with security software, AVG firewall not running, MBAM not starting or protection settings not being changeable etc...   Second set of FRST logs attached from normal boot while system seems to function normally.

UPDATE:
I've been operating this system predominantly in Safe mode for the past 24 hours as it is marginally more stable with a little more performance and not quite so prone to incidences of malware behaviour. 
 
MalwareBytes has failed to execute on the system for the past ~12 hours. I endeavoured to start MB again a short while ago, and while it didn't 'open', a system tray notification popped up a minute or so later requesting a reboot.  I rebooted (normally, instead of into Safe mode) and the aberrant behaviour seems to have gone.  I've removed the FRST logs that I ran from Safe Mode earlier and attached here - and have replaced them with some I've just run now.  I haven't looked them over myself yet, but I'm hopeful we're looking at remnant clean-up, rather than full scale reclamation of the system from the malware.  I'm about to run CCleaner, MB scan and then ADWCleaner, and then I'll wait for someone to confirm whether anything further is still necessary.
 
 
ORIGINAL POST:
I posted previously to the 'Am I infected?' forum and was asked to post here with FRST logs etc.
 
My problem started a couple of days ago when after restore from an old backup a collection of apparent adware and a miner appeared on my system.  Thinking I was dealing with a simple browser hijack/adware dump, I uninstalled the obvious software from the Control Panel and used HijackThis to clean the browser hijack and obvious adware remnants.
 
It became apparent however that there's more going on.  Some software won't run, some software won't install, or at least installs only after multiple attempts, the Security Center service can't be started, and a number of the MalwareBytes protection options can't be turned on (they've variously been able to be turned on or not depending on the action taken previous to checking).  There's also been some suspicious browser activity - pages closing, redirecting etc, including this one while trying to compose this post...  I still haven't received my registration confirmation email from malwarebytes forums, while attempting to read posts to this forum locks up the browser until I close the tab.
 
It occurred to me only today while doing some research that I'd seen mention of AppInit.dll - which makes me wonder whether some form of DLL redirect isn't at least part of the underlying issue, but obviously, not being an expert that just a possibility to evaluate when looking at the logs.
 
I ran FRST64 when asked and was able to produce the two logs, attached below.
 
Edit: Forgot to say that FRST64 was run in Safe Mode - symptoms are at least a little more contained there than with a normal boot.
 
Thanks in advance for your help.

Attached Files


Edited by Exodius999, 05 April 2018 - 07:23 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:08 AM

Posted 05 April 2018 - 07:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program in bold via the Control Panel > Programs > Programs and Features.
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

.
HijackThis is no longer supported and not ready for your Operating system.
I suggest your remove via the Control panel > Programs > Programs and Features.
Use the Farbar Recovery Scan Tool from now on to report problems.

If not present in the Program List delete the file in bold.
C:\Users\DAL\Downloads\HijackThis.exe
<<<>>>
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF user.js: detected! => C:\Users\DAL\AppData\Roaming\Mozilla\Firefox\Profiles\109a5gv4.default\user.js [2018-04-04]
FF Homepage: Mozilla\Firefox\Profiles\109a5gv4.default -> about:home
FF NetworkProxy: Mozilla\Firefox\Profiles\109a5gv4.default -> type", 4
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} =>  -> No File
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} =>  -> No File
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} =>  -> No File
Task: {404F6959-8D60-4663-9529-28251485E13E} - System32\Tasks\{EA98C426-50FA-47A0-BE86-86682D242A89} => C:\Windows\system32\pcalua.exe -a C:\Users\DAL\Downloads\HijackThis.exe -d C:\Users\DAL\Downloads
Task: {5626277E-7A1C-45EC-AA1F-F953A3BCE789} - System32\Tasks\{B1A5E9BA-50DC-45D1-B47C-4960709D0F42} => C:\Windows\system32\pcalua.exe -a C:\Users\DAL\AppData\Local\Temp\jre-8u101-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {798FE2B6-FF07-41D7-95BC-7ED883F17A14} - System32\Tasks\{05CE819A-C23A-46DB-BF88-9AFE39C6896C} => C:\Windows\system32\pcalua.exe -a C:\Users\DAL\AppData\Local\Temp\jre-8u73-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {84D124DE-E73E-4797-90A8-E6A9CDF71B50} - System32\Tasks\{BD49BB09-91EC-43B7-9415-87C4E5418AE2} => C:\Windows\system32\pcalua.exe -a C:\Users\DAL\AppData\Local\Temp\jre-8u71-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {92235685-14F5-45CB-B7B9-2F6ED53DA792} - System32\Tasks\{BE75C2FE-DFB9-4B6C-885B-6A40FAB24012} => C:\Windows\system32\pcalua.exe -a C:\Users\DAL\AppData\Local\Temp\jre-8u77-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {D9D7E62B-B4A8-4EFA-986E-7697CD620485} - System32\Tasks\{A07142DF-9964-40D6-8E9B-4FA614EC49A1} => C:\Windows\system32\pcalua.exe -a C:\Users\DAL\AppData\Local\Temp\jre-8u111-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {FD49F5F2-C6BB-4F9D-8FFA-3D1EF848EFCD} - System32\Tasks\{F16C49C9-37AB-4155-A05F-224E96EDF738} => C:\Windows\system32\pcalua.exe -a "C:\Users\DAL\Downloads\Windows PC Software\HijackThis\HijackThis.exe" -d "C:\Users\DAL\Downloads\Windows PC Software\HijackThis"
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]

C:\Windows\System32\Tasks\{EA98C426-50FA-47A0-BE86-86682D242A89}
C:\Windows\System32\Tasks\{B1A5E9BA-50DC-45D1-B47C-4960709D0F42}
C:\Users\DAL\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Windows\System32\Tasks\{05CE819A-C23A-46DB-BF88-9AFE39C6896C}
C:\Users\DAL\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Windows\System32\Tasks\{BD49BB09-91EC-43B7-9415-87C4E5418AE2}
C:\Users\DAL\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Windows\System32\Task: {92235685-14F5-45CB-B7B9-2F6ED53DA792}
C:\Users\DAL\AppData\Local\Temp\jre-8u77-windows-au.exe 
C:\Windows\System32\System32\Tasks\{A07142DF-9964-40D6-8E9B-4FA614EC49A1}
C:\Users\DAL\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Windows\System32\System32\Tasks\{F16C49C9-37AB-4155-A05F-224E96EDF738}
C:\Users\DAL\Downloads\Windows PC Software\HijackThis\HijackThis.exe

RemoveProxy:
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset the browsers that you use and have been compromised.

How To:
https://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/
====

Please post the logs and let me know what problem persists with this computer.

#3 Exodius999

Exodius999
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 05 April 2018 - 09:21 AM

Thanks Nasdaq, appreciate your help.
 
Carried out the above tasks ok - deleted Y! Messenger and HijackThis!, copied the fixlist into a file in the same folder as FRST and ran the fix (log attached), and after FRST restarted the PC I also reset IE/Chrome/Firefox.  I've then performed about a half dozen restarts since to observe behaviour.
 
Clearly the system continues to improve - right now about the only things I'm noticing and wondering about are related to the every second boot issues I mentioned in my earlier post. Every second boot AVG starts with it's firewall off - although it does now eventually seem to turn it on, and MBAM starts without Malware protection enabled - and that seems unable to be set (I've tried turning off and on some of the other Protection settings just to ensure there aren't dependencies that for some reason aren't being met, but I don't seem able to turn them on manually, and nor does MBAM when it asks to via system tray notification.
 
I've run another set of FRST reports in case they shed any light... otherwise I'm in your hands as to whether there's something lingering still, or whether this is simply related to reports since MBAM 3.3 (I'm on 3.4.5) that Web and Malware Protection can fail to initiate.  I see  a bunch of videos in Youtube suggesting MBAM should be run as Administrator to overcome the issue (???)  I'm obviously a little cautious given the malware we've been addressing here, so will await your instructions.

 

 
Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by DAL (06-04-2018 01:19:22) Run:1
Running from C:\Users\DAL\Downloads
Loaded Profiles: DAL (Available Profiles: DAL)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF user.js: detected! => C:\Users\DAL\AppData\Roaming\Mozilla\Firefox\Profiles\109a5gv4.default\user.js [2018-04-04]
FF Homepage: Mozilla\Firefox\Profiles\109a5gv4.default -> about:home
FF NetworkProxy: Mozilla\Firefox\Profiles\109a5gv4.default -> type", 4
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} =>  -> No File
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} =>  -> No File
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} =>  -> No File
Task: {404F6959-8D60-4663-9529-28251485E13E} - System32\Tasks\{EA98C426-50FA-47A0-BE86-86682D242A89} => C:\Windows\system32\pcalua.exe -a C:\Users\DAL\Downloads\HijackThis.exe -d C:\Users\DAL\Downloads
Task: {5626277E-7A1C-45EC-AA1F-F953A3BCE789} - System32\Tasks\{B1A5E9BA-50DC-45D1-B47C-4960709D0F42} => C:\Windows\system32\pcalua.exe -a C:\Users\DAL\AppData\Local\Temp\jre-8u101-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {798FE2B6-FF07-41D7-95BC-7ED883F17A14} - System32\Tasks\{05CE819A-C23A-46DB-BF88-9AFE39C6896C} => C:\Windows\system32\pcalua.exe -a C:\Users\DAL\AppData\Local\Temp\jre-8u73-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {84D124DE-E73E-4797-90A8-E6A9CDF71B50} - System32\Tasks\{BD49BB09-91EC-43B7-9415-87C4E5418AE2} => C:\Windows\system32\pcalua.exe -a C:\Users\DAL\AppData\Local\Temp\jre-8u71-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {92235685-14F5-45CB-B7B9-2F6ED53DA792} - System32\Tasks\{BE75C2FE-DFB9-4B6C-885B-6A40FAB24012} => C:\Windows\system32\pcalua.exe -a C:\Users\DAL\AppData\Local\Temp\jre-8u77-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {D9D7E62B-B4A8-4EFA-986E-7697CD620485} - System32\Tasks\{A07142DF-9964-40D6-8E9B-4FA614EC49A1} => C:\Windows\system32\pcalua.exe -a C:\Users\DAL\AppData\Local\Temp\jre-8u111-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {FD49F5F2-C6BB-4F9D-8FFA-3D1EF848EFCD} - System32\Tasks\{F16C49C9-37AB-4155-A05F-224E96EDF738} => C:\Windows\system32\pcalua.exe -a "C:\Users\DAL\Downloads\Windows PC Software\HijackThis\HijackThis.exe" -d "C:\Users\DAL\Downloads\Windows PC Software\HijackThis"
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
 
C:\Windows\System32\Tasks\{EA98C426-50FA-47A0-BE86-86682D242A89}
C:\Windows\System32\Tasks\{B1A5E9BA-50DC-45D1-B47C-4960709D0F42}
C:\Users\DAL\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Windows\System32\Tasks\{05CE819A-C23A-46DB-BF88-9AFE39C6896C}
C:\Users\DAL\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Windows\System32\Tasks\{BD49BB09-91EC-43B7-9415-87C4E5418AE2}
C:\Users\DAL\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Windows\System32\Task: {92235685-14F5-45CB-B7B9-2F6ED53DA792}
C:\Users\DAL\AppData\Local\Temp\jre-8u77-windows-au.exe 
C:\Windows\System32\System32\Tasks\{A07142DF-9964-40D6-8E9B-4FA614EC49A1}
C:\Users\DAL\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Windows\System32\System32\Tasks\{F16C49C9-37AB-4155-A05F-224E96EDF738}
C:\Users\DAL\Downloads\Windows PC Software\HijackThis\HijackThis.exe
 
RemoveProxy:
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
C:\Users\DAL\AppData\Roaming\Mozilla\Firefox\Profiles\109a5gv4.default\user.js => moved successfully
"Firefox homepage" => removed successfully
Firefox Proxy settings were reset.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => removed successfully
"HKLM\System\CurrentControlSet\Services\catchme" => removed successfully
catchme => service removed successfully
"HKLM\System\CurrentControlSet\Services\Partizan" => removed successfully
Partizan => service removed successfully
"HKLM\System\CurrentControlSet\Services\Synth3dVsc" => removed successfully
Synth3dVsc => service removed successfully
"HKLM\System\CurrentControlSet\Services\tsusbhub" => removed successfully
tsusbhub => service removed successfully
"HKLM\System\CurrentControlSet\Services\VGPU" => removed successfully
VGPU => service removed successfully
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MagicISO" => removed successfully
"HKLM\Software\Classes\CLSID\{DB85C504-C730-49DD-BEC1-7B39C6103B7A}" => removed successfully
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MagicISO" => removed successfully
HKLM\Software\Classes\CLSID\{DB85C504-C730-49DD-BEC1-7B39C6103B7A} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\MagicISO" => removed successfully
HKLM\Software\Classes\CLSID\{DB85C504-C730-49DD-BEC1-7B39C6103B7A} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{404F6959-8D60-4663-9529-28251485E13E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{404F6959-8D60-4663-9529-28251485E13E}" => removed successfully
C:\Windows\System32\Tasks\{EA98C426-50FA-47A0-BE86-86682D242A89} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EA98C426-50FA-47A0-BE86-86682D242A89}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5626277E-7A1C-45EC-AA1F-F953A3BCE789}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5626277E-7A1C-45EC-AA1F-F953A3BCE789}" => removed successfully
C:\Windows\System32\Tasks\{B1A5E9BA-50DC-45D1-B47C-4960709D0F42} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B1A5E9BA-50DC-45D1-B47C-4960709D0F42}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{798FE2B6-FF07-41D7-95BC-7ED883F17A14}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{798FE2B6-FF07-41D7-95BC-7ED883F17A14}" => removed successfully
C:\Windows\System32\Tasks\{05CE819A-C23A-46DB-BF88-9AFE39C6896C} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{05CE819A-C23A-46DB-BF88-9AFE39C6896C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84D124DE-E73E-4797-90A8-E6A9CDF71B50}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84D124DE-E73E-4797-90A8-E6A9CDF71B50}" => removed successfully
C:\Windows\System32\Tasks\{BD49BB09-91EC-43B7-9415-87C4E5418AE2} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BD49BB09-91EC-43B7-9415-87C4E5418AE2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92235685-14F5-45CB-B7B9-2F6ED53DA792}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92235685-14F5-45CB-B7B9-2F6ED53DA792}" => removed successfully
C:\Windows\System32\Tasks\{BE75C2FE-DFB9-4B6C-885B-6A40FAB24012} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BE75C2FE-DFB9-4B6C-885B-6A40FAB24012}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9D7E62B-B4A8-4EFA-986E-7697CD620485}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9D7E62B-B4A8-4EFA-986E-7697CD620485}" => removed successfully
C:\Windows\System32\Tasks\{A07142DF-9964-40D6-8E9B-4FA614EC49A1} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A07142DF-9964-40D6-8E9B-4FA614EC49A1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD49F5F2-C6BB-4F9D-8FFA-3D1EF848EFCD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD49F5F2-C6BB-4F9D-8FFA-3D1EF848EFCD}" => removed successfully
C:\Windows\System32\Tasks\{F16C49C9-37AB-4155-A05F-224E96EDF738} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F16C49C9-37AB-4155-A05F-224E96EDF738}" => removed successfully
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully
"C:\Windows\System32\Tasks\{EA98C426-50FA-47A0-BE86-86682D242A89}" => not found
"C:\Windows\System32\Tasks\{B1A5E9BA-50DC-45D1-B47C-4960709D0F42}" => not found
"C:\Users\DAL\AppData\Local\Temp\jre-8u101-windows-au.exe" => not found
"C:\Windows\System32\Tasks\{05CE819A-C23A-46DB-BF88-9AFE39C6896C}" => not found
"C:\Users\DAL\AppData\Local\Temp\jre-8u73-windows-au.exe" => not found
"C:\Windows\System32\Tasks\{BD49BB09-91EC-43B7-9415-87C4E5418AE2}" => not found
"C:\Users\DAL\AppData\Local\Temp\jre-8u71-windows-au.exe" => not found
"C:\Windows\System32\Task: {92235685-14F5-45CB-B7B9-2F6ED53DA792}" => not found
"C:\Users\DAL\AppData\Local\Temp\jre-8u77-windows-au.exe" => not found
"C:\Windows\System32\System32\Tasks\{A07142DF-9964-40D6-8E9B-4FA614EC49A1}" => not found
"C:\Users\DAL\AppData\Local\Temp\jre-8u111-windows-au.exe" => not found
"C:\Windows\System32\System32\Tasks\{F16C49C9-37AB-4155-A05F-224E96EDF738}" => not found
"C:\Users\DAL\Downloads\Windows PC Software\HijackThis\HijackThis.exe" => not found
 
========= RemoveProxy: =========
 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"HKU\S-1-5-21-1521263659-184909051-1479682793-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1521263659-184909051-1479682793-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1521263659-184909051-1479682793-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= IPCONFIG /release =========
 
 
Windows IP Configuration
 
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : fd34:cdbe:2046:3400:952:2fa8:e3a5:8473
   Temporary IPv6 Address. . . . . . : fd34:cdbe:2046:3400:f82b:59dc:1275:d9ed
   Link-local IPv6 Address . . . . . : fe80::952:2fa8:e3a5:8473%10
   Default Gateway . . . . . . . . . : 
 
Tunnel adapter isatap.home:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Local Area Connection* 9:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
========= IPCONFIG /renew =========
 
 
Windows IP Configuration
 
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : home
   IPv6 Address. . . . . . . . . . . : fd34:cdbe:2046:3400:952:2fa8:e3a5:8473
   Temporary IPv6 Address. . . . . . : fd34:cdbe:2046:3400:f82b:59dc:1275:d9ed
   Link-local IPv6 Address . . . . . : fe80::952:2fa8:e3a5:8473%10
   IPv4 Address. . . . . . . . . . . : 192.168.1.11
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
 
Tunnel adapter isatap.home:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
 
Tunnel adapter Local Area Connection* 9:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10378157 B
Java, Flash, Steam htmlcache => 1284 B
Windows/system/drivers => 924152 B
Edge => 0 B
Chrome => 229645102 B
Firefox => 24420653 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 55270351 B
systemprofile32 => 70176 B
LocalService => 0 B
NetworkService => 66228 B
DAL => 32382827 B
 
RecycleBin => 393950 B
EmptyTemp: => 345.2 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 01:20:15 ====
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by DAL (administrator) on DAL-PC (06-04-2018 01:58:09)
Running from C:\Users\DAL\Downloads
Loaded Profiles: DAL (Available Profiles: DAL)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgfwsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
() C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
(ACD Systems) C:\Program Files\ACD Systems\ACDSee Ultimate\10.0\acdIDInTouch2.exe
() C:\Program Files\ACD Systems\ACDSee Ultimate\10.0\ACDSeeCommanderUltimate10.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(Dropbox, Inc.) C:\Users\DAL\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\DAL\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\DAL\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\DAL\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [DellControlPoint] => C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [667648 2009-01-10] (Dell Inc.)
HKLM\...\Run: [ACUW10EN] => C:\Program Files\ACD Systems\ACDSee Ultimate\10.0\acdIDInTouch2.exe [2152392 2016-12-16] (ACD Systems)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKU\S-1-5-21-1521263659-184909051-1479682793-1000\...\Run: [Dropbox Update] => C:\Users\DAL\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-07] (Dropbox, Inc.)
HKU\S-1-5-21-1521263659-184909051-1479682793-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1521263659-184909051-1479682793-1000\...\Run: [ACDSeeCommanderUltimate10] => C:\Program Files\ACD Systems\ACDSee Ultimate\10.0\ACDSeeCommanderUltimate10.exe [3425224 2016-12-16] ()
HKU\S-1-5-21-1521263659-184909051-1479682793-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-07] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk [2014-07-15]
ShortcutTarget: Dell ControlPoint System Manager.lnk -> C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-10-08]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-10-08]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\DAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-03-29]
ShortcutTarget: Dropbox.lnk -> C:\Users\DAL\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\DAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2016-10-28]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\DAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-04-04]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{9110CDBC-48A6-4D3E-BA4D-BA965E60B0E9}: [DhcpNameServer] 8.8.8.8 8.8.4.4 203.109.191.1 203.118.191.1
Tcpip\..\Interfaces\{D0D05949-434C-4CE4-BAA7-8D686365DA41}: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1521263659-184909051-1479682793-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2018-03-25] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-01-21] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2018-03-25] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-04-03] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-21] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-03-25] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-06-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2018-03-25] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2018-03-25] (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-25] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-25] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-25] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-25] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-25] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-25] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-25] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-25] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 4jhsadip.default-1522934917815
FF ProfilePath: C:\Users\DAL\AppData\Roaming\Mozilla\Firefox\Profiles\4jhsadip.default-1522934917815 [2018-04-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-14] ()
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-25] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-25] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-03-25] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-03-25] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 10\npnitromozilla.dll [2015-07-03] (Nitro PDF)
FF Plugin-x32: @nitropdf.com/NitroPDF.PrevVerNPR -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll [2012-06-20] ( )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-24] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-10] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-10] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-10] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-10] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-10] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-10] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1521263659-184909051-1479682793-1000: @citrixonline.com/appdetectorplugin -> C:\Users\DAL\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-12-07] (Citrix Online)
FF Plugin HKU\S-1-5-21-1521263659-184909051-1479682793-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\DAL\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-11-03] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1521263659-184909051-1479682793-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\DAL\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-08-10] (Zoom Video Communications, Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.com/
CHR Profile: C:\Users\DAL\AppData\Local\Google\Chrome\User Data\Default [2018-04-06]
CHR Extension: (AdGuard AdBlocker) - C:\Users\DAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2018-03-15]
CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\DAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2018-02-28]
CHR Extension: (Google Docs Offline) - C:\Users\DAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-16]
CHR Extension: (No Name) - C:\Users\DAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\iddlfhoicnaonfnepnjogldeaifkocae [2017-01-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\DAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-10-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\DAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-03]
CHR Profile: C:\Users\DAL\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-04-06]
CHR HKU\S-1-5-21-1521263659-184909051-1479682793-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [1002552 2017-04-11] (AVG Technologies CZ, s.r.o.)
R2 avgfws; C:\Program Files (x86)\AVG\Av\avgfwsa.exe [1824184 2017-04-11] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5334432 2017-04-11] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [729048 2017-04-11] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8511664 2018-03-19] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 NitroDriverReadSpool10; C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe [324760 2015-07-03] (Nitro PDF Software)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-06-20] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe [418968 2015-07-03] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-15] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-15] (NVIDIA Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-21] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [73992 2016-10-23] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313088 2017-02-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [253184 2017-04-11] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76192 2018-03-19] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2018-04-05] ()
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193768 2018-04-06] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-04-06] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-04-06] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-04-04] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [93816 2018-04-06] (Malwarebytes)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31168 2018-03-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [59240 2017-12-15] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [58816 2018-03-24] (NVIDIA Corporation)
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2014-06-09] (Seiko Epson Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-06 01:56 - 2018-04-06 01:56 - 000093816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-04-06 01:28 - 2018-04-06 01:28 - 000000000 ____D C:\Users\DAL\Desktop\Old Firefox Data
2018-04-06 01:19 - 2018-04-06 01:20 - 000014482 _____ C:\Users\DAL\Downloads\Fixlog.txt
2018-04-06 00:50 - 2018-04-06 00:50 - 004632872 _____ (Microsoft Corporation) C:\Users\DAL\Downloads\Setup.X86.en-US_O365HomePremRetail_03c1b6ce-18d3-4d71-b383-eacfbec4a83b_TX_SG_.exe
2018-04-05 21:23 - 2018-04-05 21:23 - 001169402 _____ C:\Users\DAL\Downloads\AgResearch Scientific Compute Plateform ROI.PDF
2018-04-05 20:33 - 2018-04-05 20:33 - 000066151 _____ C:\Users\DAL\Downloads\Addition_05-04-2018 19.27.27.txt
2018-04-05 20:32 - 2018-04-05 20:32 - 000086438 _____ C:\Users\DAL\Downloads\FRST_05-04-2018 19.27.27.txt
2018-04-05 18:57 - 2018-04-05 18:57 - 000002782 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-04-05 18:51 - 2018-04-06 01:57 - 000193768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-04-05 18:51 - 2018-04-06 01:56 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-04-05 15:26 - 2018-04-05 15:27 - 000000000 ____D C:\Users\DAL\Documents\Eset Online Scanner logs
2018-04-05 10:19 - 2018-04-05 10:19 - 000012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2018-04-05 10:12 - 2018-04-05 10:12 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2018-04-05 10:11 - 2018-04-05 10:20 - 000000000 ____D C:\ProgramData\HitmanPro
2018-04-05 10:09 - 2018-04-05 10:10 - 000000000 ____D C:\Users\DAL\Documents\CCleaner Backups
2018-04-05 10:03 - 2018-04-05 10:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-04-05 10:02 - 2018-04-05 10:02 - 015333312 _____ (Piriform Ltd) C:\Users\DAL\Downloads\ccsetup541pro.exe
2018-04-05 10:01 - 2018-04-05 10:03 - 000000300 ____H C:\Windows\Tasks\CCleaner Update.job
2018-04-05 10:01 - 2018-04-05 10:03 - 000000000 ____D C:\Program Files\CCleaner
2018-04-05 09:34 - 2018-04-05 10:12 - 011605440 _____ (SurfRight B.V.) C:\Users\DAL\Downloads\HitmanPro_x64.exe
2018-04-05 09:28 - 2018-04-05 09:28 - 003927160 _____ (Google) C:\Users\DAL\Downloads\chrome_cleanup_tool.exe
2018-04-05 09:10 - 2018-04-05 09:10 - 007987872 _____ (Piriform Ltd) C:\Users\DAL\Downloads\ccsetup537_slim.exe
2018-04-05 09:07 - 2018-04-05 10:01 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-04-05 09:07 - 2018-04-05 09:07 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\4623F690.sys
2018-04-05 08:52 - 2018-04-06 00:17 - 000066044 _____ C:\Users\DAL\Downloads\Addition.txt
2018-04-05 08:50 - 2018-04-06 02:02 - 000024041 _____ C:\Users\DAL\Downloads\FRST.txt
2018-04-05 07:53 - 2018-04-06 01:58 - 000000000 ____D C:\FRST
2018-04-05 07:24 - 2018-04-05 07:24 - 014178840 _____ (Malwarebytes Corp.) C:\Users\DAL\Downloads\mbar-1.10.3.1001.exe
2018-04-05 06:19 - 2018-04-05 06:39 - 006968952 _____ (ESET spol. s r.o.) C:\Users\DAL\Downloads\esetonlinescanner_enu (2).exe
2018-04-05 06:05 - 2018-04-05 06:05 - 000000000 ____D C:\ProgramData\Sophos
2018-04-05 06:05 - 2018-04-05 06:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2018-04-05 06:05 - 2018-04-05 06:05 - 000000000 ____D C:\Program Files (x86)\Sophos
2018-04-05 00:25 - 2018-04-05 06:02 - 195822952 _____ (Sophos Limited) C:\Users\DAL\Downloads\Sophos Virus Removal Tool.exe
2018-04-04 22:23 - 2018-04-04 22:23 - 002403328 _____ (Farbar) C:\Users\DAL\Downloads\FRST64.exe
2018-04-04 19:55 - 2018-04-04 19:55 - 000000000 ____D C:\Users\DAL\AppData\Local\Zemana
2018-04-04 19:39 - 2018-04-04 19:39 - 000001012 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2018-04-04 17:50 - 2018-04-04 17:51 - 000000000 ____D C:\ProgramData\RegRun
2018-04-04 15:50 - 2018-04-04 13:45 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts.old
2018-04-04 15:49 - 2018-04-04 17:56 - 000000000 ____D C:\Users\Public\Documents\RegRunInfo
2018-04-04 15:49 - 2018-04-04 17:56 - 000000000 ____D C:\Users\DAL\Documents\RegRun2
2018-04-04 15:49 - 2018-04-04 15:49 - 000003316 _____ C:\Windows\System32\Tasks\UnHackMe Task Scheduler
2018-04-04 15:12 - 2018-04-04 15:12 - 006625600 _____ (Zemana Ltd. ) C:\Users\DAL\Downloads\Zemana.AntiMalware.Setup.exe
2018-04-04 14:24 - 2018-04-04 14:25 - 019052632 _____ C:\Users\DAL\Downloads\unhackmeb.zip
2018-04-04 14:09 - 2018-04-04 14:09 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-04-04 14:08 - 2018-04-04 15:32 - 000000000 ____D C:\ProgramData\RogueKiller
2018-04-04 14:08 - 2018-04-04 14:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-04-04 14:08 - 2018-04-04 14:08 - 000000000 ____D C:\Program Files\RogueKiller
2018-04-04 14:03 - 2018-04-04 14:04 - 036501736 _____ (Adlice Software ) C:\Users\DAL\Downloads\RogueKiller_setup_ref3.exe
2018-04-04 13:55 - 2018-04-04 13:55 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\DAL\Downloads\rkill64.exe
2018-04-04 13:52 - 2018-04-04 13:52 - 000039902 _____ C:\ComboFix.txt
2018-04-04 12:25 - 2018-04-06 01:53 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-04-04 12:25 - 2018-04-04 19:40 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-04-04 11:57 - 2011-06-26 18:45 - 000256000 _____ C:\Windows\PEV.exe
2018-04-04 11:57 - 2010-11-08 05:20 - 000208896 _____ C:\Windows\MBR.exe
2018-04-04 11:57 - 2009-04-20 16:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2018-04-04 11:57 - 2000-08-31 12:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2018-04-04 11:57 - 2000-08-31 12:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2018-04-04 11:57 - 2000-08-31 12:00 - 000098816 _____ C:\Windows\sed.exe
2018-04-04 11:57 - 2000-08-31 12:00 - 000080412 _____ C:\Windows\grep.exe
2018-04-04 11:57 - 2000-08-31 12:00 - 000068096 _____ C:\Windows\zip.exe
2018-04-04 11:51 - 2018-04-04 11:51 - 000000000 ____D C:\Users\DAL\Documents\ProcAlyzer Dumps
2018-04-04 11:47 - 2018-04-04 13:52 - 000000000 ____D C:\Qoobox
2018-04-04 11:47 - 2018-04-04 13:50 - 000000000 ____D C:\Windows\erdnt
2018-04-04 11:38 - 2018-04-04 11:46 - 005659794 ____R (Swearware) C:\Users\DAL\Downloads\ComboFix.exe
2018-04-04 11:37 - 2018-04-04 11:37 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\DAL\Downloads\rkill.exe
2018-04-04 10:57 - 2018-04-04 10:58 - 008222496 _____ (Malwarebytes) C:\Users\DAL\Downloads\adwcleaner_7.0.8.0.exe
2018-04-04 10:53 - 2018-04-04 10:53 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\DAL\Downloads\iExplore64.exe
2018-04-04 08:16 - 2018-04-04 08:16 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\DAL\Downloads\iExplore.exe
2018-04-04 00:46 - 2018-04-04 00:46 - 000003922 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-04 00:46 - 2018-04-04 00:46 - 000000000 ____D C:\Users\DAL\ansel
2018-04-04 00:45 - 2017-12-15 14:03 - 000059240 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2018-04-03 19:31 - 2018-04-03 19:31 - 000002417 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2018-04-03 14:51 - 2018-04-03 14:51 - 000000000 ____D C:\Users\Public\Documents\iSumsoft Product Key Finder
2018-04-03 14:51 - 2018-04-03 14:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSumsoft Product Key Finder
2018-04-03 14:34 - 2018-04-05 11:19 - 000000000 ____D C:\Users\DAL\Desktop\Security Tools
2018-04-03 14:34 - 2018-04-03 14:34 - 000000000 ____D C:\Users\DAL\Desktop\EVGA Tools
2018-04-03 14:25 - 2018-04-03 14:26 - 000000000 ____D C:\NPE
2018-04-03 14:21 - 2018-04-03 14:21 - 000000044 _____ C:\Users\DAL\Downloads\Malwarebytes Premium 3.4.5 Serial Key.txt
2018-04-03 14:13 - 2018-04-03 14:13 - 000000000 ____D C:\Users\DAL\Desktop\Post-Win10
2018-04-03 14:13 - 2018-04-03 14:13 - 000000000 ____D C:\Users\DAL\Desktop\Otahuao Images
2018-04-03 13:24 - 2018-04-03 14:43 - 000000000 ____D C:\Users\DAL\AppData\Local\NPE
2018-04-03 13:24 - 2018-04-03 13:25 - 000000000 ____D C:\ProgramData\Norton
2018-04-03 13:19 - 2018-04-03 13:20 - 009494240 _____ (Symantec Corporation) C:\Users\DAL\Downloads\NPE.exe
2018-04-03 13:16 - 2018-04-03 13:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-03 13:16 - 2018-04-03 13:16 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-03 13:16 - 2018-03-19 12:57 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-04-03 08:56 - 2018-04-03 12:09 - 000035592 _____ C:\Windows\system32\avgrep.txt
2018-04-03 08:42 - 2018-04-03 08:42 - 000000258 __RSH C:\Users\DAL\ntuser.pol
2018-04-03 08:29 - 2018-04-03 14:59 - 000000000 ____D C:\Users\DAL\AppData\Local\Trend Micro
2018-04-03 08:29 - 2018-04-03 08:29 - 000000000 ____D C:\Program Files (x86)\Trend Micro
2018-04-03 08:27 - 2018-04-03 08:28 - 000000000 ____D C:\ProgramData\Trend Micro
2018-04-03 07:23 - 2018-04-03 07:23 - 000002599 _____ C:\Users\DAL\Downloads\Office2016 Activator Batch.cmd
2018-04-03 07:16 - 2018-04-03 07:16 - 000002603 _____ C:\Users\DAL\Downloads\Office2016 Activation Batch.cmd
2018-04-03 07:08 - 2018-04-03 07:08 - 000002651 _____ C:\Users\DAL\Downloads\Activate Office 2016.cmd
2018-03-31 15:47 - 2018-03-31 15:47 - 001020406 _____ C:\Users\DAL\Downloads\Gifted  talented students Meeting their needs MINEDU.pdf
2018-03-30 17:38 - 2018-03-28 20:31 - 005583040 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-03-30 17:38 - 2018-03-28 20:09 - 004046016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-03-30 17:38 - 2018-03-28 20:09 - 004026048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-03-29 10:58 - 2018-03-29 10:58 - 000000000 ____D C:\Users\DAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-03-28 15:51 - 2018-03-28 15:47 - 117661308 ____N C:\Users\DAL\Desktop\20180328_164558.mp4
2018-03-28 09:22 - 2018-03-24 11:05 - 000138120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-03-28 09:20 - 2018-03-28 09:20 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2018-03-28 09:18 - 2018-03-26 04:26 - 035624808 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2018-03-28 09:18 - 2018-03-26 04:26 - 028204984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2018-03-28 09:18 - 2018-03-26 04:26 - 017371168 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2018-03-28 09:18 - 2018-03-26 04:25 - 000997792 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-03-28 09:18 - 2018-03-26 04:25 - 000950120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-03-28 09:18 - 2018-03-26 04:25 - 000625592 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-03-28 09:18 - 2018-03-26 04:25 - 000515672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-03-28 09:18 - 2018-03-26 04:24 - 040278616 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-03-28 09:18 - 2018-03-26 04:24 - 035188992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-03-28 09:18 - 2018-03-26 04:24 - 003914784 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-03-28 09:18 - 2018-03-26 04:24 - 003444152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-03-28 09:18 - 2018-03-26 04:24 - 001985112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439135.dll
2018-03-28 09:18 - 2018-03-26 04:24 - 001683712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439135.dll
2018-03-28 09:18 - 2018-03-26 04:24 - 001137056 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-03-28 09:18 - 2018-03-26 04:24 - 001066584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-03-28 09:18 - 2018-03-26 04:13 - 000419672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2018-03-28 09:18 - 2018-03-26 04:12 - 019854816 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-03-28 09:18 - 2018-03-26 04:12 - 016496768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-03-28 09:18 - 2018-03-26 04:12 - 015558928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2018-03-28 09:18 - 2018-03-26 04:12 - 013571520 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-03-28 09:18 - 2018-03-26 04:12 - 011132384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-03-28 09:18 - 2018-03-26 04:12 - 001153752 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-03-28 09:18 - 2018-03-26 04:12 - 000902096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-03-28 09:18 - 2018-03-26 04:12 - 000541856 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-03-28 09:18 - 2018-03-26 04:12 - 000460024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-03-28 09:18 - 2018-03-26 04:12 - 000182784 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2018-03-28 09:18 - 2018-03-26 04:12 - 000165136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2018-03-28 09:18 - 2018-03-26 04:12 - 000159704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2018-03-28 09:18 - 2018-03-26 04:12 - 000142816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2018-03-28 09:18 - 2018-03-26 04:11 - 012967056 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-03-28 09:18 - 2018-03-26 04:11 - 011001504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-03-28 09:18 - 2018-03-24 13:13 - 000226760 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2018-03-28 09:18 - 2018-03-24 13:13 - 000058816 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2018-03-28 09:18 - 2018-03-24 13:13 - 000045600 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2018-03-28 09:18 - 2018-03-24 13:13 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2018-03-28 09:18 - 2018-03-24 13:13 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2018-03-25 19:09 - 2018-03-25 19:31 - 000535023 _____ C:\Users\DAL\Documents\20180316 Resume - Barry Hardy - Imara - International SOS.pdf
2018-03-23 16:54 - 2018-03-23 16:57 - 066864869 _____ C:\Users\DAL\Downloads\facebook-585764921.zip
2018-03-23 16:52 - 2018-03-23 16:53 - 000373717 _____ C:\Users\DAL\Downloads\Parent letter - Hell Pizza Reading Challenge - final (teacher or librarian).pdf
2018-03-20 00:52 - 2018-03-20 00:52 - 000051350 _____ C:\Users\DAL\Downloads\CamScanner-(License)_1.7-Android-1.com.apk
2018-03-19 12:07 - 2018-03-19 12:09 - 060252800 _____ (Skype Technologies S.A.) C:\Users\DAL\Downloads\Skype-8.17.0.2.exe
2018-03-18 15:43 - 2018-03-18 15:43 - 000000000 ____D C:\Users\DAL\Downloads\Fungi
2018-03-14 16:24 - 2018-03-09 15:39 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-03-14 16:24 - 2018-03-09 15:39 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-03-14 16:24 - 2018-03-09 15:39 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-03-14 16:24 - 2018-03-09 15:39 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-03-14 16:24 - 2018-03-09 15:18 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-03-14 16:24 - 2018-03-09 15:09 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 001461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 15:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 14:47 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 14:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 14:38 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-03-14 16:24 - 2018-03-09 14:38 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-03-14 16:24 - 2018-03-09 14:38 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-03-14 16:24 - 2018-03-09 14:37 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-03-14 16:24 - 2018-03-09 14:34 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-03-14 16:24 - 2018-03-09 14:34 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-03-14 16:24 - 2018-03-09 14:33 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-03-14 16:24 - 2018-03-09 14:31 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-03-14 16:24 - 2018-03-09 14:30 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-03-14 16:24 - 2018-03-09 14:30 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-03-14 16:24 - 2018-03-09 14:29 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-03-14 16:24 - 2018-03-09 14:29 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-03-14 16:24 - 2018-03-09 14:26 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-03-14 16:24 - 2018-03-09 14:22 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-03-14 16:24 - 2018-03-09 14:22 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-03-14 16:24 - 2018-03-09 14:22 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-03-14 16:24 - 2018-03-09 14:22 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-03-14 16:24 - 2018-03-09 14:22 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-03-14 16:24 - 2018-03-09 14:21 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 14:21 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 14:21 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-03-14 16:24 - 2018-03-09 14:21 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-03-14 16:24 - 2018-03-01 20:36 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-03-14 16:24 - 2018-02-22 15:28 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-03-14 16:24 - 2018-02-22 15:06 - 000134656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2018-03-14 16:24 - 2018-02-19 09:34 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-03-14 16:24 - 2018-02-17 16:27 - 000395928 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-03-14 16:24 - 2018-02-17 15:36 - 000340088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-03-14 16:24 - 2018-02-17 03:51 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-03-14 16:24 - 2018-02-17 03:51 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-03-14 16:24 - 2018-02-17 03:51 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-03-14 16:24 - 2018-02-17 03:45 - 025742848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-03-14 16:24 - 2018-02-17 03:44 - 013678080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-03-14 16:24 - 2018-02-17 03:24 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-03-14 16:24 - 2018-02-17 03:24 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-03-14 16:24 - 2018-02-17 03:24 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-03-14 16:24 - 2018-02-17 03:19 - 020286976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-03-14 16:24 - 2018-02-17 02:37 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-03-14 16:24 - 2018-02-17 02:37 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-03-14 16:24 - 2018-02-16 03:15 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-03-14 16:24 - 2018-02-16 02:57 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-03-14 16:24 - 2018-02-14 06:17 - 000136384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-03-14 16:24 - 2018-02-14 06:10 - 000655872 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-03-14 16:24 - 2018-02-14 02:05 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-03-14 16:24 - 2018-02-14 02:05 - 001560064 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-03-14 16:24 - 2018-02-14 02:05 - 000740864 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-03-14 16:24 - 2018-02-14 02:05 - 000600576 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-03-14 16:24 - 2018-02-14 02:05 - 000451072 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-03-14 16:24 - 2018-02-14 02:05 - 000380928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-03-14 16:24 - 2018-02-14 02:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-03-14 16:24 - 2018-02-14 02:05 - 000237568 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-03-14 16:24 - 2018-02-11 06:35 - 000367296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-03-14 16:24 - 2018-02-11 06:35 - 000334528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2018-03-14 16:24 - 2018-02-11 06:35 - 000185024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2018-03-14 16:24 - 2018-02-11 06:35 - 000122560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
2018-03-14 16:24 - 2018-02-11 06:35 - 000068288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2018-03-14 16:24 - 2018-02-11 06:35 - 000064192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
2018-03-14 16:24 - 2018-02-11 06:35 - 000063168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
2018-03-14 16:24 - 2018-02-11 06:35 - 000060608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
2018-03-14 16:24 - 2018-02-11 06:35 - 000036032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
2018-03-14 16:24 - 2018-02-11 06:35 - 000031936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
2018-03-14 16:24 - 2018-02-11 06:35 - 000023744 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
2018-03-14 16:24 - 2018-02-11 06:35 - 000020160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
2018-03-14 16:24 - 2018-02-11 06:35 - 000015040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
2018-03-14 16:24 - 2018-02-11 06:35 - 000012096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
2018-03-14 16:24 - 2018-02-11 06:23 - 002292224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2018-03-14 16:24 - 2018-02-11 06:23 - 000330240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2018-03-14 16:24 - 2018-02-11 06:23 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\racpldlg.dll
2018-03-14 16:24 - 2018-02-11 06:11 - 003665920 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2018-03-14 16:24 - 2018-02-11 06:11 - 000369664 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-03-14 16:24 - 2018-02-11 06:11 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\msrahc.dll
2018-03-14 16:24 - 2018-02-11 06:11 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
2018-03-14 16:24 - 2018-02-11 05:55 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-03-14 16:24 - 2018-02-11 05:55 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-03-14 16:24 - 2018-02-11 05:40 - 002901504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-03-14 16:24 - 2018-02-11 05:40 - 000577536 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-03-14 16:24 - 2018-02-11 05:40 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-03-14 16:24 - 2018-02-11 05:40 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-03-14 16:24 - 2018-02-11 05:40 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-03-14 16:24 - 2018-02-11 05:37 - 005779968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-03-14 16:24 - 2018-02-11 05:36 - 000108032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msra.exe
2018-03-14 16:24 - 2018-02-11 05:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdchange.exe
2018-03-14 16:24 - 2018-02-11 05:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb
2018-03-14 16:24 - 2018-02-11 05:32 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-03-14 16:24 - 2018-02-11 05:31 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-03-14 16:24 - 2018-02-11 05:29 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-03-14 16:24 - 2018-02-11 05:28 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-03-14 16:24 - 2018-02-11 05:28 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-03-14 16:24 - 2018-02-11 05:27 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-03-14 16:24 - 2018-02-11 05:27 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-03-14 16:24 - 2018-02-11 05:26 - 000653312 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2018-03-14 16:24 - 2018-02-11 05:26 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe
2018-03-14 16:24 - 2018-02-11 05:25 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys
2018-03-14 16:24 - 2018-02-11 05:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
2018-03-14 16:24 - 2018-02-11 05:25 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2018-03-14 16:24 - 2018-02-11 05:22 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-03-14 16:24 - 2018-02-11 05:20 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-03-14 16:24 - 2018-02-11 05:10 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-03-14 16:24 - 2018-02-11 05:10 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-03-14 16:24 - 2018-02-11 05:09 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-03-14 16:24 - 2018-02-11 05:09 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-03-14 16:24 - 2018-02-11 05:09 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-03-14 16:24 - 2018-02-11 05:09 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-03-14 16:24 - 2018-02-11 05:06 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-03-14 16:24 - 2018-02-11 05:06 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-03-14 16:24 - 2018-02-11 05:03 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-03-14 16:24 - 2018-02-11 05:01 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-03-14 16:24 - 2018-02-11 05:01 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-03-14 16:24 - 2018-02-11 05:00 - 000661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-03-14 16:24 - 2018-02-11 05:00 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-03-14 16:24 - 2018-02-11 05:00 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-03-14 16:24 - 2018-02-11 04:57 - 015281664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-03-14 16:24 - 2018-02-11 04:52 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-03-14 16:24 - 2018-02-11 04:50 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-03-14 16:24 - 2018-02-11 04:50 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-03-14 16:24 - 2018-02-11 04:47 - 002134016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-03-14 16:24 - 2018-02-11 04:47 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-03-14 16:24 - 2018-02-11 04:47 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-03-14 16:24 - 2018-02-11 04:47 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-03-14 16:24 - 2018-02-11 04:46 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-03-14 16:24 - 2018-02-11 04:44 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-03-14 16:24 - 2018-02-11 04:41 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-03-14 16:24 - 2018-02-11 04:40 - 004496384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-03-14 16:24 - 2018-02-11 04:35 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-03-14 16:24 - 2018-02-11 04:34 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-03-14 16:24 - 2018-02-11 04:33 - 002058240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-03-14 16:24 - 2018-02-11 04:33 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-03-14 16:24 - 2018-02-11 04:23 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-03-14 16:24 - 2018-02-11 04:12 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-03-14 16:24 - 2018-02-11 04:11 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-03-14 16:24 - 2018-02-11 04:09 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-03-14 16:24 - 2018-02-03 06:40 - 000114368 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-03-14 16:24 - 2018-02-03 06:29 - 002365952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2018-03-14 16:24 - 2018-02-03 06:29 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2018-03-14 16:24 - 2018-02-03 06:28 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2018-03-14 16:24 - 2018-02-03 06:16 - 003246080 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-03-14 16:24 - 2018-02-03 06:16 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2018-03-14 16:24 - 2018-02-03 06:14 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-03-14 16:24 - 2018-02-03 06:14 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-03-14 16:24 - 2018-02-03 05:46 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2018-03-14 16:24 - 2018-02-03 05:36 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2018-03-14 16:24 - 2018-01-13 04:40 - 000407040 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2018-03-14 16:24 - 2018-01-13 04:26 - 000308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2018-03-14 16:23 - 2018-02-03 06:29 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2018-03-14 16:23 - 2018-02-03 06:16 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2018-03-14 16:23 - 2018-01-16 07:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-03-14 16:23 - 2018-01-16 07:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-03-14 12:10 - 2018-03-14 12:10 - 000004454 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-03-14 10:50 - 2018-03-14 10:50 - 000002332 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-03-09 00:00 - 2018-03-09 00:00 - 000002645 _____ C:\Users\DAL\Downloads\1Click.cmd
2018-03-08 23:42 - 2018-04-01 12:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-03-08 23:42 - 2018-03-08 23:42 - 000002381 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2018-03-08 23:42 - 2018-03-08 23:42 - 000002376 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-03-08 23:42 - 2018-03-08 23:42 - 000002375 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-03-08 23:42 - 2018-03-08 23:42 - 000002339 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-03-08 23:42 - 2018-03-08 23:42 - 000002338 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-03-08 23:42 - 2018-03-08 23:42 - 000002326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-03-08 23:42 - 2018-03-08 23:42 - 000002318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-03-08 22:23 - 2018-03-08 22:23 - 000130452 _____ C:\Users\DAL\Downloads\officeact.diagcab
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-06 01:53 - 2015-05-17 20:08 - 000000910 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1521263659-184909051-1479682793-1000UA.job
2018-04-06 01:52 - 2014-07-15 08:21 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-06 01:51 - 2009-07-14 17:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-06 01:49 - 2009-07-14 16:45 - 000022400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-06 01:49 - 2009-07-14 16:45 - 000022400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-06 01:30 - 2016-11-19 09:21 - 000000000 ____D C:\Users\DAL\AppData\LocalLow\Mozilla
2018-04-06 01:29 - 2014-07-15 03:09 - 000000000 ____D C:\ProgramData\MFAData
2018-04-06 01:12 - 2014-07-15 02:40 - 000000000 ____D C:\Program Files\Microsoft Office
2018-04-06 00:57 - 2009-07-14 15:20 - 000000000 ____D C:\Windows\inf
2018-04-06 00:32 - 2017-10-31 22:10 - 000000000 ____D C:\Users\DAL\Documents\Outlook Files
2018-04-05 23:31 - 2009-07-14 17:13 - 000785942 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-05 21:36 - 2016-11-05 00:06 - 000000000 ____D C:\AdwCleaner
2018-04-05 20:02 - 2014-09-14 21:02 - 000000000 ____D C:\Users\DAL\AppData\Local\ElevatedDiagnostics
2018-04-05 19:52 - 2015-02-24 23:47 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-04-05 19:41 - 2009-07-14 15:20 - 000000000 ____D C:\Windows\registration
2018-04-05 19:09 - 2017-02-06 23:00 - 000000000 ____D C:\Users\DAL\AppData\Local\CrashDumps
2018-04-05 19:08 - 2016-09-21 15:51 - 000003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2018-04-05 18:55 - 2014-07-15 04:06 - 000117632 _____ C:\Users\DAL\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-05 18:54 - 2009-07-14 16:45 - 000469200 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-05 09:08 - 2014-07-15 03:09 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-04 20:39 - 2014-07-15 09:27 - 000000000 ____D C:\Users\DAL\AppData\Local\Apps\2.0
2018-04-04 13:45 - 2009-07-14 14:34 - 000000215 _____ C:\Windows\system.ini
2018-04-04 12:22 - 2009-07-14 14:34 - 145489920 _____ C:\Windows\system32\config\software.bak
2018-04-04 12:22 - 2009-07-14 14:34 - 021233664 _____ C:\Windows\system32\config\system.bak
2018-04-04 12:22 - 2009-07-14 14:34 - 006553600 _____ C:\Windows\system32\config\default.bak
2018-04-04 12:22 - 2009-07-14 14:34 - 000262144 _____ C:\Windows\system32\config\security.bak
2018-04-04 12:22 - 2009-07-14 14:34 - 000262144 _____ C:\Windows\system32\config\sam.bak
2018-04-04 12:16 - 2009-07-14 15:20 - 000000000 ____D C:\Windows\system32\NDF
2018-04-04 11:57 - 2015-05-17 20:08 - 000000858 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1521263659-184909051-1479682793-1000Core.job
2018-04-04 11:55 - 2015-02-24 23:47 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-04-04 02:37 - 2016-03-08 05:16 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-04-04 00:46 - 2017-05-23 14:43 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-04 00:46 - 2016-12-16 06:29 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-04 00:46 - 2016-10-27 19:38 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-04 00:46 - 2016-03-08 05:16 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-04-04 00:46 - 2014-07-15 02:29 - 000000000 ____D C:\Users\DAL
2018-04-04 00:45 - 2016-10-27 19:38 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-04 00:45 - 2016-10-27 19:38 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-04 00:45 - 2016-10-27 19:38 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-04 00:45 - 2016-10-27 19:38 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-04 00:45 - 2014-07-15 08:27 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-04-03 22:15 - 2015-08-10 19:55 - 000000000 ____D C:\Users\DAL\Documents\Internet Bill Payments
2018-04-03 22:15 - 2015-07-17 19:18 - 000000000 ____D C:\Users\DAL\AppData\Roaming\Nitro
2018-04-03 14:59 - 2014-07-15 09:27 - 000000000 ____D C:\Users\DAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2018-04-03 14:02 - 2014-12-20 13:25 - 000002257 _____ C:\Users\DAL\Desktop\Google Chrome.lnk
2018-04-03 14:02 - 2014-07-15 09:18 - 000002232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-04-03 14:02 - 2014-07-15 02:30 - 000001391 _____ C:\Users\DAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-04-03 08:53 - 2016-11-18 08:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-04-03 08:53 - 2014-07-15 09:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-04-03 08:17 - 2014-07-15 02:57 - 000000000 ____D C:\Program Files (x86)\Google
2018-04-03 08:17 - 2009-07-14 15:20 - 000000000 ____D C:\Windows\system32\GroupPolicy
2018-04-02 13:39 - 2014-09-14 21:30 - 000000000 ____D C:\Users\DAL\AppData\Roaming\.minecraft
2018-04-01 15:30 - 2016-02-07 11:51 - 000000000 ____D C:\Users\DAL\Documents\Education
2018-04-01 12:22 - 2017-08-03 22:11 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-04-01 12:20 - 2014-07-16 02:56 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-04-01 12:20 - 2009-07-14 15:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-03-31 12:50 - 2014-07-15 10:25 - 000000000 ____D C:\Users\DAL\AppData\Roaming\Skype
2018-03-29 10:58 - 2014-07-15 03:17 - 000000000 ____D C:\Users\DAL\AppData\Roaming\Dropbox
2018-03-29 01:32 - 2014-07-15 03:44 - 000000000 ____D C:\Users\DAL\AppData\Local\FirestormOS_x64
2018-03-28 22:09 - 2016-03-08 05:18 - 000000000 ____D C:\Users\DAL\AppData\Local\NVIDIA
2018-03-28 09:22 - 2016-03-08 05:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-03-28 09:21 - 2016-03-08 12:32 - 000000000 ____D C:\Users\DAL\AppData\Roaming\NVIDIA
2018-03-28 09:21 - 2016-03-08 03:59 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-03-28 08:53 - 2016-03-08 05:47 - 000000000 ____D C:\Users\DAL\AppData\Local\NVIDIA Corporation
2018-03-26 04:13 - 2016-10-27 20:03 - 022887280 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2018-03-26 04:13 - 2016-10-27 20:03 - 019968176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2018-03-26 04:13 - 2016-10-27 20:03 - 000505232 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2018-03-26 04:12 - 2017-07-26 11:11 - 018910896 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2018-03-26 04:11 - 2016-10-27 20:02 - 004426120 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2018-03-26 04:11 - 2016-10-27 20:02 - 003919352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-03-24 13:13 - 2017-11-09 04:01 - 001682288 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2018-03-24 13:13 - 2017-11-09 02:57 - 000045511 _____ C:\Windows\system32\nvinfo.pb
2018-03-24 11:02 - 2016-10-27 20:05 - 005952392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-03-24 11:02 - 2016-10-27 20:05 - 002596320 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-03-24 11:02 - 2016-10-27 20:05 - 001767824 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-03-24 11:02 - 2016-10-27 20:05 - 000633224 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-03-24 11:02 - 2016-10-27 20:05 - 000451040 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-03-24 11:02 - 2016-10-27 20:05 - 000123840 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-03-24 11:02 - 2016-10-27 20:05 - 000083072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2018-03-21 23:22 - 2016-10-27 20:05 - 008114212 _____ C:\Windows\system32\nvcoproc.bin
2018-03-21 15:10 - 2018-02-14 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-03-20 11:46 - 2017-11-01 09:30 - 000003164 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1521263659-184909051-1479682793-1000
2018-03-20 11:46 - 2017-10-31 20:02 - 000002152 _____ C:\Users\DAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2018-03-20 11:46 - 2017-10-31 20:02 - 000000000 ___RD C:\Users\DAL\OneDrive
2018-03-15 06:27 - 2015-05-17 20:08 - 000000000 ____D C:\Users\DAL\AppData\Local\Dropbox
2018-03-15 03:35 - 2009-07-14 15:20 - 000000000 ____D C:\Windows\rescache
2018-03-15 02:37 - 2014-12-12 02:30 - 000000000 ____D C:\Windows\system32\appraiser
2018-03-15 02:37 - 2009-07-14 15:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-03-15 02:16 - 2014-07-15 08:58 - 000000000 ____D C:\Windows\system32\MRT
2018-03-15 02:09 - 2017-10-12 02:05 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-03-15 02:08 - 2014-07-15 08:58 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-03-15 01:05 - 2016-10-27 19:38 - 002480064 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2018-03-15 01:05 - 2016-10-27 19:38 - 002137024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2018-03-15 01:05 - 2016-10-27 19:38 - 001310144 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2018-03-15 00:44 - 2017-04-07 07:10 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2018-03-14 12:10 - 2015-02-10 16:06 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-03-14 12:10 - 2014-07-15 09:35 - 000804352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-03-14 12:10 - 2014-07-15 09:35 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-14 12:10 - 2014-07-15 09:35 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-03-14 12:10 - 2014-07-15 09:35 - 000000000 ____D C:\Windows\system32\Macromed
 
==================== Files in the root of some directories =======
 
2016-12-15 11:58 - 2016-12-15 12:00 - 000000301 _____ () C:\Users\DAL\AppData\Roaming\FotoSketcher.ini
2017-01-01 14:40 - 2017-01-01 14:40 - 000004608 _____ () C:\Users\DAL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-10 22:07 - 2015-08-10 23:36 - 000007621 _____ () C:\Users\DAL\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-03-29 10:48
 
==================== End of FRST.txt ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by DAL (06-04-2018 02:03:32)
Running from C:\Users\DAL\Downloads
Windows 7 Enterprise Service Pack 1 (X64) (2014-07-14 14:29:25)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1521263659-184909051-1479682793-500 - Administrator - Disabled)
DAL (S-1-5-21-1521263659-184909051-1479682793-1000 - Administrator - Enabled) => C:\Users\DAL
Guest (S-1-5-21-1521263659-184909051-1479682793-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1521263659-184909051-1479682793-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: AVG Internet Security (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Spybot - Search and Destroy (Disabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: AVG Internet Security (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ACDSee Ultimate 10 (64-bit) (HKLM\...\{F1BD782B-A54A-4BC1-9A4E-CF64CFF019BD}) (Version: 10.1.0.867 - ACD Systems International Inc.)
Activision® (HKLM-x32\...\{388DC046-56AD-42F2-AEAD-81B7C47D05AE}) (Version: 1.00.0000 - Activision) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AVG (HKLM\...\{51E31F6F-B8C7-46D9-AFC8-C36F9DE38031}) (Version: 16.151.8013 - AVG Technologies) Hidden
AVG 2016 (HKLM\...\{C19A3151-EC41-4DF4-A2A9-14166CB8649E}) (Version: 16.0.4793 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.151.8013 - AVG Technologies)
Backuptrans Android Viber Transfer (x64) 3.1.30 (HKU\S-1-5-21-1521263659-184909051-1479682793-1000\...\Backuptrans Android Viber Transfer (x64)) (Version: 3.1.30 - Backuptrans)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{982E1601-0DFC-4FD3-A427-AC6570697858}) (Version: 14.0.3.2 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{CC8F903A-9698-4245-9A38-22412DEF1029}) (Version: 1.0.446 - Citrix)
Dell ControlPoint System Manager (HKLM\...\{C8145C55-97E1-4883-8358-5EB0F0CFEB2F}) (Version: 1.2.00000 - Dell Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.35 - NVIDIA Corporation) Hidden
Dropbox (HKU\S-1-5-21-1521263659-184909051-1479682793-1000\...\Dropbox) (Version: 47.3.73 - Dropbox, Inc.)
EPSON TX550W Series Printer Uninstall (HKLM\...\EPSON TX550W Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Config V3 (HKLM-x32\...\{2B0CDD4D-5C1A-47F7-89E2-9BF604670ABC}) (Version: 3.4a - SEIKO EPSON CORPORATION)
EpsonNet Config V4 (HKLM-x32\...\{08013FB5-DF8B-4D29-9B5E-B3DE88EBA6CA}) (Version: 4.5.4 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
Evernote v. 5.4.1 (HKLM-x32\...\{A5F7DF42-F67D-11E3-B7EB-00163E98E7D6}) (Version: 5.4.1.3962 - Evernote Corp.)
EVGA OC Scanner X 3.6.1.2 (64-bit) (HKLM\...\{CC520CF6-B02E-49AA-8192-C1DDC159E0AA}}_is1) (Version:  - EVGA)
EVGA PrecisionX 16 (HKLM-x32\...\{4C5ECFC6-AF6E-42A0-988D-0A5FCBB8F0B9}) (Version: 5.3.11 - EVGA Corporation)
FirestormOS-Releasex64 (HKLM\...\FirestormOS-Releasex64) (Version: 5.0.11.53634 - The Phoenix Firestorm Project, Inc.)
FMW 1 (HKLM\...\{DC2A8E3D-D5E1-4837-A2E0-C308100AC412}) (Version: 1.143.3 - AVG Technologies) Hidden
FotoSketcher 3.20 (HKLM-x32\...\{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1) (Version:  - David THOIRON)
Google Chrome (HKLM-x32\...\{A4DE5CD7-96D6-3979-8C39-E864396AFFC0}) (Version: 65.0.3325.181 - Google, Inc.)
Google Drive (HKLM-x32\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Holiday Pay Calculator (HKLM-x32\...\Holiday Pay Calculator) (Version:  - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
K-Lite Codec Pack 10.6.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.0 - )
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.6.0.0 - Lightworks)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9126.2098 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.9126.2098 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1521263659-184909051-1479682793-1000\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{02BAAFC5-4E16-42E6-A9F6-8DDE0B7ED3B8}) (Version: 1.0.0.0 - Mojang)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 59.0.2.6656 - Mozilla)
Nitro Pro 10 (HKLM\...\{86076244-7714-4956-9E75-D4ECF7D19729}) (Version: 10.5.3.21 - Nitro) Hidden
Nitro Pro 10 (HKLM-x32\...\{625d8bf5-ac56-4518-b67b-28db577e7d2f}) (Version: 10.5.3.21 - Nitro)
Nitro Pro 7 (HKLM\...\{3CBC3942-6847-42D6-AB03-7B543E4549D4}) (Version: 7.4.1.11 - Nitro PDF Software)
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Graphics Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2098 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2098 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.9126.2098 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RogueKiller version 12.12.11.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.11.0 - Adlice Software)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Skylanders Spyro's Adventure™ (HKLM-x32\...\InstallShield_{388DC046-56AD-42F2-AEAD-81B7C47D05AE}) (Version: 1.00.0000 - Activision)
Skype version 8.18 (HKLM-x32\...\Skype_is1) (Version: 8.18 - Skype Technologies S.A.)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{E1BAD1BA-C0E8-4018-9281-E7D2C6B07474}) (Version: 4.3.6 - SEIKO EPSON CORPORATION)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.7250 - Analog Devices)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Unity Web Player (HKU\S-1-5-21-1521263659-184909051-1479682793-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.0 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WhatsApp (HKU\S-1-5-21-1521263659-184909051-1479682793-1000\...\WhatsApp) (Version: 0.2.3572 - WhatsApp)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
WinX HD Video Converter Deluxe 5.6.2 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version:  - Digiarty Software, Inc.)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )
Zoom (HKU\S-1-5-21-1521263659-184909051-1479682793-1000\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1521263659-184909051-1479682793-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\DAL\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1521263659-184909051-1479682793-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-1521263659-184909051-1479682793-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\DAL\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1521263659-184909051-1479682793-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DAL\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1521263659-184909051-1479682793-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DAL\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1521263659-184909051-1479682793-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DAL\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1521263659-184909051-1479682793-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DAL\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1521263659-184909051-1479682793-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DAL\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1521263659-184909051-1479682793-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DAL\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1521263659-184909051-1479682793-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DAL\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1521263659-184909051-1479682793-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DAL\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1521263659-184909051-1479682793-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DAL\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1521263659-184909051-1479682793-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DAL\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1521263659-184909051-1479682793-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\DAL\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DAL\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-29] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DAL\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-29] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DAL\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-29] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DAL\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-29] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DAL\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-29] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DAL\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-29] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DAL\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-29] (Dropbox, Inc.)
ContextMenuHandlers1: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files (x86)\AVG\Av\avgsea.dll [2017-04-11] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro 10\NPShellExtension.dll [2015-07-03] (Nitro PDF)
ContextMenuHandlers1: [NPShellExtension] -> {D7ECBD0E-B8E3-4a0c-9E84-514298EFA583} => C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NPShellExtension64.dll [2012-06-20] ()
ContextMenuHandlers1: [PicaViewCtxMenuShlExt] -> {F3CBBA61-EE3F-4D6D-B1C6-B3474E579936} => C:\Program Files\Common Files\ACD Systems\PicaView\ACDSeePV.dll [2015-08-28] (ACD Systems International Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-06-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-06-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-06-20] (WinZip Computing, S.L.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-06-20] (WinZip Computing, S.L.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation)
ContextMenuHandlers6: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files (x86)\AVG\Av\avgsea.dll [2017-04-11] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-06-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-06-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-06-20] (WinZip Computing, S.L.)
ContextMenuHandlers1_S-1-5-21-1521263659-184909051-1479682793-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\DAL\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-29] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-1521263659-184909051-1479682793-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\DAL\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-29] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-1521263659-184909051-1479682793-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\DAL\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-29] (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02B32CC3-EE20-4BD4-8BB3-B1425775B9D6} - System32\Tasks\{FBE852B1-8FD2-485F-B221-6BB7C9F96568} => C:\Windows\system32\pcalua.exe -a C:\Users\DAL\Downloads\mame0166b_64bit.exe -d C:\Users\DAL\Downloads
Task: {1A2CFD27-0CB9-4732-BDCE-52501D900F9E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-15] (NVIDIA Corporation)
Task: {1FE8D364-233A-4B88-B098-475A8C1D8DB5} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1521263659-184909051-1479682793-1000UA => C:\Users\DAL\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-10-07] (Dropbox, Inc.)
Task: {23580965-EC4C-46E5-A9D9-38438C7A6AD3} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-03-15] (NVIDIA Corporation)
Task: {26609D9E-FB1B-4E78-A5BB-69F6FC15A167} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {29E7DBF2-57AB-4F23-8AC1-59197D27B971} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe
Task: {2F1C2233-A74C-4A62-8C5B-2523FC590CEE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {31FCD6C2-77E6-4A36-BB2D-ECF1A8184CBF} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {326E3355-9070-48DD-AB45-14E6ADFADF5D} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-14] (Adobe Systems Incorporated)
Task: {444A4D4D-89CF-4B3F-A9F3-F3CA785AAC37} - System32\Tasks\EVGAPrecisionX => C:\Program Files (x86)\EVGA\PrecisionX 16\PrecisionX_x64.exe [2016-04-12] (EVGA Corp.)
Task: {47C2A7F3-EFC3-4797-A2A2-A7B887F8818A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-03-15] (NVIDIA Corporation)
Task: {4C545522-7E85-4830-B18F-350C8B748B7D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-25] (Microsoft Corporation)
Task: {53D6F9A4-F359-437B-8525-C139D2900523} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-07] (Piriform Ltd)
Task: {5435DE14-5745-4E83-A5D5-2159A85B64AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {5583538B-9518-4C54-89CC-D747D671635C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-03-25] (Microsoft Corporation)
Task: {6AA9BF05-3EE1-4471-9443-B4E7E746A182} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {6CC6B54D-2732-4137-ABDF-BD3A71045F15} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-03-15] (NVIDIA Corporation)
Task: {6E448337-97A5-45C2-BCFA-AECD31D8ACE2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {7587C037-ADEB-46AA-9680-836AACC8E64C} - System32\Tasks\{FAE3200C-D051-4C16-8DDB-4BB1B483A983} => C:\Windows\system32\pcalua.exe -a C:\Users\DAL\Downloads\epson374983eu.exe -d C:\Users\DAL\Downloads
Task: {853F2AFD-46B1-4A9C-A6CB-330F3F0CE985} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-15] (NVIDIA Corporation)
Task: {89999318-024B-42C2-832C-C97872B8B731} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {8A7C4013-6DAB-4F15-AD18-76C5E64BCCB5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-03-25] (Microsoft Corporation)
Task: {90A1C820-135E-4FE7-BA70-102CF1A783BA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-19] (Microsoft Corporation)
Task: {9888B6DD-691F-4E8F-BBDF-259F725BB495} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-15] (NVIDIA Corporation)
Task: {9D1A7443-5B56-492B-B9FC-1239B0D10005} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-03-25] (Microsoft Corporation)
Task: {A3C41200-D8F3-4155-9B2C-62A2AA5C9803} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-25] (Microsoft Corporation)
Task: {A751C069-A1B7-4134-9FF1-E12DC8553D90} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {AB1D3BB2-B3A5-4ECB-88EB-15A9CEB97476} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-19] (Microsoft Corporation)
Task: {AFFC8257-6C4B-49E9-812E-D0D155DDBDD6} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-12-19] (Oracle Corporation)
Task: {C3213B73-E360-4A7F-838C-AF5BA237F13E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-14] (Adobe Systems Incorporated)
Task: {D3DEAE75-135E-4A70-9E06-C6C217A8CF19} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {D9E9426E-9DC1-4CAC-8CED-D9B7309C67C3} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-03-15] (NVIDIA Corporation)
Task: {E68CC1D6-871C-4021-A57E-C52829309149} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-15] (NVIDIA Corporation)
Task: {FD11B31C-7902-4167-B9CA-16AE6C2792A5} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1521263659-184909051-1479682793-1000Core => C:\Users\DAL\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-10-07] (Dropbox, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1521263659-184909051-1479682793-1000Core.job => C:\Users\DAL\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1521263659-184909051-1479682793-1000UA.job => C:\Users\DAL\AppData\Local\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-03 19:02 - 2015-07-03 19:02 - 000418968 _____ () C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe
2015-07-03 19:02 - 2015-07-03 19:02 - 002543768 _____ () C:\Program Files\Nitro\Pro 10\Nitro_KissMetrics.dll
2016-10-27 19:38 - 2018-03-15 01:05 - 001267648 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-04-03 19:30 - 2018-04-03 19:30 - 008936112 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2018-03-28 09:22 - 2018-03-24 13:13 - 000544192 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll
2016-11-07 23:46 - 2016-12-16 21:31 - 003425224 _____ () C:\Program Files\ACD Systems\ACDSee Ultimate\10.0\ACDSeeCommanderUltimate10.exe
2018-04-03 13:16 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-03 13:16 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-02-23 15:38 - 2018-02-23 15:38 - 000061408 _____ () C:\Program Files\CCleaner\branding.dll
2016-10-27 19:38 - 2018-03-15 01:05 - 001041344 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-03-29 10:58 - 2018-03-29 08:48 - 000866120 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2018-03-29 10:58 - 2018-03-29 08:48 - 002079048 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2018-03-29 10:58 - 2018-03-29 08:46 - 000100312 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2018-03-29 10:58 - 2018-03-29 08:46 - 000018896 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\select.pyd
2018-03-29 10:58 - 2018-03-29 08:51 - 000020808 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2018-03-29 10:58 - 2018-03-29 08:46 - 000035808 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2018-03-29 10:58 - 2018-03-29 08:46 - 000694232 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2018-03-29 10:58 - 2018-03-29 08:49 - 000021856 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2018-03-29 10:58 - 2018-03-29 08:46 - 000130520 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2018-03-29 10:58 - 2018-03-29 08:49 - 001856864 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2018-03-29 10:58 - 2018-03-29 08:49 - 000022880 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2018-03-29 10:58 - 2018-03-29 08:46 - 000145880 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2018-03-29 10:58 - 2018-03-29 08:48 - 000116696 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2018-03-29 10:58 - 2018-03-29 08:46 - 000105944 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\win32api.pyd
2018-03-29 10:58 - 2018-03-29 08:51 - 000022872 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2018-03-29 10:58 - 2018-03-29 08:50 - 000063312 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2018-03-29 10:58 - 2018-03-29 08:46 - 000024536 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\win32event.pyd
2018-03-29 10:58 - 2018-03-29 08:49 - 000077120 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\fastpath.pyd
2018-03-29 10:58 - 2018-03-29 08:48 - 000392664 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2018-03-29 10:58 - 2018-03-29 08:46 - 000020952 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2018-03-29 10:58 - 2018-03-29 08:46 - 000124888 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\win32file.pyd
2018-03-29 10:58 - 2018-03-29 08:46 - 000114136 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\win32security.pyd
2018-03-29 10:58 - 2018-03-29 08:51 - 000392520 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2018-03-29 10:58 - 2018-03-29 08:51 - 000026464 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2018-03-29 10:58 - 2018-03-29 08:46 - 000043480 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\win32process.pyd
2018-03-29 10:58 - 2018-03-29 08:46 - 000024024 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2018-03-29 10:58 - 2018-03-29 08:46 - 000175576 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\win32gui.pyd
2018-03-29 10:58 - 2018-03-29 08:46 - 000030168 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2018-03-29 10:58 - 2018-03-29 08:46 - 000026072 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\win32job.pyd
2018-03-29 10:58 - 2018-03-29 08:46 - 000048600 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\win32service.pyd
2018-03-29 10:58 - 2018-03-29 08:46 - 000057816 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2018-03-29 10:58 - 2018-03-29 08:49 - 000021840 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2018-03-29 10:58 - 2018-03-29 08:51 - 000023376 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.pyd
2018-03-29 10:58 - 2018-03-29 08:49 - 000022864 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.pyd
2018-03-29 10:58 - 2018-03-29 08:51 - 000066400 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2018-03-29 10:58 - 2018-03-29 08:50 - 001798464 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2018-03-29 10:58 - 2018-03-29 08:46 - 000084944 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\sip.pyd
2018-03-29 10:58 - 2018-03-29 08:50 - 001959232 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2018-03-29 10:58 - 2018-03-29 08:50 - 003863880 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2018-03-29 10:58 - 2018-03-29 08:50 - 000155472 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2018-03-29 10:58 - 2018-03-29 08:50 - 000521544 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2018-03-29 10:58 - 2018-03-29 08:50 - 000051024 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.pyd
2018-03-29 10:58 - 2018-03-29 08:50 - 000043336 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2018-03-29 10:58 - 2018-03-29 08:50 - 000131400 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2018-03-29 10:58 - 2018-03-29 08:50 - 000219984 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2018-03-29 10:58 - 2018-03-29 08:50 - 000204104 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2018-03-29 10:58 - 2018-03-29 08:51 - 000025440 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2018-03-29 10:58 - 2018-03-29 08:46 - 000060888 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\win32print.pyd
2018-03-29 10:58 - 2018-03-29 08:51 - 000054616 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2018-03-29 10:58 - 2018-03-29 08:46 - 000024024 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\win32profile.pyd
2018-03-29 10:58 - 2018-03-29 08:51 - 000022880 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2018-03-29 10:58 - 2018-03-29 08:46 - 000028632 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\win32ts.pyd
2018-03-29 10:58 - 2018-03-29 08:51 - 000022368 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2018-03-29 10:58 - 2018-03-29 08:51 - 000021856 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2018-03-29 10:58 - 2018-03-29 08:51 - 000022368 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2018-03-29 10:58 - 2018-03-29 08:49 - 000027496 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2018-03-29 10:58 - 2018-03-29 08:46 - 000349144 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2018-03-29 10:58 - 2018-03-29 08:51 - 000023904 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2018-03-29 10:58 - 2018-03-29 08:50 - 000025432 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2018-03-29 10:58 - 2018-03-29 08:48 - 000036312 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\librsync.dll
2018-03-29 10:58 - 2018-03-29 08:51 - 000021856 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-03-29 10:58 - 2018-03-29 08:49 - 000181064 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2018-03-29 10:58 - 2018-03-29 08:51 - 000030544 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2018-03-29 10:58 - 2018-03-29 08:49 - 000024384 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\libEGL.DLL
2018-03-29 10:58 - 2018-03-29 08:49 - 001638208 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2018-03-29 10:58 - 2018-03-29 08:51 - 000026464 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-03-29 10:58 - 2018-03-29 08:50 - 000546632 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2018-03-29 10:58 - 2018-03-29 08:50 - 000359744 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2018-03-29 10:58 - 2018-03-29 08:50 - 000038216 _____ () C:\Users\DAL\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngine.pyd
2015-02-24 23:47 - 2014-05-13 11:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-24 23:47 - 2014-05-13 11:04 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-24 23:47 - 2014-05-13 11:04 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-11-29 10:01 - 2016-11-29 10:01 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2018-01-11 02:59 - 2018-01-11 02:59 - 000169984 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\77e0fc57caf6f4abe13df2bd87898d57\IsdiInterop.ni.dll
2014-07-15 13:24 - 2010-11-05 23:50 - 000058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7866 more sites.
 
IE trusted site: HKU\S-1-5-21-1521263659-184909051-1479682793-1000\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-1521263659-184909051-1479682793-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1521263659-184909051-1479682793-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1521263659-184909051-1479682793-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1521263659-184909051-1479682793-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1521263659-184909051-1479682793-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1521263659-184909051-1479682793-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1521263659-184909051-1479682793-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1521263659-184909051-1479682793-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1521263659-184909051-1479682793-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1521263659-184909051-1479682793-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1521263659-184909051-1479682793-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1521263659-184909051-1479682793-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1521263659-184909051-1479682793-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1521263659-184909051-1479682793-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1521263659-184909051-1479682793-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1521263659-184909051-1479682793-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1521263659-184909051-1479682793-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1521263659-184909051-1479682793-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1521263659-184909051-1479682793-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1521263659-184909051-1479682793-1000\...\123simsen.com -> www.123simsen.com
 
There are 7864 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 14:34 - 2018-04-04 19:51 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1521263659-184909051-1479682793-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DAL\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{87546ED6-737A-4FD5-B6AA-9DB4DAFE3D42}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{BD9DE269-7F33-4450-8AEC-51A2506D79A8}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{0B399B5C-FA20-49A4-987E-99A054D2C613}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{D2AAF666-111B-4E6B-A9EC-7F0B458523F0}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{9C82DD2B-917D-4F03-A47C-B6F645BD18F3}] => (Allow) C:\Users\DAL\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{594E37C9-9FC7-488D-B72B-9B18B92D6FCE}] => (Allow) C:\Users\DAL\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{24BCFB8F-3721-4A9B-8B19-002934636F51}C:\users\dal\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\dal\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{4C032A89-183E-467D-8BAA-8977C9618D3C}C:\users\dal\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\dal\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{C633FA0C-EE8C-4178-B0CA-0072D6FCE0A7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CABC336A-E729-45DC-BD58-0BABE51ACF58}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{800CAADB-F781-45BD-B74A-D6F02B6A3970}C:\program files (x86)\epsonnet\epsonnet config v3\enconfig.exe] => (Allow) C:\program files (x86)\epsonnet\epsonnet config v3\enconfig.exe
FirewallRules: [UDP Query User{CFED714D-BF17-4DA9-A3CA-D6E6ACEAA4DD}C:\program files (x86)\epsonnet\epsonnet config v3\enconfig.exe] => (Allow) C:\program files (x86)\epsonnet\epsonnet config v3\enconfig.exe
FirewallRules: [TCP Query User{A9C6FD84-2E9F-44A0-95E7-74438C2B68C9}C:\program files (x86)\activision\skylanders spyro's adventure™\skylanders.exe] => (Allow) C:\program files (x86)\activision\skylanders spyro's adventure™\skylanders.exe
FirewallRules: [UDP Query User{819F3D05-442D-4527-8F22-C2896305A32D}C:\program files (x86)\activision\skylanders spyro's adventure™\skylanders.exe] => (Allow) C:\program files (x86)\activision\skylanders spyro's adventure™\skylanders.exe
FirewallRules: [{C9C8A0D9-75E3-4B83-8868-BC9A71CF21C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9836D7A4-889B-4F9C-80C6-5C8493997D9C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{37BC0234-7027-4A98-91C0-C3F2EF3A7A39}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Config V4\ENConfig.exe
FirewallRules: [{088622A2-270B-4D3A-8D4F-21226A6FE7E2}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Config V4\ENConfig.exe
FirewallRules: [TCP Query User{6BABAA84-5DD2-43D2-958B-41C61671DAF1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{97A13B53-46CE-4FFE-BFDD-7C1593FB2418}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{72EB81D6-51EA-4751-8B58-07A0C86B4ACC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6A0CFBE9-CEFC-45D3-8760-3AAF041AE389}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7CD500F0-31D1-4472-98BB-A082B84C98F6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{561030CF-FD0C-4767-A35B-F1A8154FBCEA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D9313E6E-3FA5-47EA-9D1A-823BC0CB37E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{BFA26A3F-AD43-44D2-A7C7-69E974B9602A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{3B8CC40B-42B4-4789-9F51-75F00C049AF7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BAAFC2A9-689B-47C5-9334-E5F586925B5D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CDADEAC4-CFC6-4ED3-98D9-98468A18B38E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{24A05D3E-6D43-4ACB-86FB-9AE9B56170DF}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{6CD6E5F4-0A7B-4157-9087-A8F660F47A87}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{A467E717-1CF2-48E0-832D-3B0E30E490E1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{055D8ACB-8D3A-46B3-9BA0-AF718A52E33A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{0E458E22-4D37-42F7-AC69-7B3479DC89E0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{557EDDBC-02EA-4072-959B-17CB405E21D9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{F8C3D72E-FBA6-4345-80CC-F6ED347D0017}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{698645D3-FB97-4EB3-A32C-90C868741387}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{DEF3A2E4-2BF2-4FEE-BD04-C5EF62C352D2}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{01AAE2A0-D076-4204-A6BF-558CBB44F127}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5E68D44C-376B-4585-874F-4653A5A8CF49}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{D9C74EDB-461E-4F1D-AC93-35BFC4E8BD8A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{135FE73D-4239-427A-AA27-8DE27FD32FD2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{2AB1D64A-BBE0-4208-9CB1-B6A23DC2465A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{7B5C1B9B-E17C-477F-96CF-BE78B28FFED7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{D8249536-9DE6-4657-A716-3926F896C4EA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6F065B5B-A851-4F0A-A998-92706BB8F542}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
04-04-2018 11:57:52 ComboFix created restore point
04-04-2018 16:54:50 UnHackMe Malware Removal
06-04-2018 01:19:23 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/06/2018 01:19:23 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {587744ea-dfc1-4be7-8bf8-1225bc4d0250}
 
Error: (04/06/2018 12:24:10 AM) (Source: Microsoft Office 16) (EventID: 2001) (User: )
Description: Microsoft Outlook: Rejected Safe Mode action : Outlook couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.
 
Do you want to start in safe mode?.
Rejected Safe Mode action : Microsoft Outlook.
 
Error: (04/05/2018 07:08:36 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (04/05/2018 06:57:57 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (04/05/2018 06:57:57 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (04/05/2018 06:57:57 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (04/05/2018 06:57:57 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (04/05/2018 06:57:56 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
 
System errors:
=============
Error: (04/06/2018 01:54:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (04/06/2018 01:54:45 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (04/06/2018 01:52:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/06/2018 01:52:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (04/06/2018 01:52:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (04/06/2018 01:49:44 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
 
Error: (04/06/2018 01:49:10 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (04/06/2018 01:43:58 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
 
Date: 2018-04-04 12:11:08.035
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-04-04 12:11:07.738
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2016-04-26 03:40:02.631
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
Date: 2016-04-26 03:40:02.503
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
Date: 2016-04-26 03:40:02.342
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
Date: 2016-04-25 03:24:30.196
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
Date: 2016-04-25 03:24:30.047
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
Date: 2016-04-25 03:24:29.901
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: Intel® Xeon® CPU E5640 @ 2.67GHz
Percentage of memory in use: 16%
Total physical RAM: 24573.54 MB
Available physical RAM: 20510.58 MB
Total Virtual: 49145.25 MB
Available Virtual: 44829.45 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:230.73 GB) (Free:46.03 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:2 GB) (Free:1.13 GB) NTFS
Drive i: (Elements) (Fixed) (Total:931.51 GB) (Free:114.21 GB) NTFS
 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.8 GB) (Disk ID: 18000000)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=2 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=230.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00051C81)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 


#4 Exodius999

Exodius999
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 05 April 2018 - 09:26 AM

Thanks Nasdaq, appreciate your help.
 
Carried out the above tasks ok - deleted Y! Messenger and HijackThis!, copied the fixlist into a file in the same folder as FRST and ran the fix (log attached), and after FRST restarted the PC I also reset IE/Chrome/Firefox.  I've then performed about a half dozen restarts since to observe behaviour.
 
The system continues to improve - right now about the only things I'm noticing and wondering about are related to the every second boot issues I mentioned in my earlier post. Every second boot AVG starts with it's firewall off - although it does now eventually seem to turn on, and MBAM starts without Malware protection enabled - and that seems unable to be set (I've tried turning off and on some of the other Protection settings just to ensure there aren't dependencies that for some reason aren't being met, but I don't seem able to turn them on manually, and nor does MBAM when it asks to via system tray notification - although I note that seems to have been an issue for some since MBAM3.3 apparently..
 
I've run another set of FRST reports and attach these as well as the Fixlog and await your instructions for next steps.

 

 

Thanks again.

 

 
 

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:08 AM

Posted 05 April 2018 - 01:28 PM

Hi,

Quoted from the Additional.txt log.

Error: (04/06/2018 01:19:23 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {587744ea-dfc1-4be7-8bf8-1225bc4d0250}


Try the suggested fix on this page.

https://www.ryadel.com/en/volume-shadow-copy-service-error-unexpected-error-querying-for-the-ivsswritercallback-interface-how-to-fix-that/

Keep me posted.

#6 Exodius999

Exodius999
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 05 April 2018 - 06:33 PM

Nasdaq

 

OK, sorry for the delay, what looked like being a 5 minute task to address the VSCS error turned into a couple of hours of activity...

 

Anyway...  

 

I opened services.msc...  VSCS was set to Manual, so that explains why it wasn't starting - set to Auto.  For the sake of completeness, I checked Registry and the required DWord keys were present and I added Network Services to the Com security settings - the others were already present.

 

After restarting I discovered we were back in the every second boot loop with MBAM and AVG settings not being held, nor able to be manually set - with the new development that MBAM was also unable on every second boot to load the Anti-rootkit DDA driver.  Looking online there are a number of reports of similar MBAM behavior since the v3.4.5 update.  Looking through 20 or so reports, I decided to cut to the chase... I booted into safe mode, ran MBAM, restarted into Safe mode, ran MBAR, rebooted, ran Clean MBAM and then reinstalled MBAM.  I then rebooted through three separate cycles - none of which exhibited the issues with security settings not being held, then re-ran FRST - logs attached below.  

 

Back into your hands.  Seems to me the system is close to back to normal, but if there are other things to now check,

 

EDIT:  Have subsequently rebooted a number of times - on the most recent occasion MBAM again failed to load the DDA Driver.  Off to research that some more.

Attached Files


Edited by Exodius999, 05 April 2018 - 11:04 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:08 AM

Posted 06 April 2018 - 07:08 AM



Hi,

The most recent Malwarebyte's topic if found this morning.
https://forums.malwarebytes.com/topic/224936-unable-to-load-dda-driver-malwarebtes-344/

Read it. Try to set the delay as suggested.

If all fails then I suggest you start a new topic in the Malwarebytes's forum.

I'm sure they are working on the issue and will provide a new vertsion as soon as possible.

MB Forum
https://forums.malwarebytes.com/

You will have to register if not already subscribed.

I will leave this topic open for 6 days if you need to return please do.

#8 Exodius999

Exodius999
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 06 April 2018 - 11:32 AM

Nasdaq

 

I've made the changes suggested in the MBAM forum posts and will watch developments in the forum there...

 

Thanks for your help over the past day or so.  I'll update here if anything untoward presents, but for now I think things are back on-track.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users