Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Most of my desktop is gone - ALL history in Firefox gone. Lots of files in recyc


  • This topic is locked This topic is locked
36 replies to this topic

#1 hw_g

hw_g

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Calif
  • Local time:04:26 PM

Posted 17 April 2018 - 12:59 PM

Hello,

 

Last night everything was running perfectly.  I only had Firefox opened and was on the internet watching youtube videos and on Facebook.  I closed down the program and shutdown the machine before going to bed.  When I woke up this morning and turned on the pc, all my desktop icons were different!  They had moved, half of them were gone and my recycle bin was full of files.  Programs and files were missing which I did not delete.  There were a lot of files in recycle bin that I didn't put there (most from "dropbox").  Then when I opened up Firefox EVERYTHING was gone!  All my bookmarks which was at least 10 years of research, all my history was gone.  I never delete history and no one uses this machine but me.  What has happened?  IS this a nasty virus?

 

Here is my FRST file:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.04.2018
Ran by roe (administrator) on MININT-VMD2VAN (16-04-2018 19:07:52)
Running from \\NAS1\media\Applications\Backup material for Dell 4-16-2018
Loaded Profiles: roe &  (Available Profiles: roe) <==== ATTENTION (Temporary Profile?)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Farbar) \\NAS1\media\Applications\Backup material for Dell 4-16-2018\FRST64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [722256 2008-12-11] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124512 2007-05-21] (CANON INC.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [468112 2011-07-25] (CANON INC.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [114368 2015-02-06] (VMware, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\...\RunOnce: [416_175010231671] => C:\Program Files (x86)\LMIR0002.tmp_r.bat [512 2018-04-16] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\...\Run: [Dropbox Update] => C:\Users\roe\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\...\Run: [Google Update] => C:\Users\roe\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-13] (Google Inc.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\...\Run: [Yahoo Messenger] => C:\Users\roe\AppData\Local\yahoomessenger\update.exe [1532944 2017-01-27] (GitHub)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\...\Run: [Yahoo Messenger Updater] => C:\Users\roe\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115656 2017-05-12] (Yahoo!, Inc.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\...\Run: [Dropbox Update] => C:\Users\roe\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\...\Run: [Google Update] => C:\Users\roe\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-13] (Google Inc.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\...\Run: [Yahoo Messenger] => C:\Users\roe\AppData\Local\yahoomessenger\update.exe [1532944 2017-01-27] (GitHub)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\...\Run: [Yahoo Messenger Updater] => C:\Users\roe\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115656 2017-05-12] (Yahoo!, Inc.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2012-10-11]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2012-10-11]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\roe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-04-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\TEMP\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F5597A09-EA09-4DA6-BA7D-F3C18DB797A3}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/
hxxp://www.google.com
hxxp://www.google.com
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/
hxxp://www.google.com
hxxp://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155538327 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155559910 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155538888 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155600570 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1927623987-4140155028-186429215-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909 -> DefaultScope {921B0C91-D4D1-47E0-BC6F-6BC968D70D60} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=783055&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909 -> {921B0C91-D4D1-47E0-BC6F-6BC968D70D60} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=783055&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746 -> DefaultScope {921B0C91-D4D1-47E0-BC6F-6BC968D70D60} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=783055&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746 -> {921B0C91-D4D1-47E0-BC6F-6BC968D70D60} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=783055&p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-29] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-29] (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Handler: ipp - No CLSID Value
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: tlpx6ura.default
FF ProfilePath: C:\Users\TEMP\AppData\Roaming\Mozilla\Firefox\Profiles\tlpx6ura.default [2018-04-16]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\TEMP\AppData\Roaming\Mozilla\Firefox\Profiles\tlpx6ura.default\features\{5eec5e4d-2de6-4b66-a1bb-543faeb01af0}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-04-16] [Legacy]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\...\Firefox\Extensions: [uc@uc.com] - C:\Program Files (x86)\Unfriend Checker\FF => not found
FF HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\...\Firefox\Extensions: [uc@uc.com] - C:\Program Files (x86)\Unfriend Checker\FF => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-04-10] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-29] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-01-26] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-10] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-09-21] (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-01-26] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909: @citrixonline.com/appdetectorplugin -> C:\Users\roe\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-10-03] (Citrix Online)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909: @talk.google.com/GoogleTalkPlugin -> C:\Users\roe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909: @talk.google.com/O1DPlugin -> C:\Users\roe\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909: @tools.google.com/Google Update;version=3 -> C:\Users\roe\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909: @tools.google.com/Google Update;version=9 -> C:\Users\roe\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746: @citrixonline.com/appdetectorplugin -> C:\Users\roe\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-10-03] (Citrix Online)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746: @talk.google.com/GoogleTalkPlugin -> C:\Users\roe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746: @talk.google.com/O1DPlugin -> C:\Users\roe\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746: @tools.google.com/Google Update;version=3 -> C:\Users\roe\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746: @tools.google.com/Google Update;version=9 -> C:\Users\roe\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome Canary.5FNUW2REDWPRAH4USZQPBWQJJY - C:\Users\roe\AppData\Local\Google\Chrome SxS\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-02-18] (Nero AG)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [529704 2008-02-28] (Nero AG)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-01-16] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-08-18] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-08-18] (Intuit Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12730048 2015-02-06] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-23] (AVG Technologies)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76192 2018-03-19] ()
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193768 2018-04-16] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-04-16] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-04-16] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-04-16] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [93816 2018-04-16] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [36456 2014-09-13] ()
S3 usbio; C:\Windows\System32\Drivers\dsiarhwprog_x64.sys [51600 2007-02-08] (Thesycon GmbH, Germany)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-01-07] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-08-28] (VMware, Inc.)
U0 aswVmm; no ImagePath
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S1 imbqnrju; \??\C:\Windows\system32\drivers\imbqnrju.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-16 17:19 - 2018-04-15 23:14 - 015728640 _____ C:\Users\TEMP\Desktop\places.sqlite
2018-04-16 17:15 - 2018-04-16 17:15 - 000000703 _____ C:\Program Files (x86)\LMIR0002.tmp.bat
2018-04-16 17:15 - 2018-04-16 17:15 - 000000512 _____ C:\Program Files (x86)\LMIR0002.tmp_r.bat
2018-04-16 16:56 - 2018-04-16 16:58 - 000000000 ____D C:\ProgramData\WRData
2018-04-16 16:53 - 2018-04-16 16:53 - 000000000 ____D C:\Program Files (x86)\LogMeIn Rescue Applet
2018-04-16 16:52 - 2018-04-16 17:16 - 000000000 ____D C:\Users\TEMP\AppData\Local\LogMeIn Rescue Applet
2018-04-16 16:52 - 2018-04-16 16:52 - 002185768 _____ (LogMeIn, Inc.) C:\Users\TEMP\Downloads\Support-LogMeInRescue.exe
2018-04-16 16:26 - 2018-04-16 16:26 - 000000000 ____D C:\Users\TEMP\AppData\Local\TeamViewer
2018-04-16 16:18 - 2018-04-16 16:18 - 000001049 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-04-16 16:18 - 2018-04-16 16:18 - 000001037 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-04-16 16:18 - 2018-04-16 16:18 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\TeamViewer
2018-04-16 16:16 - 2018-04-16 16:16 - 020367104 _____ (TeamViewer GmbH) C:\Users\TEMP\Downloads\TeamViewer_Setup.exe
2018-04-16 15:52 - 2018-04-16 16:59 - 000093816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-04-16 15:52 - 2018-04-16 15:52 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-04-16 15:52 - 2018-04-16 15:52 - 000193768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-04-16 15:52 - 2018-04-16 15:52 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-04-16 15:52 - 2018-04-16 15:52 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-04-16 15:52 - 2018-04-16 15:52 - 000001873 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-16 15:52 - 2018-04-16 15:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-16 15:52 - 2018-04-16 15:52 - 000000000 ____D C:\ProgramData\MB2Migration
2018-04-16 15:52 - 2018-04-16 15:52 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-16 15:52 - 2018-03-19 12:57 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-04-16 15:51 - 2018-04-16 15:51 - 073446016 _____ (Malwarebytes ) C:\Users\TEMP\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4756.exe
2018-04-16 11:43 - 2018-04-16 11:43 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\WinRAR
2018-04-16 11:27 - 2018-04-16 18:07 - 000000000 ____D C:\Users\TEMP\AppData\LocalLow\Mozilla
2018-04-16 11:27 - 2018-04-16 11:31 - 000000000 ____D C:\Users\TEMP\AppData\Local\Mozilla
2018-04-16 11:27 - 2018-04-16 11:27 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Mozilla
2018-04-16 11:24 - 2018-04-16 11:24 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Sun
2018-04-16 11:24 - 2018-04-16 11:24 - 000000000 ____D C:\Users\TEMP\AppData\LocalLow\Sun
2018-04-16 11:20 - 2018-04-16 11:20 - 000000000 ____D C:\Users\TEMP\AppData\Local\Intuit
2018-04-16 11:19 - 2018-04-16 16:36 - 000108608 _____ C:\Users\TEMP\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-16 11:19 - 2018-04-16 11:26 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Canon
2018-04-16 11:19 - 2018-04-16 11:19 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Apple Computer
2018-04-16 11:18 - 2018-04-16 11:18 - 000001419 _____ C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-04-16 11:18 - 2018-04-16 11:18 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Adobe
2018-04-16 11:18 - 2018-04-16 11:18 - 000000000 ____D C:\Users\TEMP\AppData\Local\Google
2018-04-16 11:17 - 2018-04-16 11:17 - 000000000 ____D C:\Users\TEMP\AppData\Local\VirtualStore
2018-04-16 11:16 - 2018-04-16 11:18 - 000000000 ____D C:\Users\TEMP
2018-04-16 11:16 - 2018-04-16 11:16 - 000000020 ___SH C:\Users\TEMP\ntuser.ini
2018-04-16 11:16 - 2010-11-21 00:16 - 000000000 ___HD C:\Users\TEMP\AppData\Roaming\Media Center Programs
2018-04-14 10:51 - 2018-03-30 19:09 - 005583040 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-04-14 10:51 - 2018-03-30 19:09 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-04-14 10:51 - 2018-03-30 19:09 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-04-14 10:51 - 2018-03-30 19:09 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-04-14 10:51 - 2018-03-30 19:09 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-04-14 10:51 - 2018-03-30 18:45 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-04-14 10:51 - 2018-03-30 18:39 - 004046528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-04-14 10:51 - 2018-03-30 18:39 - 003958464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-04-14 10:51 - 2018-03-30 18:38 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 001461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:12 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:06 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-04-14 10:51 - 2018-03-30 18:06 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-04-14 10:51 - 2018-03-30 18:06 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-04-14 10:51 - 2018-03-30 18:06 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-04-14 10:51 - 2018-03-30 18:03 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-04-14 10:51 - 2018-03-30 18:02 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-04-14 10:51 - 2018-03-30 18:02 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-04-14 10:51 - 2018-03-30 17:59 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-04-14 10:51 - 2018-03-30 17:58 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-04-14 10:51 - 2018-03-30 17:58 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-04-14 10:51 - 2018-03-30 17:58 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-04-14 10:51 - 2018-03-30 17:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-04-14 10:51 - 2018-03-30 17:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-04-14 10:51 - 2018-03-30 17:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-04-14 10:51 - 2018-03-30 17:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-04-14 10:51 - 2018-03-30 17:47 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-04-14 10:51 - 2018-03-30 17:47 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-04-14 10:51 - 2018-03-30 17:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 17:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 17:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 17:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 17:47 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-04-14 10:51 - 2018-03-28 00:30 - 003225600 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-04-14 10:51 - 2018-03-23 11:50 - 000396952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-04-14 10:51 - 2018-03-23 10:59 - 000348824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-04-14 10:51 - 2018-03-22 16:00 - 025742336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-04-14 10:51 - 2018-03-22 14:32 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-04-14 10:51 - 2018-03-22 14:32 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-04-14 10:51 - 2018-03-22 14:26 - 020287488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-04-14 10:51 - 2018-03-22 14:19 - 002901504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-04-14 10:51 - 2018-03-22 14:18 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-04-14 10:51 - 2018-03-22 14:17 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-04-14 10:51 - 2018-03-22 14:17 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-04-14 10:51 - 2018-03-22 14:17 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-04-14 10:51 - 2018-03-22 14:17 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-04-14 10:51 - 2018-03-22 14:15 - 005780480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-04-14 10:51 - 2018-03-22 14:10 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-04-14 10:51 - 2018-03-22 14:09 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-04-14 10:51 - 2018-03-22 14:07 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-04-14 10:51 - 2018-03-22 14:06 - 000794112 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-04-14 10:51 - 2018-03-22 14:06 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-04-14 10:51 - 2018-03-22 14:06 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-04-14 10:51 - 2018-03-22 14:05 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-04-14 10:51 - 2018-03-22 14:04 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-04-14 10:51 - 2018-03-22 13:58 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-04-14 10:51 - 2018-03-22 13:55 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-04-14 10:51 - 2018-03-22 13:52 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-04-14 10:51 - 2018-03-22 13:52 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-04-14 10:51 - 2018-03-22 13:51 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-04-14 10:51 - 2018-03-22 13:51 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-04-14 10:51 - 2018-03-22 13:50 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-04-14 10:51 - 2018-03-22 13:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-04-14 10:51 - 2018-03-22 13:48 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-04-14 10:51 - 2018-03-22 13:48 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-04-14 10:51 - 2018-03-22 13:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-04-14 10:51 - 2018-03-22 13:45 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-04-14 10:51 - 2018-03-22 13:45 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-04-14 10:51 - 2018-03-22 13:45 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-04-14 10:51 - 2018-03-22 13:44 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-04-14 10:51 - 2018-03-22 13:43 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-04-14 10:51 - 2018-03-22 13:42 - 000661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-04-14 10:51 - 2018-03-22 13:42 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-04-14 10:51 - 2018-03-22 13:42 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-04-14 10:51 - 2018-03-22 13:41 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-04-14 10:51 - 2018-03-22 13:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-04-14 10:51 - 2018-03-22 13:33 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-04-14 10:51 - 2018-03-22 13:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-04-14 10:51 - 2018-03-22 13:29 - 015282688 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-04-14 10:51 - 2018-03-22 13:29 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-04-14 10:51 - 2018-03-22 13:29 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-04-14 10:51 - 2018-03-22 13:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-04-14 10:51 - 2018-03-22 13:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-04-14 10:51 - 2018-03-22 13:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-04-14 10:51 - 2018-03-22 13:27 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-04-14 10:51 - 2018-03-22 13:27 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-04-14 10:51 - 2018-03-22 13:25 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-04-14 10:51 - 2018-03-22 13:25 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-04-14 10:51 - 2018-03-22 13:24 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-04-14 10:51 - 2018-03-22 13:22 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-04-14 10:51 - 2018-03-22 13:21 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-04-14 10:51 - 2018-03-22 13:20 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-04-14 10:51 - 2018-03-22 13:17 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-04-14 10:51 - 2018-03-22 13:15 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-04-14 10:51 - 2018-03-22 13:15 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-04-14 10:51 - 2018-03-22 13:14 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-04-14 10:51 - 2018-03-22 13:14 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-04-14 10:51 - 2018-03-22 13:04 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-04-14 10:51 - 2018-03-22 12:55 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-04-14 10:51 - 2018-03-22 12:53 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-04-14 10:51 - 2018-03-22 12:52 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-04-14 10:51 - 2018-03-22 12:51 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-04-14 10:51 - 2018-03-10 10:11 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2018-04-14 10:51 - 2018-03-09 11:18 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-04-14 10:51 - 2018-03-09 11:12 - 000383680 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-04-14 10:51 - 2018-03-09 11:12 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-04-14 10:51 - 2018-03-09 11:12 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-04-14 10:51 - 2018-03-09 11:12 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-04-14 10:51 - 2018-03-09 11:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-04-14 10:51 - 2018-03-09 11:07 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-04-14 10:51 - 2018-03-09 11:07 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-04-14 10:51 - 2018-03-09 11:07 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-04-14 10:51 - 2018-03-09 11:06 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-04-14 10:51 - 2018-03-09 11:06 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-04-14 10:51 - 2018-03-09 10:31 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-04-14 10:51 - 2018-03-06 11:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2018-04-14 10:51 - 2018-03-06 11:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
2018-04-14 10:51 - 2018-03-06 11:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
2018-04-14 10:51 - 2018-03-06 11:10 - 000170176 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2018-04-14 10:51 - 2018-03-06 11:07 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2018-04-14 10:51 - 2018-03-06 11:07 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000063832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000020824 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000019800 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000922944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000066392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000019800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000016216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000015704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-04-12 07:53 - 2018-03-14 10:14 - 000135360 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-04-12 07:53 - 2018-03-14 10:09 - 000656384 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-04-12 07:53 - 2018-03-14 06:05 - 001993728 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-04-12 07:53 - 2018-03-14 06:05 - 001559552 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-04-12 07:53 - 2018-03-14 06:05 - 000739840 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-04-12 07:53 - 2018-03-14 06:05 - 000599552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-04-12 07:53 - 2018-03-14 06:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-04-12 07:53 - 2018-03-14 06:05 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-04-12 07:53 - 2018-03-14 06:05 - 000291840 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-04-12 07:53 - 2018-03-14 06:05 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-04-12 07:39 - 2018-04-12 07:39 - 000000000 ____D C:\Users\roe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-03-31 13:39 - 2018-03-31 13:40 - 293312529 _____ C:\Users\roe\Downloads\CutYourCravings.com.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-16 19:07 - 2014-09-11 17:52 - 000000000 ____D C:\FRST
2018-04-16 19:04 - 2015-06-17 18:23 - 000000910 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1927623987-4140155028-186429215-1003UA.job
2018-04-16 18:48 - 2009-07-13 21:45 - 000021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-16 18:48 - 2009-07-13 21:45 - 000021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-16 17:24 - 2009-07-13 22:13 - 000801124 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-16 17:24 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2018-04-16 16:20 - 2012-03-25 19:36 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-04-16 15:52 - 2014-09-11 05:19 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-04-16 15:52 - 2013-01-20 12:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-16 11:45 - 2012-01-26 15:06 - 000000376 _____ C:\Windows\ODBC.INI
2018-04-16 11:17 - 2015-03-04 18:24 - 000000000 ____D C:\ProgramData\VMware
2018-04-16 11:16 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-15 23:15 - 2017-05-12 16:42 - 000000000 ____D C:\Users\roe\AppData\Roaming\Yahoo Messenger
2018-04-15 13:37 - 2016-11-18 08:36 - 000000000 ____D C:\Users\roe\AppData\LocalLow\Mozilla
2018-04-15 11:53 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\rescache
2018-04-15 11:07 - 2012-01-06 09:00 - 000000000 ____D C:\ProgramData\Sonic
2018-04-15 11:04 - 2009-07-13 21:45 - 000424464 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-15 11:00 - 2018-02-15 09:31 - 000000000 ____D C:\Windows\system32\appraiser
2018-04-14 21:55 - 2013-08-14 21:11 - 000000000 ____D C:\Windows\system32\MRT
2018-04-14 21:45 - 2017-10-11 19:47 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-04-14 21:45 - 2012-01-30 13:26 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-04-13 08:04 - 2015-06-17 18:23 - 000000858 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1927623987-4140155028-186429215-1003Core.job
2018-04-12 07:39 - 2014-10-29 09:12 - 000000000 ____D C:\Users\roe\AppData\Roaming\Dropbox
2018-04-10 16:44 - 2018-03-14 08:50 - 000004470 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-04-10 16:44 - 2012-07-30 09:58 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-04-10 16:44 - 2012-07-10 21:55 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-04-10 16:44 - 2012-01-26 14:05 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-04-10 16:44 - 2012-01-26 14:05 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-04-10 16:44 - 2012-01-26 14:03 - 000000000 ____D C:\Windows\system32\Macromed
2018-04-09 07:54 - 2016-11-30 21:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-04-09 07:54 - 2014-06-09 18:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-04-08 18:13 - 2017-10-25 17:50 - 000000979 _____ C:\Users\roe\Desktop\PotPlayer 64 bit.lnk
2018-03-31 13:09 - 2013-02-19 10:33 - 000000000 ____D C:\Program Files (x86)\Google
2018-03-28 11:38 - 2015-06-17 18:23 - 000000000 ____D C:\Users\roe\AppData\Local\Dropbox
2018-03-23 20:38 - 2018-02-03 20:28 - 000000000 ____D C:\Users\roe\AppData\Local\JDownloader v2.0
2018-03-23 14:25 - 2012-03-11 19:24 - 000002421 _____ C:\Users\roe\AppData\Roaming\Microsoft\Windows\Sta

 

Here is the addition file:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by roe (16-04-2018 19:26:24)
Running from \\NAS1\media\Applications\Backup material for Dell 4-16-2018
Windows 7 Home Premium Service Pack 1 (X64) (2012-01-26 20:50:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1927623987-4140155028-186429215-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1927623987-4140155028-186429215-1006 - Limited - Enabled)
Guest (S-1-5-21-1927623987-4140155028-186429215-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1927623987-4140155028-186429215-1004 - Limited - Enabled)
roe (S-1-5-21-1927623987-4140155028-186429215-1003 - Administrator - Enabled) => C:\Users\TEMP

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Active@ File Recovery 10 (HKLM-x32\...\{3CC0667D-93D8-40F9-8614-1A02C20411BE}_is1) (Version: 10 - LSoft Technologies Inc)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
AnyTrans (HKLM-x32\...\AnyTrans) (Version: 5.5.2.0 - iMobie Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre 64bit (HKLM\...\{7A073C16-B3B5-4913-8457-262B6E17947A}) (Version: 2.5.0 - Kovid Goyal)
CamStudio OSS Desktop Recorder (HKLM-x32\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 2.1 (HKLM-x32\...\MP Navigator EX 2.1) (Version:  - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version:  - )
Canon MX860 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series) (Version:  - )
Canon MX890 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series) (Version:  - )
Canon MX890 series On-screen Manual (HKLM-x32\...\Canon MX890 series On-screen Manual) (Version:  - )
Canon MX890 series User Registration (HKLM-x32\...\Canon MX890 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.4.0 - Conexant)
ConverterLite 1.6.3 (HKLM-x32\...\ConverterLite) (Version: 1.6.3 - ConverterLite)
ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3426 - CyberLink Corp.)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
Download Manager (HKLM-x32\...\Download Manager) (Version:  - WiseDownloads)
Dropbox (HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\...\Dropbox) (Version: 47.4.74 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\...\Dropbox) (Version: 47.4.74 - Dropbox, Inc.)
DVDFab 8.2.2.6 (25/12/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
GnuWin32: Wget-1.11.4-1 (HKLM-x32\...\Wget-1.11.4-1_is1) (Version: 1.11.4-1 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Chrome (HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Chrome (HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\...\Google Chrome SxS) (Version: 67.0.3364.1 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\...\Google Chrome SxS) (Version: 67.0.3364.1 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 5.9.0.1207 (HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\...\GoToMeeting) (Version: 5.9.0.1207 - CitrixOnline)
GoToMeeting 5.9.0.1207 (HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\...\GoToMeeting) (Version: 5.9.0.1207 - CitrixOnline)
iExplorer (HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\...\2ee35ebaf226322a) (Version: 4.1.4.1 - Macroplant LLC)
iExplorer (HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\...\2ee35ebaf226322a) (Version: 4.1.4.1 - Macroplant LLC)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Junk Mail filter update (HKLM-x32\...\{E2DFE069-083E-4631-9B6C-43C48E991DE5}) (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malware Hunter Suite version 4.26.12.4815 (HKLM-x32\...\Malware Hunter Suite_is1) (Version: 4.26.12.4815 - Malware Hunter Suite)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Media Player Classic - Home Cinema v1.5.2.3456 x64 (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Office 2003 Primary Interop Assemblies (HKLM-x32\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{e9d78d68-c26c-4da7-9158-99355d8ef3ad}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{6E586250-4F69-44AC-8502-153592B01033}) (Version: 8.3.59 - Nero AG)
Pdfedit (HKLM-x32\...\{6C11089A-E23F-4E9B-B12C-316BF1A4376B}) (Version: 4.5.0.0 - PdfEdit team)
PhotoShowExpress (HKLM-x32\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) Hidden
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 1.7.10667 - Kakao Corp.)
PotPlayer-64 bit (HKLM-x32\...\PotPlayer64) (Version: 1.7.8557 - Kakao Corp.)
QuickBooks (HKLM-x32\...\{3167CC62-C775-4E47-92C1-73EBB845751A}) (Version: 23.0.4012.2305 - Intuit Inc.) Hidden
QuickBooks Pro 2013 (HKLM-x32\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4001.2305 - Intuit Inc.)
QuickBooks Product Listing Service (HKLM-x32\...\{91208A47-5D08-4C79-986F-1931940F51BB}) (Version: 2.0.148 - Intuit)
Quicken 2008 (HKLM-x32\...\{3B0F52AC-EF5C-4831-B221-06C782E41280}) (Version: 17.1.1.24 - Intuit)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden
ScreenRecorder (HKLM\...\{55A9972B-EA29-43C3-94B6-7A178D6F2E11}) (Version: 4.0.0 - Burak Uysaler)
Seagate Manager Installer (HKLM-x32\...\{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate) Hidden
Seagate Manager Installer (HKLM-x32\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) Hidden
SuperBird version 33.0.1750.12 (HKLM-x32\...\{057C6E61-96A1-4502-B00D-E52A5F7E50E9}_is1) (Version: 33.0.1750.12 - )
SupportSoft Agent Controls (HKLM-x32\...\{D0BC2DE7-CA1D-41DA-B096-68695B4AC5C3}) (Version: 1.02.0006 - SupportSoft)
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 7.6.64.0 - 2BrightSparks)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.8.8 - Tweaking.com)
VdhCoApp 1.0.10 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
VMware Workstation (HKLM\...\{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}) (Version: 11.1.0 - VMware, Inc.) Hidden
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 11.1.0 - VMware, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series x64 Edition (HKLM\...\Windows Media Encoder 9) (Version:  - )
WinRAR 4.10 beta 2 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.10.2 - win.rar GmbH)
WinSCP 3.6.7 (HKLM-x32\...\winscp3_is1) (Version: 3.6.7 - Martin Prikryl)
WinZip 11.1 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}) (Version: 11.1.7466 - WinZip Computing, S.L. )
Yahoo Messenger (HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\...\yahoomessenger) (Version: 0.8.288 - Yahoo! Inc)
Yahoo Messenger (HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\...\yahoomessenger) (Version: 0.8.288 - Yahoo! Inc)
Youtube Downloader HD v. 2.9.9.30 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)
YTD Toolbar v7.0 (HKLM-x32\...\{0C1B3A6B-B467-474D-97E4-D8BAC3E839CD}) (Version: 7.0 - Spigot, Inc.) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1207\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1207\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ContextMenuHandlers1: [iSafeRKScan] -> {5411D116-5A37-47D4-B154-5F7FCD9062F0} =>  -> No File
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [2008-02-28] (Nero AG)
ContextMenuHandlers1-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1-x32: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2010-11-10] (TODO: <Company name>)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2011-10-20] ()
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2011-10-20] ()
ContextMenuHandlers1-x32-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2007-04-11] (WinZip Computing LP)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2015-02-06] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2015-02-06] (VMware, Inc.)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [iSafeRKScan] -> {5411D116-5A37-47D4-B154-5F7FCD9062F0} =>  -> No File
ContextMenuHandlers4-x32: [DiskInternals_Uneraser] -> {0AF221E8-29B6-46EB-B420-DC696F042596} => C:\Program Files (x86)\DiskInternals\Uneraser\contmenu.dll [2005-01-15] ()
ContextMenuHandlers4-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4-x32: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4-x32: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2011-10-20] ()
ContextMenuHandlers4-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2011-10-20] ()
ContextMenuHandlers4-x32-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2007-04-11] (WinZip Computing LP)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-08-31] (Intel Corporation)
ContextMenuHandlers6: [iSafeRKScan] -> {5411D116-5A37-47D4-B154-5F7FCD9062F0} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2011-10-20] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2011-10-20] ()
ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2007-04-11] (WinZip Computing LP)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {094959DC-7CD9-4A1C-8B35-4E260D1E22DC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1927623987-4140155028-186429215-1003UA => C:\Users\roe\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {283BD316-94ED-4DFE-9070-9B29225823E7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {29F6B296-E806-4B90-B3CB-63165044C58E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3F6C81A2-8DB0-46A6-9BD6-A4D5D90EABA1} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1927623987-4140155028-186429215-1003Core => C:\Users\roe\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {42020D79-F83E-4349-BA15-5BA0CDD68114} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {75D1F6B4-2CF0-4C70-AB19-09779510C909} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-01-17] (Adobe Systems Incorporated)
Task: {82C4D4E4-FE1D-40E6-AD64-0D2A21DC912B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A3726D9B-857C-4A7F-AE40-29E83C00B862} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1927623987-4140155028-186429215-1003UA => C:\Users\roe\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C25A2164-942F-4F56-8A90-1046C809F03A} - System32\Tasks\{DEBEF7ED-D1E4-4012-B8A4-F292FAA13F50} => C:\Windows\system32\pcalua.exe -a C:\Users\roe\Downloads\mx860swin64102ea24.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {CCFC23FA-5A02-4906-AF0A-BF4926D798E1} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe
Task: {D305AEAA-8A84-4B67-85F3-372CDA191CCD} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {EF9D38BE-C4D2-433D-A088-764E8D4BE53A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2018-02-01] (AVAST Software)
Task: {F89BB78F-7C4D-418C-91CE-AF45EED0E9D5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1927623987-4140155028-186429215-1003Core => C:\Users\roe\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {FA21289F-2D33-48CE-A77E-648428408D0B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1927623987-4140155028-186429215-1003Core.job => C:\Users\roe\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1927623987-4140155028-186429215-1003UA.job => C:\Users\roe\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-03-16 16:08 - 2017-03-16 16:08 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-16 16:08 - 2017-03-16 16:08 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-06 19:14 - 2015-02-06 19:14 - 012730048 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2012-01-06 10:23 - 2011-01-27 06:11 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-04-16 15:52 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-16 15:52 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2010-01-02 07:42 - 2010-01-02 07:42 - 000098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-06-09 20:20 - 2011-10-20 12:47 - 000193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2015-02-06 19:40 - 2015-02-06 19:40 - 001301696 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2015-02-06 19:14 - 2015-02-06 19:14 - 000191680 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll
2015-02-06 19:14 - 2015-02-06 19:14 - 000388288 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
2015-02-06 19:14 - 2015-02-06 19:14 - 000194752 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:9E00596C [376]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2018-02-14 18:50 - 000002688 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
0.0.0.0    choice.microsoft.com
0.0.0.0    choice.microsoft.com.nstac.net
0.0.0.0    df.telemetry.microsoft.com
0.0.0.0    oca.telemetry.microsoft.com
0.0.0.0    oca.telemetry.microsoft.com.nsatc.net
0.0.0.0    redir.metaservices.microsoft.com
0.0.0.0    reports.wes.df.telemetry.microsoft.com
0.0.0.0    services.wes.df.telemetry.microsoft.com
0.0.0.0    settings-sandbox.data.microsoft.com
0.0.0.0    settings-win.data.microsoft.com
0.0.0.0    sqm.df.telemetry.microsoft.com
0.0.0.0    sqm.telemetry.microsoft.com
0.0.0.0    sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0    telecommand.telemetry.microsoft.com
0.0.0.0    telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0    telemetry.appex.bing.net
0.0.0.0    telemetry.microsoft.com
0.0.0.0    telemetry.urs.microsoft.com
0.0.0.0    vortex-sandbox.data.microsoft.com
0.0.0.0    vortex-win.data.microsoft.com
0.0.0.0    vortex.data.microsoft.com
0.0.0.0    watson.telemetry.microsoft.com
0.0.0.0    watson.telemetry.microsoft.com.nsatc.net
0.0.0.0    watson.ppe.telemetry.microsoft.com
0.0.0.0    wes.df.telemetry.microsoft.com
0.0.0.0    vortex-bn2.metron.live.com.nsatc.net
0.0.0.0    vortex-cy2.metron.live.com.nsatc.net
0.0.0.0    watson.live.com
0.0.0.0    watson.microsoft.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1927623987-4140155028-186429215-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539263\Control Panel\Desktop\\Wallpaper -> C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155601103\Control Panel\Desktop\\Wallpaper -> C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155539909\Control Panel\Desktop\\Wallpaper -> C:\Users\roe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1927623987-4140155028-186429215-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162018155609746\Control Panel\Desktop\\Wallpaper -> C:\Users\roe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\Windows\pss\Intuit Data Protect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\roe\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightShot => C:\Users\roe\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
MSCONFIG\startupreg: MaxMenuMgr => "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{02DB270C-5AF2-4BF9-B4F0-404FD13DD03A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{B30759AA-65ED-4FBE-9498-097EA4886014}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{9D8A85E1-9EF9-422C-ADCD-C92D4FECD11D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{90C08369-A3AE-4A46-BCEE-E35B6F2EE440}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F37995A6-9BF9-43F4-B756-456566E30407}] => (Allow) svchost.exe
FirewallRules: [{FE5FD8FE-B3D9-4B77-9CF2-1766E6264195}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{A9657E08-4FA3-4B37-9D57-056DF014BD47}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{38E8CFD8-06BA-477A-9E1F-D9230328E1D8}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{992FBC1F-6228-4F45-BE31-11050D0D6164}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{A6CB0659-71D6-42F0-9000-B4A826D201D8}] => (Allow) C:\Users\roe\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{23EB1640-6664-4E9E-BA0F-FCF1938B8BD2}] => (Allow) C:\Users\roe\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{755F1A47-52F2-465F-ABDB-1A0197B7BE6A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D02871FE-A561-4783-BD04-4B3A9FA142C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{95F33A3C-A7D8-440C-888D-F56BF04402B0}C:\users\roe\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\roe\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{9AF2E337-7473-4E53-A021-8F219E2C9B3F}C:\users\roe\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\roe\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{344E5DF7-4C11-46B7-926D-6CCD1F87E539}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{1FF7FCC5-B101-43DD-A950-B88D518678DD}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{5A2C344F-1CB1-4252-854A-76A3257EA9AC}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{C981B44F-5458-4C25-9F62-90AAAB85F409}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [TCP Query User{C422658C-82B7-4E7E-8B13-029646DC5D81}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{32AF91DB-6F80-41B6-A5AD-B9977A1F9E7A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{A5240355-2638-4D00-BF61-4904418BB0B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1A62DF2E-90B3-4123-8D69-DCF71E8CFE5E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{8FEA8979-780D-4CA2-9D3B-3DAADCB8822C}C:\users\roe\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\roe\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [UDP Query User{DA7DD000-CD19-47BD-AEC5-49873BB35869}C:\users\roe\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\roe\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [TCP Query User{E5073A2F-89B6-429F-BB7D-BEAB59A3A8C0}\\nas1\media\applications\foxit adobe pdf file editor\foxit pdf editor\pdf editor pro v1.4 cracked\pdfedit.exe] => (Allow) \\nas1\media\applications\foxit adobe pdf file editor\foxit pdf editor\pdf editor pro v1.4 cracked\pdfedit.exe
FirewallRules: [UDP Query User{062C3D4A-5A87-41D7-9D07-AFF4DC6B6BD2}\\nas1\media\applications\foxit adobe pdf file editor\foxit pdf editor\pdf editor pro v1.4 cracked\pdfedit.exe] => (Allow) \\nas1\media\applications\foxit adobe pdf file editor\foxit pdf editor\pdf editor pro v1.4 cracked\pdfedit.exe
FirewallRules: [TCP Query User{678F1852-101F-4A95-BF22-88F8E444E364}C:\users\roe\appdata\local\google\chrome sxs\application\chrome.exe] => (Block) C:\users\roe\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [UDP Query User{E3A941B8-2B5F-4A86-BA49-3A9C7F78DA56}C:\users\roe\appdata\local\google\chrome sxs\application\chrome.exe] => (Block) C:\users\roe\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [{E8B96D11-C117-45AC-AB1D-28F1FB18DF28}] => (Allow) C:\Users\roe\AppData\Local\Google\Chrome SxS\Application\chrome.exe
FirewallRules: [{C7D8CDBF-3494-4A37-9745-0F75BF92E796}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F766A6CE-9124-4C55-85FB-1C2E23EC0BC2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CA79DF5B-2686-4AEB-AD9D-6F36E6BC84AE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{298239FD-9806-4630-B292-BE30A63E58EE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{287DB61D-E062-4A64-AA3E-D402438CEB09}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{DFC1E867-CDD5-4AA6-9FC3-1855EF21CBD0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F2953CA2-769D-478B-9F6B-F15741745C42}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{505A0864-252F-4B20-A843-EC1AF5824D79}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{28818685-50AA-4BA9-970B-23174BF01C6F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2ED194ED-D25E-4F01-9A4B-63679F53CD7D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Restore Points =========================

12-04-2018 20:09:13 Windows Update
14-04-2018 21:39:53 Windows Update

==================== Faulty Device Manager Devices =============

Name: Canon MX860 ser Network
Description: Canon MX860 ser Network
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Canon
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2018 06:30:06 PM) (Source: VSS) (EventID: 12298) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be held during the shadow copy creation period on volume \\?\Volume{6f617495-388c-11e1-8b93-806e6f6e6963}\.
The volume index in the shadow copy set is 0. Error details: Open[0x00000000, The operation completed successfully.
], Flush[0x00000000, The operation completed successfully.
], Release[0x80042314, The shadow copy provider timed out while holding writes to the volume being shadow copied. This is probably due to excessive activity on the volume by an application or a system service. Try again later when activity on the volume is reduced.
], OnRun[0x00000000, The operation completed successfully.
].


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (04/16/2018 06:29:46 PM) (Source: System Restore) (EventID: 8200) (User: )
Description: Failed to initiate System Restore (Windows Update).

Error: (04/16/2018 06:28:12 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1927623987-4140155028-186429215-1003.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {9366ec5a-0ad9-4cb9-af49-ce081dc11f08}

Error: (04/16/2018 06:23:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1927623987-4140155028-186429215-1003.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {9366ec5a-0ad9-4cb9-af49-ce081dc11f08}

Error: (04/16/2018 06:19:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1927623987-4140155028-186429215-1003.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {9366ec5a-0ad9-4cb9-af49-ce081dc11f08}

Error: (04/16/2018 06:04:32 PM) (Source: System Restore) (EventID: 8200) (User: )
Description: Failed to initiate System Restore (Windows Update).

Error: (04/16/2018 05:54:47 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1927623987-4140155028-186429215-1003.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {328ebb11-2f6b-4df2-859e-4bdfb9d1db77}

Error: (04/16/2018 11:30:32 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.


System errors:
=============
Error: (04/16/2018 06:30:06 PM) (Source: volsnap) (EventID: 8) (User: )
Description: The flush and hold writes operation on volume C: timed out while waiting for a release writes command.

Error: (04/15/2018 11:16:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/14/2018 09:55:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/13/2018 09:45:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/12/2018 08:10:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/10/2018 08:46:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/10/2018 08:46:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (04/09/2018 08:53:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 50%
Total physical RAM: 6056.63 MB
Available physical RAM: 3002.13 MB
Total Virtual: 12111.43 MB
Available Virtual: 9202.46 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:917.84 GB) (Free:585.58 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:13.67 GB) (Free:7.11 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 81BD192C)
Partition 1: (Active) - (Size=917.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Any help would be appreciated!  Thank you!



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:26 PM

Posted 17 April 2018 - 03:10 PM

Hi, welcome.

 

Seems that you were unable to logon to your profile, and Windows created a temporary profile for you. Open a command prompt. Copy and paste the following command at the prompt and press Enter.

 

Reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s > "%userprofile%\desktop\profile.txt"

 

Post the profile.txt file's contents that will appear on your desktop in your next reply.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 hw_g

hw_g
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Calif
  • Local time:04:26 PM

Posted 17 April 2018 - 04:59 PM

Thank you very much for helping me!  Sorry about the multiple posts...the forum kept 'timing out' on me so it looked like it did not post.

 

Here is the file you requested:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
    ProfilesDirectory    REG_EXPAND_SZ    %SystemDrive%\Users
    Default    REG_EXPAND_SZ    %SystemDrive%\Users\Default
    Public    REG_EXPAND_SZ    %SystemDrive%\Users\Public
    ProgramData    REG_EXPAND_SZ    %SystemDrive%\ProgramData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
    Flags    REG_DWORD    0xc
    State    REG_DWORD    0x0
    RefCount    REG_DWORD    0x1
    Sid    REG_BINARY    010100000000000512000000
    ProfileImagePath    REG_EXPAND_SZ    %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
    ProfileImagePath    REG_EXPAND_SZ    C:\Windows\ServiceProfiles\LocalService
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
    ProfileImagePath    REG_EXPAND_SZ    C:\Windows\ServiceProfiles\NetworkService
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1927623987-4140155028-186429215-1003
    ProfileImagePath    REG_EXPAND_SZ    C:\Users\roe
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x0
    Sid    REG_BINARY    0105000000000005150000003335E57294C0C5F61FAF1C0BEB030000
    ProfileLoadTimeLow    REG_DWORD    0x0
    ProfileLoadTimeHigh    REG_DWORD    0x0
    RefCount    REG_DWORD    0x2
    RunLogonScriptSync    REG_DWORD    0x0

Thanks!!!



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:26 PM

Posted 17 April 2018 - 07:09 PM

Seems someone made changes to the registry.

 

There was a profile as:

 

S-1-5-21-1927623987-4140155028-186429215-1003.bak

 

And another as:

 

S-1-5-21-1927623987-4140155028-186429215-1003

 

Now, only the latest is written. Was there a change in Registry?

 

Please post new Frst.txt and addition.txt  logs under this profile and let me know if your desktop has returned.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 hw_g

hw_g
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Calif
  • Local time:04:26 PM

Posted 17 April 2018 - 07:29 PM

There most likely were changes to the registry because I removed some programs like VMware.  I don't use it and was trying to clean off programs that I no longer use and won't use.  I will post new Frst.txt and addition.txt shortly.

 

Thanks!!!



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:26 PM

Posted 17 April 2018 - 07:49 PM

There was definitely a change in your profile. Is your desktop back?


Edited by JSntgRvr, 17 April 2018 - 07:49 PM.
typo

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 hw_g

hw_g
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Calif
  • Local time:04:26 PM

Posted 17 April 2018 - 09:36 PM

Here is FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.04.2018
Ran by roe (administrator) on MININT-VMD2VAN (17-04-2018 19:22:23)
Running from \\NAS1\media\Applications\Backup material for Dell 4-16-2018
Loaded Profiles: roe &  (Available Profiles: roe)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
(Google Inc.) C:\Users\roe\AppData\Local\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Dropbox, Inc.) C:\Users\roe\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Users\roe\AppData\Local\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Yahoo! Inc) C:\Users\roe\AppData\Local\yahoomessenger\app-0.8.288\Yahoo Messenger.exe
(Dropbox, Inc.) C:\Users\roe\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\roe\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Yahoo! Inc) C:\Users\roe\AppData\Local\yahoomessenger\app-0.8.288\Yahoo Messenger.exe
(Yahoo! Inc) C:\Users\roe\AppData\Local\yahoomessenger\app-0.8.288\Yahoo Messenger.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) \\NAS1\media\Applications\Backup material for Dell 4-16-2018\FRST64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [722256 2008-12-11] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124512 2007-05-21] (CANON INC.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [468112 2011-07-25] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003\...\Run: [Dropbox Update] => C:\Users\roe\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003\...\Run: [Google Update] => C:\Users\roe\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-13] (Google Inc.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003\...\Run: [Yahoo Messenger] => C:\Users\roe\AppData\Local\yahoomessenger\update.exe [1532944 2017-01-27] (GitHub)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003\...\Run: [Yahoo Messenger Updater] => C:\Users\roe\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115656 2017-05-12] (Yahoo!, Inc.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720\...\Run: [Dropbox Update] => C:\Users\roe\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720\...\Run: [Google Update] => C:\Users\roe\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-13] (Google Inc.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720\...\Run: [Yahoo Messenger] => C:\Users\roe\AppData\Local\yahoomessenger\update.exe [1532944 2017-01-27] (GitHub)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720\...\Run: [Yahoo Messenger Updater] => C:\Users\roe\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115656 2017-05-12] (Yahoo!, Inc.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698\...\Run: [Dropbox Update] => C:\Users\roe\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698\...\Run: [Google Update] => C:\Users\roe\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-13] (Google Inc.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698\...\Run: [Yahoo Messenger] => C:\Users\roe\AppData\Local\yahoomessenger\update.exe [1532944 2017-01-27] (GitHub)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698\...\Run: [Yahoo Messenger Updater] => C:\Users\roe\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115656 2017-05-12] (Yahoo!, Inc.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2012-10-11]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2012-10-11]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\roe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-04-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\roe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F5597A09-EA09-4DA6-BA7D-F3C18DB797A3}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-1927623987-4140155028-186429215-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
HKU\S-1-5-21-1927623987-4140155028-186429215-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/
hxxp://www.google.com
hxxp://www.google.com
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/
hxxp://www.google.com
hxxp://www.google.com
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/
hxxp://www.google.com
hxxp://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938161 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145002882 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938379 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145004600 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1927623987-4140155028-186429215-1003 -> DefaultScope {921B0C91-D4D1-47E0-BC6F-6BC968D70D60} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=783055&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1927623987-4140155028-186429215-1003 -> {921B0C91-D4D1-47E0-BC6F-6BC968D70D60} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=783055&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720 -> DefaultScope {921B0C91-D4D1-47E0-BC6F-6BC968D70D60} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=783055&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720 -> {921B0C91-D4D1-47E0-BC6F-6BC968D70D60} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=783055&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698 -> DefaultScope {921B0C91-D4D1-47E0-BC6F-6BC968D70D60} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=783055&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698 -> {921B0C91-D4D1-47E0-BC6F-6BC968D70D60} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=783055&p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-29] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-29] (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Handler: ipp - No CLSID Value
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
 



#8 hw_g

hw_g
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Calif
  • Local time:04:26 PM

Posted 17 April 2018 - 09:39 PM

My desktop is back, but still have problems.  Computer is bogged down



#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:26 PM

Posted 17 April 2018 - 10:50 PM

I am sorry, but the log is incomplete. I need to see both, frst.txt and addition.txt.

 

Open FRST64.

  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 hw_g

hw_g
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Calif
  • Local time:04:26 PM

Posted 17 April 2018 - 10:57 PM

Hmmm, it didn't output an addition...I need to run again.



#11 hw_g

hw_g
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Calif
  • Local time:04:26 PM

Posted 18 April 2018 - 10:42 AM

OK, had to run again.  Here is FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.04.2018
Ran by roe (administrator) on MININT-VMD2VAN (17-04-2018 21:02:18)
Running from C:\Users\roe\Desktop
Loaded Profiles: roe &  (Available Profiles: roe)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
(Google Inc.) C:\Users\roe\AppData\Local\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Dropbox, Inc.) C:\Users\roe\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Users\roe\AppData\Local\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Yahoo! Inc) C:\Users\roe\AppData\Local\yahoomessenger\app-0.8.288\Yahoo Messenger.exe
(Dropbox, Inc.) C:\Users\roe\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\roe\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Yahoo! Inc) C:\Users\roe\AppData\Local\yahoomessenger\app-0.8.288\Yahoo Messenger.exe
(Yahoo! Inc) C:\Users\roe\AppData\Local\yahoomessenger\app-0.8.288\Yahoo Messenger.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Users\roe\AppData\Local\Google\Update\Install\{3D318380-32A7-456C-84CE-BC1F59701B95}\68.0.3398.0_chrome_installer.exe
(Google Inc.) C:\Users\roe\AppData\Local\Temp\CR_D014A.tmp\setup.exe
(Google Inc.) C:\Users\roe\AppData\Local\Temp\CR_D014A.tmp\setup.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [722256 2008-12-11] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124512 2007-05-21] (CANON INC.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [468112 2011-07-25] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003\...\Run: [Dropbox Update] => C:\Users\roe\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003\...\Run: [Google Update] => C:\Users\roe\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-13] (Google Inc.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003\...\Run: [Yahoo Messenger] => C:\Users\roe\AppData\Local\yahoomessenger\update.exe [1532944 2017-01-27] (GitHub)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003\...\Run: [Yahoo Messenger Updater] => C:\Users\roe\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115656 2017-05-12] (Yahoo!, Inc.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720\...\Run: [Dropbox Update] => C:\Users\roe\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720\...\Run: [Google Update] => C:\Users\roe\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-13] (Google Inc.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720\...\Run: [Yahoo Messenger] => C:\Users\roe\AppData\Local\yahoomessenger\update.exe [1532944 2017-01-27] (GitHub)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720\...\Run: [Yahoo Messenger Updater] => C:\Users\roe\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115656 2017-05-12] (Yahoo!, Inc.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698\...\Run: [Dropbox Update] => C:\Users\roe\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698\...\Run: [Google Update] => C:\Users\roe\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-13] (Google Inc.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698\...\Run: [Yahoo Messenger] => C:\Users\roe\AppData\Local\yahoomessenger\update.exe [1532944 2017-01-27] (GitHub)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698\...\Run: [Yahoo Messenger Updater] => C:\Users\roe\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115656 2017-05-12] (Yahoo!, Inc.)
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2012-10-11]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2012-10-11]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\roe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-04-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\roe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F5597A09-EA09-4DA6-BA7D-F3C18DB797A3}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-1927623987-4140155028-186429215-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
HKU\S-1-5-21-1927623987-4140155028-186429215-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/
hxxp://www.google.com
hxxp://www.google.com
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/
hxxp://www.google.com
hxxp://www.google.com
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/
hxxp://www.google.com
hxxp://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938161 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145002882 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938379 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145004600 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1927623987-4140155028-186429215-1003 -> DefaultScope {921B0C91-D4D1-47E0-BC6F-6BC968D70D60} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=783055&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1927623987-4140155028-186429215-1003 -> {921B0C91-D4D1-47E0-BC6F-6BC968D70D60} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=783055&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720 -> DefaultScope {921B0C91-D4D1-47E0-BC6F-6BC968D70D60} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=783055&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720 -> {921B0C91-D4D1-47E0-BC6F-6BC968D70D60} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=783055&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698 -> DefaultScope {921B0C91-D4D1-47E0-BC6F-6BC968D70D60} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=783055&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698 -> {921B0C91-D4D1-47E0-BC6F-6BC968D70D60} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=783055&p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-29] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-29] (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Handler: ipp - No CLSID Value
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\roe\AppData\Roaming\Mozilla\Firefox\Profiles\zl6yzdaz.default [2018-04-17]
FF Homepage: Mozilla\Firefox\Profiles\zl6yzdaz.default -> moz-extension://64c47cb3-192e-45fe-9847-1ebc1a93a31b/newtab/newtab.html
FF NewTab: Mozilla\Firefox\Profiles\zl6yzdaz.default -> about:newtab
FF HomepageOverride: Mozilla\Firefox\Profiles\zl6yzdaz.default -> Enabled: web@Converter
FF NewTabOverride: Mozilla\Firefox\Profiles\zl6yzdaz.default -> Enabled: web@Converter
FF Extension: (Cryptocat) - C:\Users\roe\AppData\Roaming\Mozilla\Firefox\Profiles\zl6yzdaz.default\Extensions\cryptocat@crypto.cat.xpi [2016-04-28] [Legacy]
FF Extension: (Looking Glass) - C:\Users\roe\AppData\Roaming\Mozilla\Firefox\Profiles\zl6yzdaz.default\Extensions\pug.experience@shield.mozilla.org.xpi [2017-12-13] [Legacy]
FF Extension: (EPUBReader) - C:\Users\roe\AppData\Roaming\Mozilla\Firefox\Profiles\zl6yzdaz.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}.xpi [2017-08-01]
FF Extension: (NoScript) - C:\Users\roe\AppData\Roaming\Mozilla\Firefox\Profiles\zl6yzdaz.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-04-08]
FF Extension: (Video DownloadHelper) - C:\Users\roe\AppData\Roaming\Mozilla\Firefox\Profiles\zl6yzdaz.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-03-31]
FF SearchPlugin: C:\Users\roe\AppData\Roaming\Mozilla\Firefox\Profiles\zl6yzdaz.default\searchplugins\search provided by bing.xml [2018-02-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF HKU\S-1-5-21-1927623987-4140155028-186429215-1003\...\Firefox\Extensions: [uc@uc.com] - C:\Program Files (x86)\Unfriend Checker\FF => not found
FF HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720\...\Firefox\Extensions: [uc@uc.com] - C:\Program Files (x86)\Unfriend Checker\FF => not found
FF HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698\...\Firefox\Extensions: [uc@uc.com] - C:\Program Files (x86)\Unfriend Checker\FF => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-04-10] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-29] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-01-26] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-10] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-09-21] (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-01-26] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003: @citrixonline.com/appdetectorplugin -> C:\Users\roe\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-10-03] (Citrix Online)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\roe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003: @talk.google.com/O1DPlugin -> C:\Users\roe\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003: @tools.google.com/Google Update;version=3 -> C:\Users\roe\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003: @tools.google.com/Google Update;version=9 -> C:\Users\roe\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720: @citrixonline.com/appdetectorplugin -> C:\Users\roe\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-10-03] (Citrix Online)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720: @talk.google.com/GoogleTalkPlugin -> C:\Users\roe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720: @talk.google.com/O1DPlugin -> C:\Users\roe\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720: @tools.google.com/Google Update;version=3 -> C:\Users\roe\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720: @tools.google.com/Google Update;version=9 -> C:\Users\roe\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698: @citrixonline.com/appdetectorplugin -> C:\Users\roe\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-10-03] (Citrix Online)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698: @talk.google.com/GoogleTalkPlugin -> C:\Users\roe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698: @talk.google.com/O1DPlugin -> C:\Users\roe\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698: @tools.google.com/Google Update;version=3 -> C:\Users\roe\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698: @tools.google.com/Google Update;version=9 -> C:\Users\roe\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\roe\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-11-28] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\roe\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\roe\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\roe\AppData\Local\Google\Chrome\User Data\Default [2018-02-13]
CHR Extension: (Slides) - C:\Users\roe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-05]
CHR Extension: (Docs) - C:\Users\roe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-05]
CHR Extension: (Google Drive) - C:\Users\roe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-16]
CHR Extension: (YouTube) - C:\Users\roe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-16]
CHR Extension: (Google Search) - C:\Users\roe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-14]
CHR Extension: (Frame by Frame for YouTube™) - C:\Users\roe\AppData\Local\Google\Chrome\User Data\Default\Extensions\elkadbdicdciddfkdpmaolomehalghio [2016-07-02]
CHR Extension: (Sheets) - C:\Users\roe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-05]
CHR Extension: (Google Docs Offline) - C:\Users\roe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\roe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24]
CHR Extension: (Gmail) - C:\Users\roe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-14]
CHR Extension: (Chrome Media Router) - C:\Users\roe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-09]
CHR HKLM\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1927623987-4140155028-186429215-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome Canary.5FNUW2REDWPRAH4USZQPBWQJJY - C:\Users\roe\AppData\Local\Google\Chrome SxS\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-02-18] (Nero AG)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [529704 2008-02-28] (Nero AG)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-01-16] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-08-18] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-08-18] (Intuit Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-23] (AVG Technologies)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76192 2018-03-19] ()
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193768 2018-04-17] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-04-17] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-04-17] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-04-17] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [93816 2018-04-17] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [36456 2014-09-13] ()
S3 usbio; C:\Windows\System32\Drivers\dsiarhwprog_x64.sys [51600 2007-02-08] (Thesycon GmbH, Germany)
U0 aswVmm; no ImagePath
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S1 imbqnrju; \??\C:\Windows\system32\drivers\imbqnrju.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-17 21:01 - 2018-04-16 19:03 - 002403328 _____ (Farbar) C:\Users\roe\Desktop\FRST64.exe
2018-04-17 14:55 - 2018-04-17 14:55 - 000001605 _____ C:\Users\roe\Desktop\profile.txt
2018-04-16 16:56 - 2018-04-16 16:58 - 000000000 ____D C:\ProgramData\WRData
2018-04-16 16:18 - 2018-04-16 16:18 - 000001049 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-04-16 16:18 - 2018-04-16 16:18 - 000001037 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-04-16 15:52 - 2018-04-17 18:50 - 000093816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-04-16 15:52 - 2018-04-17 14:41 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-04-16 15:52 - 2018-04-17 14:40 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-04-16 15:52 - 2018-04-17 14:39 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-04-16 15:52 - 2018-04-17 14:33 - 000193768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-04-16 15:52 - 2018-04-16 15:52 - 000001873 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-16 15:52 - 2018-04-16 15:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-16 15:52 - 2018-04-16 15:52 - 000000000 ____D C:\ProgramData\MB2Migration
2018-04-16 15:52 - 2018-04-16 15:52 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-16 15:52 - 2018-03-19 12:57 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-04-14 10:51 - 2018-03-30 19:09 - 005583040 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-04-14 10:51 - 2018-03-30 19:09 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-04-14 10:51 - 2018-03-30 19:09 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-04-14 10:51 - 2018-03-30 19:09 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-04-14 10:51 - 2018-03-30 19:09 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-04-14 10:51 - 2018-03-30 18:45 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-04-14 10:51 - 2018-03-30 18:39 - 004046528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-04-14 10:51 - 2018-03-30 18:39 - 003958464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-04-14 10:51 - 2018-03-30 18:38 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 001461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:12 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 18:06 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-04-14 10:51 - 2018-03-30 18:06 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-04-14 10:51 - 2018-03-30 18:06 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-04-14 10:51 - 2018-03-30 18:06 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-04-14 10:51 - 2018-03-30 18:03 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-04-14 10:51 - 2018-03-30 18:02 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-04-14 10:51 - 2018-03-30 18:02 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-04-14 10:51 - 2018-03-30 17:59 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-04-14 10:51 - 2018-03-30 17:58 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-04-14 10:51 - 2018-03-30 17:58 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-04-14 10:51 - 2018-03-30 17:58 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-04-14 10:51 - 2018-03-30 17:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-04-14 10:51 - 2018-03-30 17:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-04-14 10:51 - 2018-03-30 17:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-04-14 10:51 - 2018-03-30 17:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-04-14 10:51 - 2018-03-30 17:47 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-04-14 10:51 - 2018-03-30 17:47 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-04-14 10:51 - 2018-03-30 17:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 17:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 17:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 17:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-04-14 10:51 - 2018-03-30 17:47 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-04-14 10:51 - 2018-03-28 00:30 - 003225600 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-04-14 10:51 - 2018-03-23 11:50 - 000396952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-04-14 10:51 - 2018-03-23 10:59 - 000348824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-04-14 10:51 - 2018-03-22 16:00 - 025742336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-04-14 10:51 - 2018-03-22 14:32 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-04-14 10:51 - 2018-03-22 14:32 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-04-14 10:51 - 2018-03-22 14:26 - 020287488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-04-14 10:51 - 2018-03-22 14:19 - 002901504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-04-14 10:51 - 2018-03-22 14:18 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-04-14 10:51 - 2018-03-22 14:17 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-04-14 10:51 - 2018-03-22 14:17 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-04-14 10:51 - 2018-03-22 14:17 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-04-14 10:51 - 2018-03-22 14:17 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-04-14 10:51 - 2018-03-22 14:15 - 005780480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-04-14 10:51 - 2018-03-22 14:10 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-04-14 10:51 - 2018-03-22 14:09 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-04-14 10:51 - 2018-03-22 14:07 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-04-14 10:51 - 2018-03-22 14:06 - 000794112 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-04-14 10:51 - 2018-03-22 14:06 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-04-14 10:51 - 2018-03-22 14:06 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-04-14 10:51 - 2018-03-22 14:05 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-04-14 10:51 - 2018-03-22 14:04 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-04-14 10:51 - 2018-03-22 13:58 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-04-14 10:51 - 2018-03-22 13:55 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-04-14 10:51 - 2018-03-22 13:52 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-04-14 10:51 - 2018-03-22 13:52 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-04-14 10:51 - 2018-03-22 13:51 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-04-14 10:51 - 2018-03-22 13:51 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-04-14 10:51 - 2018-03-22 13:50 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-04-14 10:51 - 2018-03-22 13:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-04-14 10:51 - 2018-03-22 13:48 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-04-14 10:51 - 2018-03-22 13:48 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-04-14 10:51 - 2018-03-22 13:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-04-14 10:51 - 2018-03-22 13:45 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-04-14 10:51 - 2018-03-22 13:45 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-04-14 10:51 - 2018-03-22 13:45 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-04-14 10:51 - 2018-03-22 13:44 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-04-14 10:51 - 2018-03-22 13:43 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-04-14 10:51 - 2018-03-22 13:42 - 000661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-04-14 10:51 - 2018-03-22 13:42 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-04-14 10:51 - 2018-03-22 13:42 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-04-14 10:51 - 2018-03-22 13:41 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-04-14 10:51 - 2018-03-22 13:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-04-14 10:51 - 2018-03-22 13:33 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-04-14 10:51 - 2018-03-22 13:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-04-14 10:51 - 2018-03-22 13:29 - 015282688 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-04-14 10:51 - 2018-03-22 13:29 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-04-14 10:51 - 2018-03-22 13:29 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-04-14 10:51 - 2018-03-22 13:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-04-14 10:51 - 2018-03-22 13:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-04-14 10:51 - 2018-03-22 13:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-04-14 10:51 - 2018-03-22 13:27 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-04-14 10:51 - 2018-03-22 13:27 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-04-14 10:51 - 2018-03-22 13:25 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-04-14 10:51 - 2018-03-22 13:25 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-04-14 10:51 - 2018-03-22 13:24 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-04-14 10:51 - 2018-03-22 13:22 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-04-14 10:51 - 2018-03-22 13:21 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-04-14 10:51 - 2018-03-22 13:20 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-04-14 10:51 - 2018-03-22 13:17 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-04-14 10:51 - 2018-03-22 13:15 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-04-14 10:51 - 2018-03-22 13:15 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-04-14 10:51 - 2018-03-22 13:14 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-04-14 10:51 - 2018-03-22 13:14 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-04-14 10:51 - 2018-03-22 13:04 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-04-14 10:51 - 2018-03-22 12:55 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-04-14 10:51 - 2018-03-22 12:53 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-04-14 10:51 - 2018-03-22 12:52 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-04-14 10:51 - 2018-03-22 12:51 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-04-14 10:51 - 2018-03-10 10:11 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2018-04-14 10:51 - 2018-03-09 11:18 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-04-14 10:51 - 2018-03-09 11:12 - 000383680 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-04-14 10:51 - 2018-03-09 11:12 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-04-14 10:51 - 2018-03-09 11:12 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-04-14 10:51 - 2018-03-09 11:12 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-04-14 10:51 - 2018-03-09 11:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-04-14 10:51 - 2018-03-09 11:07 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-04-14 10:51 - 2018-03-09 11:07 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-04-14 10:51 - 2018-03-09 11:07 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-04-14 10:51 - 2018-03-09 11:06 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-04-14 10:51 - 2018-03-09 11:06 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-04-14 10:51 - 2018-03-09 10:31 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-04-14 10:51 - 2018-03-06 11:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2018-04-14 10:51 - 2018-03-06 11:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
2018-04-14 10:51 - 2018-03-06 11:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
2018-04-14 10:51 - 2018-03-06 11:10 - 000170176 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2018-04-14 10:51 - 2018-03-06 11:07 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2018-04-14 10:51 - 2018-03-06 11:07 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000063832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000020824 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000019800 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000922944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000066392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000019800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000016216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000015704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-04-14 10:51 - 2018-01-25 07:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-04-12 07:53 - 2018-03-14 10:14 - 000135360 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-04-12 07:53 - 2018-03-14 10:09 - 000656384 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-04-12 07:53 - 2018-03-14 06:05 - 001993728 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-04-12 07:53 - 2018-03-14 06:05 - 001559552 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-04-12 07:53 - 2018-03-14 06:05 - 000739840 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-04-12 07:53 - 2018-03-14 06:05 - 000599552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-04-12 07:53 - 2018-03-14 06:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-04-12 07:53 - 2018-03-14 06:05 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-04-12 07:53 - 2018-03-14 06:05 - 000291840 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-04-12 07:53 - 2018-03-14 06:05 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-04-12 07:39 - 2018-04-12 07:39 - 000000000 ____D C:\Users\roe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-03-31 13:39 - 2018-03-31 13:40 - 293312529 _____ C:\Users\roe\Downloads\CutYourCravings.com.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-17 21:47 - 2014-09-11 17:52 - 000030591 _____ C:\Users\roe\Desktop\FRST.txt
2018-04-17 21:04 - 2015-06-17 18:23 - 000000910 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1927623987-4140155028-186429215-1003UA.job
2018-04-17 19:22 - 2014-09-11 17:52 - 000000000 ____D C:\FRST
2018-04-17 14:48 - 2009-07-13 21:45 - 000021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-17 14:48 - 2009-07-13 21:45 - 000021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-17 14:43 - 2016-11-18 08:36 - 000000000 ____D C:\Users\roe\AppData\LocalLow\Mozilla
2018-04-17 14:41 - 2017-05-12 16:42 - 000000000 ____D C:\Users\roe\AppData\Roaming\Yahoo Messenger
2018-04-17 14:41 - 2012-01-06 09:00 - 000000000 ____D C:\ProgramData\Sonic
2018-04-17 14:40 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-17 14:39 - 2012-01-26 13:51 - 000108608 _____ C:\Users\roe\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-17 14:38 - 2009-07-13 22:08 - 000032656 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-04-17 14:37 - 2012-03-25 19:36 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-04-17 14:33 - 2013-01-20 12:08 - 000124590 _____ C:\Windows\ntbtlog.txt
2018-04-17 14:32 - 2009-07-13 21:45 - 000424464 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-17 08:04 - 2015-06-17 18:23 - 000000858 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1927623987-4140155028-186429215-1003Core.job
2018-04-16 20:20 - 2015-03-04 18:24 - 000000000 ____D C:\ProgramData\VMware
2018-04-16 20:15 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2018-04-16 17:24 - 2009-07-13 22:13 - 000801124 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-16 15:52 - 2013-01-20 12:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-16 11:45 - 2012-01-26 15:06 - 000000376 _____ C:\Windows\ODBC.INI
2018-04-15 11:53 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\rescache
2018-04-15 11:00 - 2018-02-15 09:31 - 000000000 ____D C:\Windows\system32\appraiser
2018-04-14 21:55 - 2013-08-14 21:11 - 000000000 ____D C:\Windows\system32\MRT
2018-04-14 21:45 - 2017-10-11 19:47 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-04-14 21:45 - 2012-01-30 13:26 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-04-12 07:39 - 2014-10-29 09:12 - 000000000 ____D C:\Users\roe\AppData\Roaming\Dropbox
2018-04-10 16:44 - 2018-03-14 08:50 - 000004470 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-04-10 16:44 - 2012-07-30 09:58 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-04-10 16:44 - 2012-07-10 21:55 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-04-10 16:44 - 2012-01-26 14:05 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-04-10 16:44 - 2012-01-26 14:05 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-04-10 16:44 - 2012-01-26 14:03 - 000000000 ____D C:\Windows\system32\Macromed
2018-04-09 07:54 - 2016-11-30 21:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-04-09 07:54 - 2014-06-09 18:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-04-08 18:13 - 2017-10-25 17:50 - 000000979 _____ C:\Users\roe\Desktop\PotPlayer 64 bit.lnk
2018-03-31 13:09 - 2013-02-19 10:33 - 000000000 ____D C:\Program Files (x86)\Google
2018-03-28 11:38 - 2015-06-17 18:23 - 000000000 ____D C:\Users\roe\AppData\Local\Dropbox
2018-03-23 20:38 - 2018-02-03 20:28 - 000000000 ____D C:\Users\roe\AppData\Local\JDownloader v2.0
2018-03-23 14:25 - 2012-03-11 19:24 - 000002421 _____ C:\Users\roe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-23 14:25 - 2012-03-11 19:24 - 000002384 _____ C:\Users\roe\Desktop\Google Chrome.lnk
2018-03-20 16:57 - 2016-05-15 21:09 - 000002149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-20 16:57 - 2016-05-15 21:09 - 000002108 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2012-02-12 15:55 - 2012-02-12 15:55 - 038808920 _____ (Microsoft Corporation) C:\Users\roe\FileFormatConverters.exe
2012-10-03 20:14 - 2012-07-25 17:29 - 000763041 _____ (                                                            ) C:\Users\roe\AppData\Local\defsea.exe
2012-10-03 20:14 - 2012-08-01 17:57 - 000759908 _____ (                                                            ) C:\Users\roe\AppData\Local\defsea1.exe
2012-04-29 15:14 - 2012-04-29 15:14 - 000000091 _____ () C:\Users\roe\AppData\Local\fusioncache.dat
2012-09-21 16:00 - 2012-09-21 16:00 - 000000003 _____ () C:\Users\roe\AppData\Local\updater.log
2012-09-21 16:00 - 2014-08-11 09:47 - 000000665 _____ () C:\Users\roe\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
2018-02-03 20:24 - 2018-02-03 20:24 - 001411636 _____ (Tulofeh                                                     ) C:\Users\roe\AppData\Local\Temp\13162188278645998187.exe
2017-09-19 16:55 - 2017-09-19 16:55 - 000290304 _____ (Microsoft Corporation) C:\Users\roe\AppData\Local\Temp\CakeTubeSdk.Windows.Service.subinacl.exe
2016-10-29 10:50 - 2016-10-29 10:50 - 000737856 _____ (Oracle Corporation) C:\Users\roe\AppData\Local\Temp\jre-8u111-windows-au.exe
2016-06-30 12:52 - 2016-06-30 12:52 - 002458672 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\roe\AppData\Local\Temp\libeay32.dll
2016-06-30 12:52 - 2016-06-30 12:52 - 000970912 _____ (Microsoft Corporation) C:\Users\roe\AppData\Local\Temp\msvcr120.dll
2018-03-23 20:37 - 2018-03-23 20:37 - 000040448 _____ () C:\Users\roe\AppData\Local\Temp\proxy_vole3374764832993152694.dll
2018-03-23 20:37 - 2018-03-23 20:37 - 000040448 ____N () C:\Users\roe\AppData\Local\Temp\proxy_vole7998529427446338251.dll
2016-06-30 12:52 - 2016-06-30 12:52 - 000772672 _____ () C:\Users\roe\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD.

LastRegBack: 2018-04-08 10:49

==================== End of FRST.txt ============================

 

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by roe (17-04-2018 22:01:59)
Running from C:\Users\roe\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-01-26 20:50:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1927623987-4140155028-186429215-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1927623987-4140155028-186429215-1006 - Limited - Enabled)
Guest (S-1-5-21-1927623987-4140155028-186429215-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1927623987-4140155028-186429215-1004 - Limited - Enabled)
roe (S-1-5-21-1927623987-4140155028-186429215-1003 - Administrator - Enabled) => C:\Users\roe

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Active@ File Recovery 10 (HKLM-x32\...\{3CC0667D-93D8-40F9-8614-1A02C20411BE}_is1) (Version: 10 - LSoft Technologies Inc)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
AnyTrans (HKLM-x32\...\AnyTrans) (Version: 5.5.2.0 - iMobie Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre 64bit (HKLM\...\{7A073C16-B3B5-4913-8457-262B6E17947A}) (Version: 2.5.0 - Kovid Goyal)
CamStudio OSS Desktop Recorder (HKLM-x32\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 2.1 (HKLM-x32\...\MP Navigator EX 2.1) (Version:  - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version:  - )
Canon MX860 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series) (Version:  - )
Canon MX890 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series) (Version:  - )
Canon MX890 series On-screen Manual (HKLM-x32\...\Canon MX890 series On-screen Manual) (Version:  - )
Canon MX890 series User Registration (HKLM-x32\...\Canon MX890 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.4.0 - Conexant)
ConverterLite 1.6.3 (HKLM-x32\...\ConverterLite) (Version: 1.6.3 - ConverterLite)
ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3426 - CyberLink Corp.)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
Download Manager (HKLM-x32\...\Download Manager) (Version:  - WiseDownloads)
Dropbox (HKU\S-1-5-21-1927623987-4140155028-186429215-1003\...\Dropbox) (Version: 47.4.74 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720\...\Dropbox) (Version: 47.4.74 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698\...\Dropbox) (Version: 47.4.74 - Dropbox, Inc.)
DVDFab 8.2.2.6 (25/12/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
GnuWin32: Wget-1.11.4-1 (HKLM-x32\...\Wget-1.11.4-1_is1) (Version: 1.11.4-1 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Chrome (HKU\S-1-5-21-1927623987-4140155028-186429215-1003\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Chrome (HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Chrome (HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-1927623987-4140155028-186429215-1003\...\Google Chrome SxS) (Version: 67.0.3364.1 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720\...\Google Chrome SxS) (Version: 67.0.3364.1 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698\...\Google Chrome SxS) (Version: 67.0.3364.1 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 5.9.0.1207 (HKU\S-1-5-21-1927623987-4140155028-186429215-1003\...\GoToMeeting) (Version: 5.9.0.1207 - CitrixOnline)
GoToMeeting 5.9.0.1207 (HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720\...\GoToMeeting) (Version: 5.9.0.1207 - CitrixOnline)
GoToMeeting 5.9.0.1207 (HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698\...\GoToMeeting) (Version: 5.9.0.1207 - CitrixOnline)
iExplorer (HKU\S-1-5-21-1927623987-4140155028-186429215-1003\...\2ee35ebaf226322a) (Version: 4.1.4.1 - Macroplant LLC)
iExplorer (HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720\...\2ee35ebaf226322a) (Version: 4.1.4.1 - Macroplant LLC)
iExplorer (HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698\...\2ee35ebaf226322a) (Version: 4.1.4.1 - Macroplant LLC)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Junk Mail filter update (HKLM-x32\...\{E2DFE069-083E-4631-9B6C-43C48E991DE5}) (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malware Hunter Suite version 4.26.12.4815 (HKLM-x32\...\Malware Hunter Suite_is1) (Version: 4.26.12.4815 - Malware Hunter Suite)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Media Player Classic - Home Cinema v1.5.2.3456 x64 (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Office 2003 Primary Interop Assemblies (HKLM-x32\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{e9d78d68-c26c-4da7-9158-99355d8ef3ad}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{6E586250-4F69-44AC-8502-153592B01033}) (Version: 8.3.59 - Nero AG)
Pdfedit (HKLM-x32\...\{6C11089A-E23F-4E9B-B12C-316BF1A4376B}) (Version: 4.5.0.0 - PdfEdit team)
PhotoShowExpress (HKLM-x32\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) Hidden
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 1.7.10667 - Kakao Corp.)
PotPlayer-64 bit (HKLM-x32\...\PotPlayer64) (Version: 1.7.8557 - Kakao Corp.)
QuickBooks (HKLM-x32\...\{3167CC62-C775-4E47-92C1-73EBB845751A}) (Version: 23.0.4012.2305 - Intuit Inc.) Hidden
QuickBooks Pro 2013 (HKLM-x32\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4001.2305 - Intuit Inc.)
QuickBooks Product Listing Service (HKLM-x32\...\{91208A47-5D08-4C79-986F-1931940F51BB}) (Version: 2.0.148 - Intuit)
Quicken 2008 (HKLM-x32\...\{3B0F52AC-EF5C-4831-B221-06C782E41280}) (Version: 17.1.1.24 - Intuit)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden
ScreenRecorder (HKLM\...\{55A9972B-EA29-43C3-94B6-7A178D6F2E11}) (Version: 4.0.0 - Burak Uysaler)
Seagate Manager Installer (HKLM-x32\...\{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate) Hidden
Seagate Manager Installer (HKLM-x32\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) Hidden
SuperBird version 33.0.1750.12 (HKLM-x32\...\{057C6E61-96A1-4502-B00D-E52A5F7E50E9}_is1) (Version: 33.0.1750.12 - )
SupportSoft Agent Controls (HKLM-x32\...\{D0BC2DE7-CA1D-41DA-B096-68695B4AC5C3}) (Version: 1.02.0006 - SupportSoft)
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 7.6.64.0 - 2BrightSparks)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.8.8 - Tweaking.com)
VdhCoApp 1.0.10 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series x64 Edition (HKLM\...\Windows Media Encoder 9) (Version:  - )
WinRAR 4.10 beta 2 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.10.2 - win.rar GmbH)
WinSCP 3.6.7 (HKLM-x32\...\winscp3_is1) (Version: 3.6.7 - Martin Prikryl)
WinZip 11.1 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}) (Version: 11.1.7466 - WinZip Computing, S.L. )
Yahoo Messenger (HKU\S-1-5-21-1927623987-4140155028-186429215-1003\...\yahoomessenger) (Version: 0.8.288 - Yahoo! Inc)
Yahoo Messenger (HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720\...\yahoomessenger) (Version: 0.8.288 - Yahoo! Inc)
Yahoo Messenger (HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698\...\yahoomessenger) (Version: 0.8.288 - Yahoo! Inc)
Youtube Downloader HD v. 2.9.9.30 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)
YTD Toolbar v7.0 (HKLM-x32\...\{0C1B3A6B-B467-474D-97E4-D8BAC3E839CD}) (Version: 7.0 - Spigot, Inc.) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1207\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1207\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1207\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32-x32-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ContextMenuHandlers1: [iSafeRKScan] -> {5411D116-5A37-47D4-B154-5F7FCD9062F0} =>  -> No File
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [2008-02-28] (Nero AG)
ContextMenuHandlers1-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1-x32: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2010-11-10] (TODO: <Company name>)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2011-10-20] ()
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2011-10-20] ()
ContextMenuHandlers1-x32-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2007-04-11] (WinZip Computing LP)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [iSafeRKScan] -> {5411D116-5A37-47D4-B154-5F7FCD9062F0} =>  -> No File
ContextMenuHandlers4-x32: [DiskInternals_Uneraser] -> {0AF221E8-29B6-46EB-B420-DC696F042596} => C:\Program Files (x86)\DiskInternals\Uneraser\contmenu.dll [2005-01-15] ()
ContextMenuHandlers4-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4-x32: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4-x32: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2011-10-20] ()
ContextMenuHandlers4-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2011-10-20] ()
ContextMenuHandlers4-x32-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2007-04-11] (WinZip Computing LP)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-08-31] (Intel Corporation)
ContextMenuHandlers6: [iSafeRKScan] -> {5411D116-5A37-47D4-B154-5F7FCD9062F0} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2011-10-20] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2011-10-20] ()
ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2007-04-11] (WinZip Computing LP)
ContextMenuHandlers1_S-1-5-21-1927623987-4140155028-186429215-1003-x32: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll [2018-04-09] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-1927623987-4140155028-186429215-1003-x32: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll [2018-04-09] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-1927623987-4140155028-186429215-1003-x32: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll [2018-04-09] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {094959DC-7CD9-4A1C-8B35-4E260D1E22DC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1927623987-4140155028-186429215-1003UA => C:\Users\roe\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {283BD316-94ED-4DFE-9070-9B29225823E7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {29F6B296-E806-4B90-B3CB-63165044C58E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3F6C81A2-8DB0-46A6-9BD6-A4D5D90EABA1} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1927623987-4140155028-186429215-1003Core => C:\Users\roe\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {42020D79-F83E-4349-BA15-5BA0CDD68114} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {624C1C99-82C9-4D29-9509-2D9CD345B39E} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {75D1F6B4-2CF0-4C70-AB19-09779510C909} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-01-17] (Adobe Systems Incorporated)
Task: {82C4D4E4-FE1D-40E6-AD64-0D2A21DC912B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A3726D9B-857C-4A7F-AE40-29E83C00B862} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1927623987-4140155028-186429215-1003UA => C:\Users\roe\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C25A2164-942F-4F56-8A90-1046C809F03A} - System32\Tasks\{DEBEF7ED-D1E4-4012-B8A4-F292FAA13F50} => C:\Windows\system32\pcalua.exe -a C:\Users\roe\Downloads\mx860swin64102ea24.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {CCFC23FA-5A02-4906-AF0A-BF4926D798E1} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe
Task: {D305AEAA-8A84-4B67-85F3-372CDA191CCD} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {EF9D38BE-C4D2-433D-A088-764E8D4BE53A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2018-02-01] (AVAST Software)
Task: {F89BB78F-7C4D-418C-91CE-AF45EED0E9D5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1927623987-4140155028-186429215-1003Core => C:\Users\roe\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1927623987-4140155028-186429215-1003Core.job => C:\Users\roe\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1927623987-4140155028-186429215-1003UA.job => C:\Users\roe\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\roe\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2017-03-16 16:08 - 2017-03-16 16:08 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-16 16:08 - 2017-03-16 16:08 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2010-01-02 07:42 - 2010-01-02 07:42 - 000098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-06-09 20:20 - 2011-10-20 12:47 - 000193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2010-11-10 21:53 - 2010-11-10 21:53 - 000817136 _____ () C:\Program Files\Roxio\Roxio Burn\RBVirtualFolder64.dll
2018-04-16 15:52 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-16 15:52 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2012-01-06 10:23 - 2011-01-27 06:11 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-16 11:04 - 2014-01-16 11:04 - 000269128 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_regex-vc90-mt-p-1_33.dll
2014-01-16 11:04 - 2014-01-16 11:04 - 000021832 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBCompressor.dll
2012-08-18 18:54 - 2012-08-18 18:54 - 000059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\zlib1.dll
2014-01-16 11:04 - 2014-01-16 11:04 - 000141640 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBMAPILibrary.dll
2014-01-16 11:04 - 2014-01-16 11:04 - 000176968 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_serialization-vc90-mt-p-1_33.dll
2014-01-16 11:04 - 2014-01-16 11:04 - 000415560 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FtuEngine.dll
2014-01-16 11:04 - 2014-01-16 11:04 - 000529224 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\BackupLib.dll
2014-01-16 10:04 - 2014-01-16 10:04 - 000128840 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBProActiveCore.dll
2014-01-16 11:04 - 2014-01-16 11:04 - 000570696 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FeaturesBridge.dll
2014-01-16 11:04 - 2014-01-16 11:04 - 000042824 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\mbpopup.dll
2018-04-12 07:38 - 2018-04-09 03:17 - 000866120 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2018-04-12 07:38 - 2018-04-09 03:17 - 002079048 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2018-04-12 07:38 - 2018-04-09 03:17 - 000100312 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2018-04-12 07:38 - 2018-04-09 03:17 - 000018896 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\select.pyd
2018-04-12 07:38 - 2018-04-09 03:19 - 000020808 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2018-04-12 07:38 - 2018-04-09 03:17 - 000035808 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2018-04-12 07:38 - 2018-04-09 03:17 - 000694232 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2018-04-12 07:38 - 2018-04-09 03:18 - 000021856 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2018-04-12 07:38 - 2018-04-09 03:17 - 000130520 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2018-04-12 07:38 - 2018-04-09 03:18 - 001856864 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2018-04-12 07:38 - 2018-04-09 03:18 - 000022880 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2018-04-12 07:38 - 2018-04-09 03:17 - 000145880 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2018-04-12 07:38 - 2018-04-09 03:17 - 000116696 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2018-04-12 07:38 - 2018-04-09 03:17 - 000105944 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\win32api.pyd
2018-04-12 07:38 - 2018-04-09 03:19 - 000022872 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2018-04-12 07:38 - 2018-04-09 03:18 - 000063312 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2018-04-12 07:38 - 2018-04-09 03:17 - 000024536 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\win32event.pyd
2018-04-12 07:38 - 2018-04-09 03:18 - 000077120 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\fastpath.pyd
2018-04-12 07:38 - 2018-04-09 03:17 - 000392664 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2018-04-12 07:38 - 2018-04-09 03:17 - 000020952 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2018-04-12 07:38 - 2018-04-09 03:17 - 000124888 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\win32file.pyd
2018-04-12 07:38 - 2018-04-09 03:17 - 000114136 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\win32security.pyd
2018-04-12 07:38 - 2018-04-09 03:19 - 000392520 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2018-04-12 07:38 - 2018-04-09 03:19 - 000026464 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2018-04-12 07:38 - 2018-04-09 03:17 - 000043480 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\win32process.pyd
2018-04-12 07:38 - 2018-04-09 03:17 - 000024024 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2018-04-12 07:38 - 2018-04-09 03:17 - 000175576 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\win32gui.pyd
2018-04-12 07:38 - 2018-04-09 03:17 - 000030168 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2018-04-12 07:38 - 2018-04-09 03:17 - 000026072 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\win32job.pyd
2018-04-12 07:38 - 2018-04-09 03:17 - 000048600 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\win32service.pyd
2018-04-12 07:38 - 2018-04-09 03:17 - 000057816 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2018-04-12 07:38 - 2018-04-09 03:18 - 000021840 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2018-04-12 07:38 - 2018-04-09 03:19 - 000023376 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.pyd
2018-04-12 07:38 - 2018-04-09 03:18 - 000022864 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.pyd
2018-04-12 07:38 - 2018-04-09 03:19 - 000066400 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2018-04-12 07:38 - 2018-04-09 03:18 - 001798464 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2018-04-12 07:38 - 2018-04-09 03:17 - 000084944 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\sip.pyd
2018-04-12 07:38 - 2018-04-09 03:18 - 001959232 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2018-04-12 07:38 - 2018-04-09 03:18 - 003863880 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2018-04-12 07:38 - 2018-04-09 03:18 - 000155472 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2018-04-12 07:38 - 2018-04-09 03:18 - 000521544 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2018-04-12 07:38 - 2018-04-09 03:18 - 000051024 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.pyd
2018-04-12 07:38 - 2018-04-09 03:18 - 000043336 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2018-04-12 07:38 - 2018-04-09 03:18 - 000131400 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2018-04-12 07:38 - 2018-04-09 03:18 - 000219984 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2018-04-12 07:38 - 2018-04-09 03:18 - 000204104 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2018-04-12 07:38 - 2018-04-09 03:19 - 000025440 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2018-04-12 07:38 - 2018-04-09 03:17 - 000060888 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\win32print.pyd
2018-04-12 07:38 - 2018-04-09 03:19 - 000054616 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2018-04-12 07:38 - 2018-04-09 03:17 - 000024024 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\win32profile.pyd
2018-04-12 07:38 - 2018-04-09 03:19 - 000022880 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2018-04-12 07:38 - 2018-04-09 03:17 - 000028632 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\win32ts.pyd
2018-04-12 07:38 - 2018-04-09 03:19 - 000022368 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2018-04-12 07:38 - 2018-04-09 03:19 - 000021856 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2018-04-12 07:38 - 2018-04-09 03:19 - 000022368 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2018-04-12 07:38 - 2018-04-09 03:18 - 000027496 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2018-04-12 07:38 - 2018-04-09 03:17 - 000349144 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2018-04-12 07:38 - 2018-04-09 03:19 - 000023904 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2018-04-12 07:38 - 2018-04-09 03:18 - 000025432 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2018-04-12 07:38 - 2018-04-09 03:17 - 000036312 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\librsync.dll
2018-04-12 07:38 - 2018-04-09 03:19 - 000021856 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-04-12 07:38 - 2018-04-09 03:18 - 000181064 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2018-04-12 07:38 - 2018-04-09 03:19 - 000030544 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2018-04-12 07:38 - 2018-04-09 03:18 - 000024384 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\libEGL.DLL
2018-04-12 07:38 - 2018-04-09 03:18 - 001638208 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2018-04-12 07:38 - 2018-04-09 03:19 - 000026464 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-04-12 07:38 - 2018-04-09 03:18 - 000546632 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2018-04-12 07:38 - 2018-04-09 03:18 - 000359744 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2018-04-12 07:38 - 2018-04-09 03:18 - 000038216 _____ () C:\Users\roe\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngine.pyd
2017-05-12 16:42 - 2017-05-12 16:42 - 001943040 _____ () C:\Users\roe\AppData\Local\yahoomessenger\app-0.8.288\ffmpeg.dll
2017-05-12 16:42 - 2017-05-12 16:42 - 002263040 _____ () C:\Users\roe\AppData\Local\yahoomessenger\app-0.8.288\libglesv2.dll
2017-05-12 16:42 - 2017-05-12 16:42 - 000080896 _____ () C:\Users\roe\AppData\Local\yahoomessenger\app-0.8.288\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:9E00596C [376]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2018-02-14 18:50 - 000002688 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
0.0.0.0    choice.microsoft.com
0.0.0.0    choice.microsoft.com.nstac.net
0.0.0.0    df.telemetry.microsoft.com
0.0.0.0    oca.telemetry.microsoft.com
0.0.0.0    oca.telemetry.microsoft.com.nsatc.net
0.0.0.0    redir.metaservices.microsoft.com
0.0.0.0    reports.wes.df.telemetry.microsoft.com
0.0.0.0    services.wes.df.telemetry.microsoft.com
0.0.0.0    settings-sandbox.data.microsoft.com
0.0.0.0    settings-win.data.microsoft.com
0.0.0.0    sqm.df.telemetry.microsoft.com
0.0.0.0    sqm.telemetry.microsoft.com
0.0.0.0    sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0    telecommand.telemetry.microsoft.com
0.0.0.0    telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0    telemetry.appex.bing.net
0.0.0.0    telemetry.microsoft.com
0.0.0.0    telemetry.urs.microsoft.com
0.0.0.0    vortex-sandbox.data.microsoft.com
0.0.0.0    vortex-win.data.microsoft.com
0.0.0.0    vortex.data.microsoft.com
0.0.0.0    watson.telemetry.microsoft.com
0.0.0.0    watson.telemetry.microsoft.com.nsatc.net
0.0.0.0    watson.ppe.telemetry.microsoft.com
0.0.0.0    wes.df.telemetry.microsoft.com
0.0.0.0    vortex-bn2.metron.live.com.nsatc.net
0.0.0.0    vortex-cy2.metron.live.com.nsatc.net
0.0.0.0    watson.live.com
0.0.0.0    watson.microsoft.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1927623987-4140155028-186429215-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\roe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720\Control Panel\Desktop\\Wallpaper -> C:\Users\roe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698\Control Panel\Desktop\\Wallpaper -> C:\Users\roe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\Windows\pss\Intuit Data Protect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\roe\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightShot => C:\Users\roe\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
MSCONFIG\startupreg: MaxMenuMgr => "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{02DB270C-5AF2-4BF9-B4F0-404FD13DD03A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{B30759AA-65ED-4FBE-9498-097EA4886014}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{9D8A85E1-9EF9-422C-ADCD-C92D4FECD11D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{90C08369-A3AE-4A46-BCEE-E35B6F2EE440}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F37995A6-9BF9-43F4-B756-456566E30407}] => (Allow) svchost.exe
FirewallRules: [{FE5FD8FE-B3D9-4B77-9CF2-1766E6264195}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{A9657E08-4FA3-4B37-9D57-056DF014BD47}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{38E8CFD8-06BA-477A-9E1F-D9230328E1D8}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{992FBC1F-6228-4F45-BE31-11050D0D6164}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{A6CB0659-71D6-42F0-9000-B4A826D201D8}] => (Allow) C:\Users\roe\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{23EB1640-6664-4E9E-BA0F-FCF1938B8BD2}] => (Allow) C:\Users\roe\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{755F1A47-52F2-465F-ABDB-1A0197B7BE6A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D02871FE-A561-4783-BD04-4B3A9FA142C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{95F33A3C-A7D8-440C-888D-F56BF04402B0}C:\users\roe\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\roe\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{9AF2E337-7473-4E53-A021-8F219E2C9B3F}C:\users\roe\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\roe\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{C422658C-82B7-4E7E-8B13-029646DC5D81}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{32AF91DB-6F80-41B6-A5AD-B9977A1F9E7A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{A5240355-2638-4D00-BF61-4904418BB0B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1A62DF2E-90B3-4123-8D69-DCF71E8CFE5E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{8FEA8979-780D-4CA2-9D3B-3DAADCB8822C}C:\users\roe\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\roe\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [UDP Query User{DA7DD000-CD19-47BD-AEC5-49873BB35869}C:\users\roe\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\roe\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [TCP Query User{E5073A2F-89B6-429F-BB7D-BEAB59A3A8C0}\\nas1\media\applications\foxit adobe pdf file editor\foxit pdf editor\pdf editor pro v1.4 cracked\pdfedit.exe] => (Allow) \\nas1\media\applications\foxit adobe pdf file editor\foxit pdf editor\pdf editor pro v1.4 cracked\pdfedit.exe
FirewallRules: [UDP Query User{062C3D4A-5A87-41D7-9D07-AFF4DC6B6BD2}\\nas1\media\applications\foxit adobe pdf file editor\foxit pdf editor\pdf editor pro v1.4 cracked\pdfedit.exe] => (Allow) \\nas1\media\applications\foxit adobe pdf file editor\foxit pdf editor\pdf editor pro v1.4 cracked\pdfedit.exe
FirewallRules: [TCP Query User{678F1852-101F-4A95-BF22-88F8E444E364}C:\users\roe\appdata\local\google\chrome sxs\application\chrome.exe] => (Block) C:\users\roe\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [UDP Query User{E3A941B8-2B5F-4A86-BA49-3A9C7F78DA56}C:\users\roe\appdata\local\google\chrome sxs\application\chrome.exe] => (Block) C:\users\roe\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [{E8B96D11-C117-45AC-AB1D-28F1FB18DF28}] => (Allow) C:\Users\roe\AppData\Local\Google\Chrome SxS\Application\chrome.exe
FirewallRules: [{C7D8CDBF-3494-4A37-9745-0F75BF92E796}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F766A6CE-9124-4C55-85FB-1C2E23EC0BC2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CA79DF5B-2686-4AEB-AD9D-6F36E6BC84AE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{298239FD-9806-4630-B292-BE30A63E58EE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{287DB61D-E062-4A64-AA3E-D402438CEB09}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{DFC1E867-CDD5-4AA6-9FC3-1855EF21CBD0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F2953CA2-769D-478B-9F6B-F15741745C42}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{505A0864-252F-4B20-A843-EC1AF5824D79}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{28818685-50AA-4BA9-970B-23174BF01C6F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2ED194ED-D25E-4F01-9A4B-63679F53CD7D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Restore Points =========================

12-04-2018 20:09:13 Windows Update
14-04-2018 21:39:53 Windows Update

==================== Faulty Device Manager Devices =============

Name: Canon MX860 ser Network
Description: Canon MX860 ser Network
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Canon
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/17/2018 08:58:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 15.4.2018.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1370

Start Time: 01d3d6bc0c4e625c

Termination Time: 12

Application Path: \\NAS1\media\Applications\Backup material for Dell 4-16-2018\FRST64.exe

Report Id:

Error: (04/17/2018 02:47:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "\\NAS1\media\Fowler Roe\Roe Stuff\Books\esetsmartinstaller_enu (1) 8-20-14.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/17/2018 02:42:33 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\roe\Desktop\esetsmartinstaller_enu (1) 8-20-14.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/17/2018 02:42:33 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\roe\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/17/2018 02:39:02 PM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

Error: (04/17/2018 02:38:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_LanmanServer, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x3f4
Faulting application start time: 0x01d3d6943da31df1
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: unknown
Report Id: ad9f5d49-4287-11e8-b2f5-d067e51dcf39

Error: (04/17/2018 02:35:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (04/17/2018 02:34:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\roe\Desktop\esetsmartinstaller_enu (1) 8-20-14.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


System errors:
=============
Error: (04/17/2018 03:24:47 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.

    Feature: On Access

    Error Code: 0x80004005

    Error description: Unspecified error

    Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

Error: (04/17/2018 03:19:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (04/17/2018 03:19:30 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: Unable to start a DCOM Server: {995C996E-D918-4A8C-A302-45719A6F4EA7} as /. The error:
"5"
Happened while starting this command:
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding

Error: (04/17/2018 03:19:06 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.

    Feature: On Access

    Error Code: 0x80004005

    Error description: Unspecified error

    Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

Error: (04/17/2018 02:41:14 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error:
An instance of the service is already running.

Error: (04/17/2018 02:41:09 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error:
An instance of the service is already running.

Error: (04/17/2018 02:40:55 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error:
An instance of the service is already running.

Error: (04/17/2018 02:40:53 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:
An instance of the service is already running.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 42%
Total physical RAM: 6056.63 MB
Available physical RAM: 3498.84 MB
Total Virtual: 12111.43 MB
Available Virtual: 8709.15 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:917.84 GB) (Free:585.06 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:13.67 GB) (Free:7.11 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 81BD192C)
Partition 1: (Active) - (Size=917.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:26 PM

Posted 18 April 2018 - 07:13 PM

This program is classified as Unwanted due to the adware component:

YTD Toolbar v7.0

I would recommend you remove it from the computer.
  • Highlight the entire content of the quote box below.

Start::
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ContextMenuHandlers1: [iSafeRKScan] -> {5411D116-5A37-47D4-B154-5F7FCD9062F0} => -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers4: [iSafeRKScan] -> {5411D116-5A37-47D4-B154-5F7FCD9062F0} => -> No File
ContextMenuHandlers4-x32: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} => -> No File
ContextMenuHandlers4-x32: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [iSafeRKScan] -> {5411D116-5A37-47D4-B154-5F7FCD9062F0} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
(Google Inc.) C:\Users\roe\AppData\Local\Temp\CR_D014A.tmp\setup.exe
(Google Inc.) C:\Users\roe\AppData\Local\Temp\CR_D014A.tmp\setup.exe
2018-02-03 20:24 - 2018-02-03 20:24 - 001411636 _____ (Tulofeh ) C:\Users\roe\AppData\Local\Temp\13162188278645998187.exe
2017-09-19 16:55 - 2017-09-19 16:55 - 000290304 _____ (Microsoft Corporation) C:\Users\roe\AppData\Local\Temp\CakeTubeSdk.Windows.Service.subinacl.exe
2016-10-29 10:50 - 2016-10-29 10:50 - 000737856 _____ (Oracle Corporation) C:\Users\roe\AppData\Local\Temp\jre-8u111-windows-au.exe
2016-06-30 12:52 - 2016-06-30 12:52 - 002458672 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\roe\AppData\Local\Temp\libeay32.dll
2016-06-30 12:52 - 2016-06-30 12:52 - 000970912 _____ (Microsoft Corporation) C:\Users\roe\AppData\Local\Temp\msvcr120.dll
2018-03-23 20:37 - 2018-03-23 20:37 - 000040448 _____ () C:\Users\roe\AppData\Local\Temp\proxy_vole3374764832993152694.dll
2018-03-23 20:37 - 2018-03-23 20:37 - 000040448 ____N () C:\Users\roe\AppData\Local\Temp\proxy_vole7998529427446338251.dll
2016-06-30 12:52 - 2016-06-30 12:52 - 000772672 _____ () C:\Users\roe\AppData\Local\Temp\sqlite3.dll
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 hw_g

hw_g
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Calif
  • Local time:04:26 PM

Posted 18 April 2018 - 07:40 PM

YTD Toolbar v7.0 will not delete.  It says the path is not found and it is not in the >users>appdata>temp.  I think I may have deleted it before, but the icon stays there? I do not see it in the Programs either.  However, it is in the

control panel to uninstall, but can't do it.

 

waiting to post the fixlog when finished.

 

Thank you very much!



#14 hw_g

hw_g
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Calif
  • Local time:04:26 PM

Posted 18 April 2018 - 07:46 PM

Here is the fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by roe (18-04-2018 17:28:32) Run:2
Running from C:\Users\roe\Desktop
Loaded Profiles: roe (Available Profiles: roe)
Boot Mode: Normal
==============================================

fixlist content:
*****************
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File
ContextMenuHandlers1: [iSafeRKScan] -> {5411D116-5A37-47D4-B154-5F7FCD9062F0} => -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers4: [iSafeRKScan] -> {5411D116-5A37-47D4-B154-5F7FCD9062F0} => -> No File
ContextMenuHandlers4-x32: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} => -> No File
ContextMenuHandlers4-x32: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [iSafeRKScan] -> {5411D116-5A37-47D4-B154-5F7FCD9062F0} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
(Google Inc.) C:\Users\roe\AppData\Local\Temp\CR_D014A.tmp\setup.exe
(Google Inc.) C:\Users\roe\AppData\Local\Temp\CR_D014A.tmp\setup.exe
2018-02-03 20:24 - 2018-02-03 20:24 - 001411636 _____ (Tulofeh ) C:\Users\roe\AppData\Local\Temp\13162188278645998187.exe
2017-09-19 16:55 - 2017-09-19 16:55 - 000290304 _____ (Microsoft Corporation) C:\Users\roe\AppData\Local\Temp\CakeTubeSdk.Windows.Service.subinacl.exe
2016-10-29 10:50 - 2016-10-29 10:50 - 000737856 _____ (Oracle Corporation) C:\Users\roe\AppData\Local\Temp\jre-8u111-windows-au.exe
2016-06-30 12:52 - 2016-06-30 12:52 - 002458672 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\roe\AppData\Local\Temp\libeay32.dll
2016-06-30 12:52 - 2016-06-30 12:52 - 000970912 _____ (Microsoft Corporation) C:\Users\roe\AppData\Local\Temp\msvcr120.dll
2018-03-23 20:37 - 2018-03-23 20:37 - 000040448 _____ () C:\Users\roe\AppData\Local\Temp\proxy_vole3374764832993152694.dll
2018-03-23 20:37 - 2018-03-23 20:37 - 000040448 ____N () C:\Users\roe\AppData\Local\Temp\proxy_vole7998529427446338251.dll
2016-06-30 12:52 - 2016-06-30 12:52 - 000772672 _____ () C:\Users\roe\AppData\Local\Temp\sqlite3.dll
EMPTYTEMP:
Reboot:

*****************

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => removed successfully
"HKLM\Software\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => removed successfully
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File => Error: No automatic fix found for this entry.
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File => Error: No automatic fix found for this entry.
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File => Error: No automatic fix found for this entry.
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File => Error: No automatic fix found for this entry.
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File => Error: No automatic fix found for this entry.
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File => Error: No automatic fix found for this entry.
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File => Error: No automatic fix found for this entry.
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018144938720_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File => Error: No automatic fix found for this entry.
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File => Error: No automatic fix found for this entry.
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File => Error: No automatic fix found for this entry.
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File => Error: No automatic fix found for this entry.
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File => Error: No automatic fix found for this entry.
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File => Error: No automatic fix found for this entry.
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File => Error: No automatic fix found for this entry.
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File => Error: No automatic fix found for this entry.
CustomCLSID: HKU\S-1-5-21-1927623987-4140155028-186429215-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04172018145006698_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => removed successfully
"HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => removed successfully
"HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => removed successfully
"HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => removed successfully
"HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" => removed successfully
"HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" => removed successfully
"HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" => removed successfully
"HKU\S-1-5-21-1927623987-4140155028-186429215-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt01 => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt02 => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => not found
ShellIconOverlayIdentifiers-x32-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File => Error: No automatic fix found for this entry.
ShellIconOverlayIdentifiers-x32-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File => Error: No automatic fix found for this entry.
ShellIconOverlayIdentifiers-x32-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File => Error: No automatic fix found for this entry.
ShellIconOverlayIdentifiers-x32-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File => Error: No automatic fix found for this entry.
ShellIconOverlayIdentifiers-x32-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File => Error: No automatic fix found for this entry.
ShellIconOverlayIdentifiers-x32-x32-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File => Error: No automatic fix found for this entry.
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File => Error: No automatic fix found for this entry.
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File => Error: No automatic fix found for this entry.
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File => Error: No automatic fix found for this entry.
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File => Error: No automatic fix found for this entry.
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File => Error: No automatic fix found for this entry.
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File => Error: No automatic fix found for this entry.
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File => Error: No automatic fix found for this entry.
ShellIconOverlayIdentifiers-x32-x32-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\roe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll -> No File => Error: No automatic fix found for this entry.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\iSafeRKScan => invalid subkey removed.
HKLM\Software\Classes\CLSID\{5411D116-5A37-47D4-B154-5F7FCD9062F0} => not found
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avast" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\iSafeRKScan => invalid subkey removed.
HKLM\Software\Classes\CLSID\{5411D116-5A37-47D4-B154-5F7FCD9062F0} => not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MSSE" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0365FE2C-F183-4091-AC82-BFC39FB75C49} => not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\iSafeRKScan => invalid subkey removed.
HKLM\Software\Classes\CLSID\{5411D116-5A37-47D4-B154-5F7FCD9062F0} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files" => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
C:\Users\roe\AppData\Local\Temp\CR_D014A.tmp\setup.exe => No running process found
C:\Users\roe\AppData\Local\Temp\CR_D014A.tmp\setup.exe => No running process found
"C:\Users\roe\AppData\Local\Temp\13162188278645998187.exe" => not found
C:\Users\roe\AppData\Local\Temp\CakeTubeSdk.Windows.Service.subinacl.exe => moved successfully
C:\Users\roe\AppData\Local\Temp\jre-8u111-windows-au.exe => moved successfully
C:\Users\roe\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\roe\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\roe\AppData\Local\Temp\proxy_vole3374764832993152694.dll => moved successfully
C:\Users\roe\AppData\Local\Temp\proxy_vole7998529427446338251.dll => moved successfully
C:\Users\roe\AppData\Local\Temp\sqlite3.dll => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27163348 B
Java, Flash, Steam htmlcache => 270280 B
Windows/system/drivers => 156869706 B
Edge => 0 B
Chrome => 1030558052 B
Firefox => 576988486 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 49901 B
systemprofile32 => 49653 B
LocalService => 0 B
NetworkService => 278755293 B
roe => 8781598535 B

RecycleBin => 0 B
EmptyTemp: => 10.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:39:43 ====



#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:26 PM

Posted 18 April 2018 - 07:50 PM

Run RogueKiller and post its report.

There is a Blackout in the island. Will be back tomorrow.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users