Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help I have a DNSCHANGER TROJAN


  • Please log in to reply

#1
Javamonkey

Javamonkey

    Member

  • Member
  • PipPipPip
  • 120 posts
I received a couple phishing scam emails and investigated and a scam call from Some one who says they work for Microsoft and my license is out of date.

I have run Kaspersky Total Security.,Windows Defender and Malware Bytes with 0 infection. I called Kaspersky they instructed me to download a tool to run a report which I could not save or send. After that my outbound email is erroring out. Also tried to view my DNS sever to check and could not open the Cisco software. Something said I was on a Proxy server.

Any help would be appreciated my daughter has to study for a nursing exam. I look forward to your reply.

I am running Windows 10 64 bit, outlook 2003 cable modem and wifi with multiple android phones, one laptop, tv, dvd, wii and a Kindle fire if that matters


Thank you,

Java
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,624 posts
  • MVP

Control Panel, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.
 
 
[*]Get FRST from
You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
 
[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
[*]Check the Addition.txt box
[*]Press Scan button. 
[*]It will produce a log called FRST.txt in the same directory the tool is run from.  
[*]Please copy and paste log back here. 
[*]It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

  • 0

#3
Javamonkey

Javamonkey

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts

Disregard these scans. I have new ones in the next post.

 

 

 

 

 Sorry for the Delay and thanks for your prompted response. below is the Logs. I hope they have not been compromised.  

 

I have noticed wierd activity around my network RalinkLinuxclient,Samsung TV and  and Ford something or other. I reset the wifi and modem so nothing should be on my network.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2017 01
Ran by Daniel (administrator) on DANIEL-PC (16-06-2017 10:17:12)
Running from C:\Users\Daniel\AppData\Local\Microsoft\Windows\INetCache\IE\UIOH6R5P
Loaded Profiles: Daniel (Available Profiles: Daniel & Daniel_2 & Cheryl & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Windows\mHotkey.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Chicony) C:\Windows\ChiFuncExt.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
(Creative) C:\Windows\CNYHKey.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Chicony) C:\Windows\ModLEDKey.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(The OpenVPN Project) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\openvpn.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Farbar) C:\Users\Daniel\AppData\Local\Microsoft\Windows\INetCache\IE\UIOH6R5P\FRST64 (1).exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [nmctxth] => C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [647216 2009-07-07] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [nmapp] => C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe [472112 2009-07-08] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [LchDrvKey] => C:\WINDOWS\LchDrvKey.exe [36864 2007-03-28] ()
HKLM-x32\...\Run: [LedKey] => C:\WINDOWS\CNYHKey.exe [339968 2008-04-23] (Creative)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-05-09] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\Run: [ISUSPM] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [205480 2007-08-30] (Macrovision Corporation)
HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [572416 2017-03-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-07-29]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-06-02]
ShortcutTarget: Dropbox.lnk -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Daniel_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-03-27]
ShortcutTarget: Dropbox.lnk -> C:\Users\Daniel\AppData\Roaming\Dropbox\OldBinaries\bin_qw0zby\bin\Dropbox.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{aeac262f-8c32-4555-b2ac-17f41d8c5fea}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{cfbeb970-56f7-4545-84e6-812b68fdfd2f}: [DhcpNameServer] 8.8.8.8 8.8.4.4
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-04-21] (AO Kaspersky Lab)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-11] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2017-04-21] (AO Kaspersky Lab)
BHO-x32: No Name -> {53707962-6F74-2D53-2644-206D7942484F} -> No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-11] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-11] (Google Inc.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-04-21] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-11] (Google Inc.)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2017-04-21] (AO Kaspersky Lab)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} hxxp://nmreports.linksys.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll [2009-07-14] (Cisco Systems, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll [2009-07-14] (Cisco Systems, Inc.)
 
FireFox:
========
FF Extension: (Kaspersky URL Advisor) - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2012-02-21] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012-02-21] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-04-21]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_126.dll [2017-06-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_126.dll [2017-06-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-12-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @nosltd.com/getPlus+®,version=1.6.2.103 -> C:\Program Files (x86)\NOS\bin\np_gp.dll [2011-05-25] (NOS Microsystems Ltd.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
StartMenuInternet: Google Chrome - C:\Users\Daniel_2\AppData\Local\Google\Chrome\Application\chrome.exe
StartMenuInternet: Google Chrome.Cheryl - C:\Users\Cheryl\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [53248 2011-05-25] (NOS Microsystems Ltd.)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R0 CSCrySec; C:\WINDOWS\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\WINDOWS\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-05-25] ()
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [197336 2017-04-21] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [520176 2017-04-21] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [168736 2017-06-15] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1018592 2017-04-21] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2017-04-21] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [229288 2017-04-29] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2017-04-21] (AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [251656 2017-04-29] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [112912 2017-04-29] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [173144 2017-04-29] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [136416 2017-04-21] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199392 2017-04-21] (AO Kaspersky Lab)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188312 2017-06-15] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-06-15] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [44960 2017-06-15] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-15] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-06-16] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 RimVSerPort; C:\WINDOWS\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-16 10:16 - 2017-06-16 10:17 - 00000000 ____D C:\FRST
2017-06-16 10:10 - 2017-06-16 10:11 - 02438656 _____ (Farbar) C:\Users\Daniel\Downloads\FRST64.exe
2017-06-16 10:07 - 2017-06-16 10:07 - 00000000 ____D C:\Users\Daniel\AppData\Local\Comms
2017-06-16 10:02 - 2017-06-16 10:02 - 00000000 ____D C:\Users\Daniel\AppData\Local\MicrosoftEdge
2017-06-16 10:00 - 2017-06-16 10:00 - 00000000 ____D C:\WINDOWS\Panther
2017-06-16 09:49 - 2017-06-16 09:49 - 00002409 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-16 09:49 - 2017-06-16 09:49 - 00000000 ___RD C:\Users\Daniel\OneDrive
2017-06-16 09:46 - 2017-06-16 10:08 - 00000000 ____D C:\Users\Daniel\AppData\Local\Packages
2017-06-16 09:46 - 2017-06-16 09:46 - 00000000 ____D C:\Users\Daniel\AppData\Local\Publishers
2017-06-16 09:45 - 2017-06-16 09:46 - 00000000 ____D C:\Users\Daniel\AppData\Local\ConnectedDevicesPlatform
2017-06-16 09:45 - 2017-06-16 09:45 - 00000000 ____D C:\Users\Daniel\AppData\Local\TileDataLayer
2017-06-15 21:39 - 2015-02-25 14:31 - 00450713 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20170615-213957.backup
2017-06-15 21:34 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-06-15 19:54 - 2017-06-15 21:34 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-06-15 19:54 - 2017-06-15 19:54 - 00001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-06-15 19:54 - 2017-06-15 19:54 - 00001452 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-06-15 19:54 - 2017-06-15 19:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-06-15 19:54 - 2017-06-15 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-06-15 19:54 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2017-06-15 19:52 - 2017-06-15 19:53 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Daniel_2\Downloads\spybot-2.4.exe
2017-06-15 19:27 - 2017-06-16 10:04 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-06-15 19:27 - 2017-06-15 21:18 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-06-15 19:27 - 2017-06-15 21:18 - 00044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-06-15 19:27 - 2017-06-15 21:17 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-15 19:27 - 2017-06-15 19:27 - 00188312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-06-15 19:26 - 2017-06-15 19:26 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-15 19:26 - 2017-06-15 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-15 19:26 - 2017-06-15 19:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-15 19:26 - 2017-06-15 19:26 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-15 19:26 - 2017-05-25 11:58 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-06-15 19:23 - 2017-06-15 19:23 - 04577221 _____ C:\Users\Daniel_2\Desktop\GSI6_DANIEL-PC_Daniel_06_15_2017_19_12_58.zip
2017-06-15 19:23 - 2017-06-15 19:23 - 00000000 ____D C:\ProgramData\s6vs
2017-06-15 19:18 - 2017-06-15 19:18 - 00000000 ____D C:\ProgramData\s70
2017-06-15 19:18 - 2017-06-15 19:18 - 00000000 ____D C:\ProgramData\s6ts
2017-06-15 19:12 - 2017-06-15 19:12 - 00000000 ____D C:\ProgramData\s95c
2017-06-15 19:12 - 2017-06-15 19:12 - 00000000 ____D C:\ProgramData\s90c
2017-06-15 19:12 - 2017-06-15 19:12 - 00000000 ____D C:\ProgramData\s46c
2017-06-15 19:01 - 2017-06-15 19:01 - 04560291 _____ C:\Users\Daniel\Desktop\GSI6_DANIEL-PC_Daniel_06_15_2017_18_52_42.zip
2017-06-15 19:01 - 2017-06-15 19:01 - 00000000 ____D C:\ProgramData\s8e4
2017-06-15 18:55 - 2017-06-15 18:55 - 00000000 ____D C:\ProgramData\s92s
2017-06-15 18:55 - 2017-06-15 18:55 - 00000000 ____D C:\ProgramData\s7t4
2017-06-15 18:52 - 2017-06-15 18:52 - 00000000 ____D C:\ProgramData\s6pk
2017-06-15 18:52 - 2017-06-15 18:52 - 00000000 ____D C:\ProgramData\s3v0
2017-06-15 18:52 - 2017-06-15 18:52 - 00000000 ____D C:\ProgramData\s1no
2017-06-15 18:50 - 2017-06-15 18:50 - 00000000 ____D C:\ProgramData\s6vk
2017-06-15 18:50 - 2017-06-15 18:50 - 00000000 ____D C:\ProgramData\s5rs
2017-06-15 18:50 - 2017-06-15 18:50 - 00000000 ____D C:\ProgramData\s1is
2017-06-15 18:45 - 2017-06-15 18:45 - 10414157 _____ C:\Users\Daniel_2\Downloads\GetSystemInfo6.2 (2).zip
2017-06-15 18:44 - 2017-06-15 18:45 - 10414157 _____ C:\Users\Daniel_2\Downloads\GetSystemInfo6.2 (1).zip
2017-06-15 16:54 - 2017-06-15 16:55 - 64232976 _____ (Malwarebytes ) C:\Users\Daniel_2\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092 (1).exe
2017-06-15 16:25 - 2017-06-15 16:28 - 138831128 _____ (Microsoft Corporation) C:\Users\Daniel_2\Downloads\msert (1).exe
2017-06-15 16:08 - 2017-04-21 14:53 - 00029376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2017-06-15 16:08 - 2017-04-21 14:53 - 00018600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2017-06-15 16:08 - 2017-04-21 14:50 - 00030912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2017-06-15 16:08 - 2017-04-21 14:50 - 00018592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2017-06-15 16:08 - 2017-04-11 11:27 - 00993632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2017-06-15 16:08 - 2017-04-11 11:27 - 00690008 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2017-06-15 16:08 - 2017-03-15 11:15 - 00987840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2017-06-15 16:08 - 2017-03-15 11:15 - 00485576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2017-06-15 13:16 - 2017-06-15 13:16 - 00000468 _____ C:\Users\Daniel_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mpam-fex64.lnk
2017-06-15 12:20 - 2017-06-15 12:21 - 00892944 _____ (Microsoft Corporation) C:\Users\Daniel_2\Downloads\mssstool64 (2).exe
2017-06-15 12:06 - 2017-06-15 12:06 - 00892944 _____ (Microsoft Corporation) C:\Users\Daniel_2\Downloads\mssstool64 (1).exe
2017-06-15 12:05 - 2017-06-15 12:05 - 00892944 _____ (Microsoft Corporation) C:\Users\Daniel_2\Downloads\mssstool64.exe
2017-06-15 10:51 - 2017-06-15 10:51 - 00004098 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B53B559B-0217-4370-8E56-2C2F05E20BEF}
2017-06-15 10:15 - 2017-06-15 21:33 - 00003240 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-06-15 10:03 - 2017-06-15 10:03 - 00000000 ____D C:\Users\Daniel_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-06-15 09:56 - 2017-06-15 09:56 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-06-14 16:01 - 2017-06-14 16:01 - 00000000 ____D C:\ProgramData\s12s
2017-06-14 15:54 - 2017-06-14 15:55 - 02923656 _____ C:\Users\Daniel_2\Downloads\GetSystemInfo5.2.zip
2017-06-14 15:28 - 2017-06-14 15:28 - 00000000 ____D C:\ProgramData\s5p0
2017-06-14 15:23 - 2017-06-14 15:23 - 00000000 ____D C:\ProgramData\sk4
2017-06-14 15:23 - 2017-06-14 15:23 - 00000000 ____D C:\ProgramData\s7rk
2017-06-14 15:20 - 2017-06-14 15:20 - 10583640 _____ (AO Kaspersky Lab) C:\Users\Daniel_2\Downloads\GetSystemInfo6.2 (1).exe
2017-06-14 15:20 - 2017-06-14 15:20 - 00000000 ____D C:\ProgramData\sd4o
2017-06-14 15:20 - 2017-06-14 15:20 - 00000000 ____D C:\ProgramData\s9f8
2017-06-14 15:20 - 2017-06-14 15:20 - 00000000 ____D C:\ProgramData\s6r8
2017-06-14 15:16 - 2017-06-15 19:28 - 00000000 ____D C:\Users\Daniel_2\Desktop\New folder
2017-06-14 15:02 - 2017-06-14 15:02 - 00000000 ____D C:\ProgramData\sdg8
2017-06-14 14:56 - 2017-06-14 14:56 - 00000000 ____D C:\ProgramData\sdpc
2017-06-14 14:56 - 2017-06-14 14:56 - 00000000 ____D C:\ProgramData\sauo
2017-06-14 14:53 - 2017-06-14 14:53 - 00000000 ____D C:\ProgramData\s5t8
2017-06-14 14:47 - 2017-06-14 14:47 - 00000000 ____D C:\ProgramData\s6e0
2017-06-14 14:47 - 2017-06-14 14:47 - 00000000 ____D C:\ProgramData\s334
2017-06-14 14:40 - 2017-06-14 14:40 - 00000000 ____D C:\ProgramData\se9k
2017-06-14 14:40 - 2017-06-14 14:40 - 00000000 ____D C:\ProgramData\s98c
2017-06-14 14:39 - 2017-06-14 14:40 - 00000000 ____D C:\ProgramData\scic
2017-06-14 14:39 - 2017-06-14 14:39 - 10583640 _____ (AO Kaspersky Lab) C:\Users\Daniel_2\Downloads\GetSystemInfo6.2.exe
2017-06-14 14:38 - 2017-06-14 14:39 - 10414157 _____ C:\Users\Daniel_2\Downloads\GetSystemInfo6.2.zip
2017-06-14 13:30 - 2017-06-14 13:30 - 00002020 _____ C:\Users\Daniel_2\Desktop\6.8.2017 37748679  Compromised Computer Notification from Cox Communications - DNSChanger.txt
2017-06-14 13:26 - 2017-06-14 13:26 - 00300398 _____ C:\Users\Daniel_2\Desktop\cox-email.pdf
2017-06-14 13:00 - 2017-06-14 13:01 - 138309400 _____ (Microsoft Corporation) C:\Users\Daniel_2\Downloads\msert.exe
2017-06-14 12:39 - 2017-06-03 03:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 12:39 - 2017-06-03 03:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-14 12:39 - 2017-06-03 03:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 12:39 - 2017-06-03 02:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-14 12:39 - 2017-06-03 02:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-14 12:39 - 2017-06-03 02:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-14 12:39 - 2017-06-03 02:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-14 12:39 - 2017-06-03 02:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-06-14 12:39 - 2017-06-03 02:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-06-14 12:39 - 2017-06-03 02:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-14 12:39 - 2017-06-03 02:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-14 12:39 - 2017-06-03 02:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 12:39 - 2017-06-03 02:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 12:39 - 2017-06-03 02:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 12:39 - 2017-06-03 02:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 12:39 - 2017-06-03 02:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 12:39 - 2017-06-03 02:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 12:39 - 2017-06-03 02:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-06-14 12:39 - 2017-06-03 02:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 12:39 - 2017-06-03 02:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-14 12:39 - 2017-06-03 02:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-14 12:39 - 2017-06-03 02:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-14 12:39 - 2017-06-03 02:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll
2017-06-14 12:39 - 2017-06-03 02:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-06-14 12:39 - 2017-06-03 02:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll
2017-06-14 12:39 - 2017-06-03 02:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-06-14 12:39 - 2017-06-03 02:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-06-14 12:39 - 2017-06-03 02:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-14 12:39 - 2017-06-03 02:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-06-14 12:39 - 2017-06-03 02:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 12:39 - 2017-06-03 02:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 12:39 - 2017-06-03 02:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 12:39 - 2017-06-03 02:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll
2017-06-14 12:39 - 2017-06-03 02:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 12:39 - 2017-06-03 02:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-06-14 12:39 - 2017-06-03 02:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 12:39 - 2017-06-03 02:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-06-14 12:39 - 2017-06-03 02:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll
2017-06-14 12:39 - 2017-06-03 02:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 12:39 - 2017-06-03 02:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 12:39 - 2017-06-03 02:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 12:39 - 2017-06-03 02:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 12:39 - 2017-06-03 01:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 12:39 - 2017-06-03 01:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 12:39 - 2017-06-03 01:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 12:39 - 2017-06-03 01:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-06-14 12:39 - 2017-06-03 01:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 12:39 - 2017-03-03 23:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-06-14 12:39 - 2016-09-06 21:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-06-14 12:38 - 2017-06-03 03:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-14 12:38 - 2017-06-03 03:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-14 12:38 - 2017-06-03 03:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-14 12:38 - 2017-06-03 03:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 12:38 - 2017-06-03 03:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-14 12:38 - 2017-06-03 03:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 12:38 - 2017-06-03 03:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 12:38 - 2017-06-03 02:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-14 12:38 - 2017-06-03 02:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 12:38 - 2017-06-03 02:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 12:38 - 2017-06-03 02:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-14 12:38 - 2017-06-03 02:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 12:38 - 2017-06-03 02:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-14 12:38 - 2017-06-03 02:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-06-14 12:38 - 2017-06-03 02:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-14 12:38 - 2017-06-03 02:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2017-06-14 12:38 - 2017-06-03 02:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 12:38 - 2017-06-03 02:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 12:38 - 2017-06-03 02:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-06-14 12:38 - 2017-06-03 02:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-06-14 12:38 - 2017-06-03 02:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 12:38 - 2017-06-03 02:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-06-14 12:38 - 2017-06-03 02:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 12:38 - 2017-06-03 02:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 12:38 - 2017-06-03 02:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 12:38 - 2017-06-03 02:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-14 12:38 - 2017-06-03 02:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 12:38 - 2017-06-03 02:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 12:38 - 2017-06-03 02:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 12:38 - 2017-06-03 02:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 12:38 - 2017-06-03 02:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 12:38 - 2017-06-03 02:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 12:38 - 2017-06-03 02:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 12:38 - 2017-06-03 02:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 12:38 - 2017-06-03 02:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 12:38 - 2017-06-03 02:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 12:38 - 2017-06-03 02:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-06-14 12:38 - 2017-06-03 02:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-06-14 12:38 - 2017-06-03 02:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-14 12:38 - 2017-06-03 02:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll
2017-06-14 12:38 - 2017-06-03 02:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-06-14 12:38 - 2017-06-03 02:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll
2017-06-14 12:38 - 2017-06-03 02:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-06-14 12:38 - 2017-06-03 02:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 12:38 - 2017-06-03 02:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 12:38 - 2017-06-03 02:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-06-14 12:38 - 2017-06-03 02:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 12:38 - 2017-06-03 02:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-06-14 12:38 - 2017-06-03 02:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll
2017-06-14 12:38 - 2017-06-03 02:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 12:38 - 2017-06-03 02:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-14 12:38 - 2017-06-03 02:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 12:38 - 2017-06-03 02:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-06-14 12:38 - 2017-06-03 02:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-14 12:38 - 2017-06-03 02:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 12:38 - 2017-06-03 01:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-06-14 12:38 - 2017-06-03 01:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 12:38 - 2017-06-03 01:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-06-14 12:38 - 2017-06-03 01:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 12:38 - 2017-06-03 01:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-14 12:38 - 2017-06-03 01:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 12:38 - 2017-06-03 01:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-06-14 12:38 - 2017-06-03 01:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-14 12:38 - 2017-06-03 01:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-06-14 12:38 - 2017-06-03 01:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 12:38 - 2017-06-03 01:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 12:38 - 2017-06-03 01:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 12:38 - 2017-06-03 01:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 12:38 - 2017-06-03 01:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-14 12:38 - 2017-06-03 01:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 12:38 - 2017-06-03 01:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 12:38 - 2017-06-03 01:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll
2017-06-14 12:38 - 2017-06-03 01:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-14 12:38 - 2017-06-03 01:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 12:38 - 2017-06-03 01:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 12:38 - 2017-06-03 01:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 12:38 - 2017-06-02 23:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls
2017-06-14 12:38 - 2017-05-24 22:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-06-14 12:38 - 2017-03-03 23:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-06-14 12:38 - 2017-03-03 23:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-06-14 12:38 - 2017-03-03 23:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-06-14 12:37 - 2017-06-03 02:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-12 14:09 - 2017-06-12 14:09 - 64232976 _____ (Malwarebytes ) C:\Users\Daniel_2\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe
2017-06-12 11:07 - 2017-06-12 11:11 - 00000000 ____D C:\Users\Daniel_2\Desktop\2017-Pics
2017-06-12 09:56 - 2017-06-12 09:56 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-06-02 14:47 - 2017-06-02 14:48 - 00000000 ____D C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-05-30 15:04 - 2017-05-30 15:04 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-05-30 15:04 - 2017-05-30 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-05-30 15:03 - 2017-05-30 15:04 - 00000000 ____D C:\Program Files\iTunes
2017-05-30 15:03 - 2017-05-30 15:03 - 00000000 ____D C:\Program Files\iPod
2017-05-30 14:58 - 2017-05-30 14:58 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-05-30 14:57 - 2017-05-30 14:57 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-05-22 10:52 - 2017-05-22 10:52 - 04789838 _____ C:\Users\Daniel_2\Desktop\Pentair Partners.pdf
2017-05-22 10:48 - 2017-05-22 10:48 - 00390645 _____ C:\Users\Daniel_2\Desktop\Pool-Dorrado.pdf
2017-05-22 10:48 - 2017-05-22 10:48 - 00000000 ____D C:\Users\Daniel_2\AppData\LocalLow\Temp
2017-05-18 22:17 - 2017-05-18 22:17 - 00166288 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2017-05-18 22:17 - 2017-05-18 22:17 - 00131984 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus.sys
2017-05-17 14:25 - 2017-05-17 14:25 - 00247298 _____ C:\Users\Cheryl\Downloads\{4DC6E3F9-9288-47EB-B830-355D557C4FDD}.pdf
2017-05-17 14:24 - 2017-05-17 14:24 - 00088187 _____ C:\Users\Cheryl\Downloads\{158CEFFD-62FE-47B7-AC0A-4A951AA0C28C}.pdf
2017-05-17 14:24 - 2017-05-17 14:24 - 00076221 _____ C:\Users\Cheryl\Downloads\{BA677973-66F3-44DD-A536-F59D5A450C3E}.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-16 10:14 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-16 10:03 - 2012-02-21 12:02 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-06-16 09:49 - 2016-10-02 04:15 - 00000000 ____D C:\Users\Daniel
2017-06-16 09:46 - 2015-12-16 20:19 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-15 22:55 - 2016-10-02 04:09 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-15 22:27 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-15 22:04 - 2012-07-02 22:38 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-06-15 21:34 - 2017-04-21 09:56 - 00000000 ____D C:\Program Files\Common Files\AV
2017-06-15 21:24 - 2016-10-02 04:15 - 01377926 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-15 21:18 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF
2017-06-15 21:17 - 2016-10-02 04:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-15 21:16 - 2016-07-15 23:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-06-15 19:48 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\rescache
2017-06-15 19:02 - 2011-03-12 12:50 - 00000000 ____D C:\Users\Daniel\Desktop\New folder
2017-06-15 16:13 - 2016-07-16 04:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-15 15:44 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-15 14:11 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\registration
2017-06-15 13:28 - 2015-12-20 11:50 - 00000000 ____D C:\WINDOWS\pss
2017-06-15 11:48 - 2011-03-09 11:37 - 00000000 ____D C:\Users\Daniel\AppData\Local\ElevatedDiagnostics
2017-06-15 10:51 - 2015-02-25 14:29 - 00000000 __SHD C:\Users\Daniel\AppData\Local\EmieUserList
2017-06-15 10:51 - 2015-02-25 14:29 - 00000000 __SHD C:\Users\Daniel\AppData\Local\EmieSiteList
2017-06-15 10:12 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-15 10:04 - 2014-04-13 14:02 - 00000000 ____D C:\Users\Daniel_2\AppData\Roaming\Dropbox
2017-06-15 10:03 - 2015-06-29 14:34 - 00000000 ____D C:\Users\Daniel_2\AppData\Local\Dropbox
2017-06-15 09:58 - 2016-10-02 04:09 - 00223672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-15 09:56 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-15 09:56 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-15 09:56 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-15 09:49 - 2014-04-14 14:18 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-15 09:49 - 2014-04-14 14:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-14 14:59 - 2014-01-07 15:09 - 00001387 _____ C:\Users\Daniel_2\Desktop\Internet Explorer.lnk
2017-06-14 14:59 - 2012-02-29 12:27 - 00002519 _____ C:\Users\Daniel_2\Desktop\Google Chrome.lnk
2017-06-14 14:59 - 2011-02-17 11:03 - 00001383 _____ C:\Users\Daniel_2\Desktop\Internet Explorer (64-bit).lnk
2017-06-14 14:01 - 2014-04-14 15:57 - 00000000 ____D C:\Users\Daniel_2\Desktop\2014-Pics
2017-06-14 13:26 - 2013-08-19 14:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 13:18 - 2011-02-15 21:27 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 13:17 - 2014-04-14 14:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-14 12:48 - 2006-11-02 05:34 - 00000275 _____ C:\WINDOWS\win.ini
2017-06-14 12:42 - 2015-12-18 16:15 - 00002415 _____ C:\Users\Daniel_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-14 12:42 - 2015-12-18 16:15 - 00000000 ___RD C:\Users\Daniel_2\OneDrive
2017-06-14 11:50 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-14 11:50 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-12 13:11 - 2016-07-15 23:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-06-12 13:11 - 2011-02-15 10:13 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-06-12 10:35 - 2014-04-13 12:23 - 00000000 ____D C:\ProgramData\Samsung
2017-06-12 10:35 - 2014-04-13 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2017-06-12 10:35 - 2014-04-13 12:23 - 00000000 ____D C:\Program Files (x86)\Samsung
2017-06-12 10:35 - 2011-02-15 09:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-06-12 10:11 - 2014-04-13 12:48 - 00001973 _____ C:\Users\Public\Desktop\Samsung Kies 3.lnk
2017-06-12 10:08 - 2014-04-13 12:52 - 00000000 ____D C:\Program Files\SAMSUNG
2017-06-12 10:04 - 2014-04-13 12:48 - 00000000 ____D C:\Users\Daniel_2\Documents\SelfMV
2017-06-02 23:36 - 2016-07-16 04:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-02 23:36 - 2016-07-16 04:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-02 14:48 - 2012-12-22 12:55 - 00000000 ____D C:\Users\Cheryl\AppData\Roaming\Dropbox
2017-06-02 14:46 - 2015-06-24 17:53 - 00000000 ____D C:\Users\Cheryl\AppData\Local\Dropbox
2017-05-30 15:04 - 2011-07-20 09:47 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Apple Computer
2017-05-30 15:02 - 2011-07-13 09:47 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-05-30 14:57 - 2011-07-13 09:47 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-05-30 14:56 - 2012-12-30 18:32 - 00000000 ____D C:\Users\Daniel_2\Desktop\htc 12-30-12
2017-05-22 10:56 - 2012-02-29 12:27 - 00002527 _____ C:\Users\Daniel_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2011-03-12 12:37 - 2011-03-12 12:51 - 0000077 _____ () C:\Users\Daniel\AppData\Roaming\Rim.Desktop.Exception.log
2011-03-12 11:55 - 2011-07-01 08:14 - 0002021 _____ () C:\Users\Daniel\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-04-03 16:16 - 2011-01-04 09:26 - 0076407 _____ () C:\Users\Daniel\AppData\Roaming\Smiley.ico
2011-03-12 12:38 - 2011-03-12 12:38 - 0003584 _____ () C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-02-16 09:17 - 2011-02-18 11:27 - 0021315 _____ () C:\Users\Daniel\AppData\Local\HWVendorDetection.log
2012-07-09 15:03 - 2016-07-29 13:20 - 0009456 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
2017-06-12 10:06 - 2017-06-12 10:17 - 0066048 _____ () C:\Users\Daniel\AppData\Local\Temp\Execute2App.exe
2017-06-12 10:17 - 2017-06-12 10:17 - 0331264 _____ (TODO: <회사 이름>) C:\Users\Daniel\AppData\Local\Temp\Kies3RemoveAll.exe
2017-06-12 10:06 - 2014-05-07 17:43 - 0568832 _____ (Microsoft Corporation) C:\Users\Daniel\AppData\Local\Temp\msvcp90.dll
2017-06-12 10:06 - 2014-05-07 17:43 - 0655872 _____ (Microsoft Corporation) C:\Users\Daniel\AppData\Local\Temp\msvcr90.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-16 10:00
 
==================== End of FRST.txt ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01
Ran by Daniel (16-06-2017 10:19:25)
Running from C:\Users\Daniel\AppData\Local\Microsoft\Windows\INetCache\IE\UIOH6R5P
Windows 10 Home Version 1607 (X64) (2016-10-02 11:46:47)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1459875843-3859104557-3610610433-500 - Administrator - Disabled)
Cheryl (S-1-5-21-1459875843-3859104557-3610610433-1002 - Limited - Enabled) => C:\Users\Cheryl
Daniel (S-1-5-21-1459875843-3859104557-3610610433-1000 - Administrator - Enabled) => C:\Users\Daniel
Daniel_2 (S-1-5-21-1459875843-3859104557-3610610433-1001 - Limited - Enabled) => C:\Users\Daniel_2
DefaultAccount (S-1-5-21-1459875843-3859104557-3610610433-503 - Limited - Disabled)
Guest (S-1-5-21-1459875843-3859104557-3610610433-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.118 - Adobe Systems Incorporated)
Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.103 - NOS Microsystems Ltd.)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.126 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.20) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated)
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C4200 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
c4200_Help (x32 Version: 82.0.210.000 - Hewlett-Packard) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.3.11069.2 - Cisco Consumer Products LLC)
Cisco Network Magic (x32 Version: 5.5.09195.0 - Pure Networks) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart C4200 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{276C40A7-8110-4976-80D2-39C669B84D32}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{39C8BE76-CF6A-466F-8618-0B52CC4CA0FC}) (Version: 8.3.27.17 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.5.26.37 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 13.5 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Java 7 Update 13 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217013FF}) (Version: 7.0.130 - Oracle)
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
KB0817 Keyboard Driver (HKLM-x32\...\{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}) (Version: 1.30.0000 - Gateway)
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Office Basic Edition 2003 (HKLM-x32\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\MyFreeCodec) (Version:  - )
Network Magic (HKLM-x32\...\Network MagicUninstall) (Version: 5.5.9195.0 - Cisco Systems, Inc.)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
PS_AIO_Software_min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
Pure Networks Platform (x32 Version: 11.2.09195.1 - Pure Networks) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => No File
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => No File
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => No File
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00CEAAFB-AEC9-4978-976A-586E6563D59B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-07-04] (HP Inc.)
Task: {02213FD6-60D8-457B-89F3-A60AC7442549} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {03B6334A-6BE5-4E4F-867B-5679ADDA8083} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {09F2325D-59CB-464B-BE25-3685ABA4DF9D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {172722BA-B6B5-431B-844E-44E5E737C28C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {1C979D42-756E-497B-B2BC-D350FCF4B784} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {29BB3931-56E9-40CF-AB95-0B259ADDC873} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1001Core => C:\Users\Daniel_2\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {2E790289-858D-4F2D-ADDE-1A748A39A106} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {2FF3C4C7-EB54-45B3-8B32-BC8404481209} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {31D87257-9357-41F2-A4B7-87EA9F2C5546} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {34001681-BBF0-478A-85F5-48E5B7B5CF95} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3615A49D-A61A-45BC-A592-712EE2559A57} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {377A66EC-7279-4521-87CE-891048DE0B14} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {388F9F29-88F1-4D75-9D92-2D4647ECAB84} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3CE9EB16-0B12-42A6-9A2F-9A5C5A502097} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {3D3D461E-7C93-4176-A48F-D024C8515929} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3E2C178C-11F7-4DE2-8A47-186BD961B494} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {3E8F5E01-DBAC-4DB5-83FD-BA8525468515} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {455ED4FC-2A18-4297-B7E5-2658D5F092D4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {46B43F4E-8A35-477A-96EF-7BFBD8072C00} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {4C07A74D-1C39-4BEC-A48A-DA3F179196D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.)
Task: {50A93176-A9EB-4C6F-9345-2BF1C352FAA4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {52DC586D-B8BD-48F3-BE92-C7AB25FAC819} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1001UA1d262d764b28348 => C:\Users\Daniel_2\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {544CA68F-9B0F-4DFA-BBE6-FDAA42BA3DA4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1002UA => C:\Users\Cheryl\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {5746F87C-CD37-499B-9457-6CA7B5488BA6} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {58483233-A679-4CFD-A4E1-9B4DAD1F9383} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {6B151AC9-0CB6-4ABB-961D-6A6051590871} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1002UA1d2596bbeb2fe6e => C:\Users\Cheryl\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {6C6FF72E-C7D3-424A-96AF-1211E845DB0B} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6D93B13B-158F-4E19-B2A0-11F9A9CFC01E} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {6E274A6E-8A3E-469C-A81D-4D056C43FB7A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-10] (Adobe Systems Incorporated)
Task: {6F7580F4-D954-4223-97E7-C3C13B5955F3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\WINDOWS\system32\gatherWiredInfo.vbs
Task: {73E98F4D-8F11-4293-B224-886A86279B1B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {743FC4C8-94EB-45CD-AB21-EC24271C0BD0} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Cheryl\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {744AE0B4-EFAA-4AC8-951C-A10E6D7B1399} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {76AF196A-28CB-427F-98AF-0A105CFE123F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1002Core1d2596bbe85b1c1 => C:\Users\Cheryl\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {7A31E640-84AB-4EDF-B16E-2F6881843424} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7F04D7D6-226F-4593-94C5-CC3FD2954F51} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {83CF1578-64B1-4086-B435-899720E2325E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1002Core => C:\Users\Cheryl\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {83EFBE05-1046-449F-BC39-75E0AE5A19F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-07-04] (HP Inc.)
Task: {8481A720-1CAC-499B-B272-EA9DA3D1C8D0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8A7E9D2D-0AA5-4D06-9CEA-D2341C74CBCD} - System32\Tasks\MHotkey => C:\WINDOWS\MHotKey.exe [2008-05-30] ()
Task: {8BF70707-B77D-41AF-A62F-80C6CDAB6435} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1002UA1d2395428366d1 => C:\Users\Cheryl\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.)
Task: {934781AC-7AED-4309-8336-2A3FA8DFD2C2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {94F5741F-D978-4666-9B25-86CB0B648C2E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.)
Task: {99118D40-261A-47CC-AD19-03505BBEA8E2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {9917A237-AE31-468D-92F6-EED3A47EAC05} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {99764903-67FC-4E31-A6B6-0255EBDEAA4F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B0B90252-AED1-4AB3-AD4C-DE211ABC46AA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B5E58CB6-F542-40D5-9B6F-AD2B9F1F6646} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2016-07-04] (HP Inc.)
Task: {B79DB5D9-4017-4FEC-A7AA-7839A649F209} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab)
Task: {BCA81336-74CB-4555-AB2F-21435F0AAE0D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BDD396F9-81BC-44F0-A65E-B16B570859DF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1001Core1d262d76485369e => C:\Users\Daniel_2\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {C11A29F8-DC60-4968-BF44-7A4EF27D82E9} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C3AB2B7C-6539-4425-AF65-ED697E5B870A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1002Core1d2395425711ca => C:\Users\Cheryl\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.)
Task: {CBF7A2CB-005A-47D7-9673-D8E13AB4515A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CDC2AB77-412A-44C9-9934-3B7F3CE9B273} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1001UA1d24e41137fa61c => C:\Users\Daniel_2\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-12-04] (Dropbox, Inc.)
Task: {DB43E39A-2B74-4E73-9DB0-A9DAF0700141} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E09469F7-2445-4EB2-A214-2C160EB57A76} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1001Core1d24e4112aa0d1e => C:\Users\Daniel_2\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-12-04] (Dropbox, Inc.)
Task: {E0D62EF0-0796-4D0F-8192-141CF2EDFDCD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E6B20F2A-B2D8-4E9B-B3D1-0BDC568CB6AF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {E8737731-5173-4D77-8202-2683497C7724} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1001UA => C:\Users\Daniel_2\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\WINDOWS\system32\gatherWirelessInfo.vbs
Task: {F0268BDF-3911-4196-9D4F-E864FEBCD24C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F308ACFE-22E8-4EFB-A299-072270A4DB59} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {F6B6CF55-FC3E-4783-8930-EEB410DFE153} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F7110351-8DE2-4153-9420-0BED6DEA87C4} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F7159B2E-FB79-4F0A-BDAF-CF60832A2FE6} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F989708B-D73D-4BA9-AC9B-D36449D63F93} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FA9C59DC-9D4C-4916-87E4-9192558CC846} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {FC1F4D7C-521F-4089-9BC6-FAAA0185BA2C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1001Core1d24e4112aa0d1e.job => C:\Users\Daniel_2\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1001UA1d24e41137fa61c.job => C:\Users\Daniel_2\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1002Core1d2395425711ca.job => C:\Users\Cheryl\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1002UA1d2395428366d1.job => C:\Users\Cheryl\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1001Core.job => C:\Users\Daniel_2\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1001UA.job => C:\Users\Daniel_2\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1002Core.job => C:\Users\Cheryl\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1002UA.job => C:\Users\Cheryl\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-05-09 00:44 - 2017-05-09 00:44 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-06-15 19:26 - 2017-05-25 14:11 - 02270664 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-07-16 04:42 - 2016-07-16 04:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-06-14 12:38 - 2017-06-03 03:01 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2011-02-21 16:06 - 2008-05-30 10:50 - 00581120 _____ () C:\WINDOWS\MHotKey.exe
2017-06-16 09:49 - 2017-06-16 09:49 - 00959168 _____ () C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll
2016-10-02 05:01 - 2016-10-02 05:01 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 19:00 - 2017-03-03 23:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 19:01 - 2017-03-03 23:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 19:01 - 2017-03-03 23:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 19:01 - 2017-03-03 23:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-06-14 12:38 - 2017-06-03 01:47 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-06-14 12:38 - 2017-06-03 01:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-06-14 12:38 - 2017-06-03 01:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 00092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 01354040 _____ () C:\Program Files\iTunes\libxml2.dll
2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\kpcengine.2.3.dll
2017-06-15 19:54 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-06-15 19:54 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-06-15 19:54 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-06-15 19:54 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-06-15 19:54 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-09-12 23:03 - 2017-04-21 10:21 - 01359456 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\KasperskyLab.Ksde.NativeInterop.dll
2009-07-13 17:37 - 2009-07-13 17:37 - 00152112 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
2009-07-13 17:37 - 2009-07-13 17:37 - 00098304 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
2017-06-16 09:48 - 2017-06-16 09:48 - 00679624 _____ () C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\ClientTelemetry.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Daniel_2\Desktop\vr4qph.jpg:com.dropbox.attributes [322]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7936 more sites.
 
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\123simsen.com -> www.123simsen.com
 
There are 7937 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 05:34 - 2017-06-15 21:39 - 00454552 ____R C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123moviedownload.com
127.0.0.1 123moviedownload.com
 
There are 15600 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel\AppData\Local\Microsoft\Windows\Themes\img6.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{802E1D9D-6DC8-4A5F-A996-5CD679BED14F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{244529DB-60CB-4042-8C8E-DE606F7FC383}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0316495F-2E52-49DA-89D2-BE2D96A9134F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9ECFF359-583C-48AC-A921-6E071F106DDD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{E179896F-D3B7-4CCD-8359-65BD2A3CA3D9}C:\users\cheryl\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\cheryl\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{4C7FEB1A-C735-4BFD-82EB-94C91128CE95}C:\users\cheryl\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\cheryl\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{B3AE1F0F-A840-4C44-9342-59313776958C}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{4ED76042-82F9-4B66-817C-70BC1A3382ED}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{1C0CAB25-5559-4DBF-B777-7C91A55350C9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{3340EBA9-241B-4223-AAB8-F555C2192552}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{C5497E31-CF10-4CEF-8433-72788D90576A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{4C982D6E-92D4-4D02-81F5-D7CD9198C38B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{A8A4BA28-7BF6-4E33-8B7D-51E2623DD129}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{6E729FE0-7608-4549-BF26-A7F2E99DA6B3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{EB2C4D7E-143B-4C05-8837-6B46C8A5C01D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{74A5ECFB-433B-420B-B3A8-981A054CB117}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{FB9D6429-77E3-4AD8-9C81-D9C3F88AD5FC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{E5EC9155-F8E3-4E79-9F99-7E7A469425D6}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{3A0EE91C-427A-4D73-A66C-BE8618C3E2F4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{DD4AC37F-75DE-4C7A-95FA-72B904592BED}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{C76B3975-F8D2-4BE3-AFAE-086A7E1DAEC3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{2FA49990-4014-4DEE-B329-A60FE05C4638}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{0C400A04-DFC5-466E-A9A5-AA2BE721C2B3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{4549F95D-D73C-4FB5-AEF8-BB200493F7CA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{DADDFAC8-9E23-4E11-81C7-B05C7B5BC704}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{44177B5E-80AA-49EF-B4E6-CC939DA8E3FE}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{C486FE1E-F66C-464C-AC78-8677EE3F8E6D}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{3D367012-E0D6-463E-B466-5847A2A0E1A0}] => (Allow) C:\Users\Cheryl\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9DF61F9C-01EB-41D8-BE13-66DABCAC6EE9}] => (Allow) C:\Users\Cheryl\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{AEA13169-B8C0-411A-89AA-30F78C73DD0A}] => (Allow) C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{DD4CC8A9-7CB3-4B19-B660-0BF0D932B848}] => (Allow) C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FAA5A98F-94C3-43A8-AA23-4163228E8A74}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{785EB0A1-88BA-4412-94B1-12FB6EAAED0E}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{7D7BACBB-CB42-443A-A88A-3B004543F426}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{1ECE6241-5EAD-4D9A-B0C5-C9C698D43683}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
FirewallRules: [{36740342-9B50-423C-B7BB-7948815824EC}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
30-05-2017 14:50:48 Windows Update
06-06-2017 18:13:11 Scheduled Checkpoint
12-06-2017 11:06:17 Windows Update
15-06-2017 16:05:48 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/16/2017 10:09:00 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Daniel-PC)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/16/2017 10:01:47 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Daniel-PC)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/16/2017 09:53:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Daniel-PC)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/16/2017 09:51:38 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Daniel-PC)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/16/2017 09:47:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Daniel-PC)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/16/2017 09:46:09 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070091.
 
Error: (06/16/2017 09:43:21 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.
 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
Error: (06/16/2017 09:43:21 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.
 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
Error: (06/16/2017 09:43:21 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.
 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
Error: (06/16/2017 09:43:21 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.
 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
 
System errors:
=============
Error: (06/16/2017 10:02:07 AM) (Source: DCOM) (EventID: 10016) (User: Daniel-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{9E175B6D-F52A-11D8-B9A5-505054503030}
 and APPID 
{9E175B9C-F52A-11D8-B9A5-505054503030}
 to the user Daniel-PC\Daniel SID (S-1-5-21-1459875843-3859104557-3610610433-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/16/2017 09:46:44 AM) (Source: DCOM) (EventID: 10016) (User: Daniel-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{260EB9DE-5CBE-4BFF-A99A-3710AF55BF1E}
 and APPID 
{260EB9DE-5CBE-4BFF-A99A-3710AF55BF1E}
 to the user Daniel-PC\Daniel SID (S-1-5-21-1459875843-3859104557-3610610433-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.14393.1358_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/16/2017 09:45:43 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/15/2017 09:31:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/15/2017 09:17:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SDWSCService service failed to start due to the following error: 
A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (06/15/2017 09:17:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (06/15/2017 09:13:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error: 
A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (06/15/2017 03:34:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (06/15/2017 03:33:17 PM) (Source: DCOM) (EventID: 10005) (User: Daniel-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (06/15/2017 03:33:07 PM) (Source: DCOM) (EventID: 10005) (User: Daniel-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
 
CodeIntegrity:
===================================
  Date: 2017-06-16 10:17:53.580
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-06-16 10:17:53.577
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-06-16 10:17:53.542
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-06-16 10:17:53.538
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-06-16 10:07:47.932
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-06-16 10:07:47.790
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-06-16 10:07:47.168
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-06-16 10:07:46.796
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-06-16 10:07:41.110
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-06-16 10:07:40.122
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 55%
Total physical RAM: 4061.17 MB
Available physical RAM: 1798.95 MB
Total Virtual: 8157.17 MB
Available Virtual: 5584.22 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:595.73 GB) (Free:512.52 GB) NTFS ==>[drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 68AC7C90)
Partition 1: (Active) - (Size=595.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================
 
 
 
 
 
I look forward to your reply.

Edited by Javamonkey, 16 June 2017 - 04:00 PM.

  • 0

#4
Javamonkey

Javamonkey

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts

Sorry here are the new scans with the Internet Lan option unchecked.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2017 01
Ran by Daniel (administrator) on DANIEL-PC (16-06-2017 14:28:55)
Running from C:\Users\Daniel\AppData\Local\Microsoft\Windows\INetCache\IE\UIOH6R5P
Loaded Profiles: Daniel (Available Profiles: Daniel & Daniel_2 & Cheryl & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Windows\mHotkey.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Chicony) C:\Windows\ChiFuncExt.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
(Creative) C:\Windows\CNYHKey.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Chicony) C:\Windows\ModLEDKey.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Farbar) C:\Users\Daniel\AppData\Local\Microsoft\Windows\INetCache\IE\UIOH6R5P\FRST64 (2).exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [nmctxth] => C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [647216 2009-07-07] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [nmapp] => C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe [472112 2009-07-08] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [LchDrvKey] => C:\WINDOWS\LchDrvKey.exe [36864 2007-03-28] ()
HKLM-x32\...\Run: [LedKey] => C:\WINDOWS\CNYHKey.exe [339968 2008-04-23] (Creative)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-05-09] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\Run: [ISUSPM] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [205480 2007-08-30] (Macrovision Corporation)
HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [572416 2017-03-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-07-29]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-06-02]
ShortcutTarget: Dropbox.lnk -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Daniel_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-03-27]
ShortcutTarget: Dropbox.lnk -> C:\Users\Daniel\AppData\Roaming\Dropbox\OldBinaries\bin_qw0zby\bin\Dropbox.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{aeac262f-8c32-4555-b2ac-17f41d8c5fea}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{cfbeb970-56f7-4545-84e6-812b68fdfd2f}: [DhcpNameServer] 8.8.8.8 8.8.4.4
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-04-21] (AO Kaspersky Lab)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-11] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2017-04-21] (AO Kaspersky Lab)
BHO-x32: No Name -> {53707962-6F74-2D53-2644-206D7942484F} -> No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-11] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-11] (Google Inc.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-04-21] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-11] (Google Inc.)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2017-04-21] (AO Kaspersky Lab)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} hxxp://nmreports.linksys.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll [2009-07-14] (Cisco Systems, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll [2009-07-14] (Cisco Systems, Inc.)
 
FireFox:
========
FF Extension: (Kaspersky URL Advisor) - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2012-02-21] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012-02-21] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-04-21]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_126.dll [2017-06-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_126.dll [2017-06-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-12-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @nosltd.com/getPlus+®,version=1.6.2.103 -> C:\Program Files (x86)\NOS\bin\np_gp.dll [2011-05-25] (NOS Microsystems Ltd.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
StartMenuInternet: Google Chrome - C:\Users\Daniel_2\AppData\Local\Google\Chrome\Application\chrome.exe
StartMenuInternet: Google Chrome.Cheryl - C:\Users\Cheryl\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [53248 2011-05-25] (NOS Microsystems Ltd.)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.) [File not signed]
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R0 CSCrySec; C:\WINDOWS\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\WINDOWS\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-05-25] ()
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [197336 2017-04-21] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [520176 2017-04-21] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [168736 2017-06-15] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1018592 2017-04-21] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2017-04-21] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [229288 2017-04-29] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2017-04-21] (AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [251656 2017-04-29] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [112912 2017-04-29] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [173144 2017-04-29] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [136416 2017-04-21] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199392 2017-04-21] (AO Kaspersky Lab)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188312 2017-06-15] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-06-15] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [44960 2017-06-15] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-15] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-06-16] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 RimVSerPort; C:\WINDOWS\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-16 10:16 - 2017-06-16 14:28 - 00000000 ____D C:\FRST
2017-06-16 10:10 - 2017-06-16 10:11 - 02438656 _____ (Farbar) C:\Users\Daniel\Downloads\FRST64.exe
2017-06-16 10:07 - 2017-06-16 10:07 - 00000000 ____D C:\Users\Daniel\AppData\Local\Comms
2017-06-16 10:02 - 2017-06-16 10:02 - 00000000 ____D C:\Users\Daniel\AppData\Local\MicrosoftEdge
2017-06-16 10:00 - 2017-06-16 10:00 - 00000000 ____D C:\WINDOWS\Panther
2017-06-16 09:49 - 2017-06-16 09:49 - 00002409 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-16 09:49 - 2017-06-16 09:49 - 00000000 ___RD C:\Users\Daniel\OneDrive
2017-06-16 09:46 - 2017-06-16 10:31 - 00000000 ____D C:\Users\Daniel\AppData\Local\Packages
2017-06-16 09:46 - 2017-06-16 09:46 - 00000000 ____D C:\Users\Daniel\AppData\Local\Publishers
2017-06-16 09:45 - 2017-06-16 13:25 - 00000000 ____D C:\Users\Daniel\AppData\Local\ConnectedDevicesPlatform
2017-06-16 09:45 - 2017-06-16 09:45 - 00000000 ____D C:\Users\Daniel\AppData\Local\TileDataLayer
2017-06-15 21:39 - 2015-02-25 14:31 - 00450713 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20170615-213957.backup
2017-06-15 21:34 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-06-15 19:54 - 2017-06-16 10:37 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-06-15 19:54 - 2017-06-16 10:31 - 00001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-06-15 19:54 - 2017-06-16 10:31 - 00001452 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-06-15 19:54 - 2017-06-16 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-06-15 19:54 - 2017-06-15 19:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-06-15 19:54 - 2015-06-16 17:32 - 00020760 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2017-06-15 19:52 - 2017-06-15 19:53 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Daniel_2\Downloads\spybot-2.4.exe
2017-06-15 19:27 - 2017-06-16 10:04 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-06-15 19:27 - 2017-06-15 21:18 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-06-15 19:27 - 2017-06-15 21:18 - 00044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-06-15 19:27 - 2017-06-15 21:17 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-15 19:27 - 2017-06-15 19:27 - 00188312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-06-15 19:26 - 2017-06-15 19:26 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-15 19:26 - 2017-06-15 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-15 19:26 - 2017-06-15 19:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-15 19:26 - 2017-06-15 19:26 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-15 19:26 - 2017-05-25 11:58 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-06-15 19:23 - 2017-06-15 19:23 - 04577221 _____ C:\Users\Daniel_2\Desktop\GSI6_DANIEL-PC_Daniel_06_15_2017_19_12_58.zip
2017-06-15 19:23 - 2017-06-15 19:23 - 00000000 ____D C:\ProgramData\s6vs
2017-06-15 19:18 - 2017-06-15 19:18 - 00000000 ____D C:\ProgramData\s70
2017-06-15 19:18 - 2017-06-15 19:18 - 00000000 ____D C:\ProgramData\s6ts
2017-06-15 19:12 - 2017-06-15 19:12 - 00000000 ____D C:\ProgramData\s95c
2017-06-15 19:12 - 2017-06-15 19:12 - 00000000 ____D C:\ProgramData\s90c
2017-06-15 19:12 - 2017-06-15 19:12 - 00000000 ____D C:\ProgramData\s46c
2017-06-15 19:01 - 2017-06-15 19:01 - 04560291 _____ C:\Users\Daniel\Desktop\GSI6_DANIEL-PC_Daniel_06_15_2017_18_52_42.zip
2017-06-15 19:01 - 2017-06-15 19:01 - 00000000 ____D C:\ProgramData\s8e4
2017-06-15 18:55 - 2017-06-15 18:55 - 00000000 ____D C:\ProgramData\s92s
2017-06-15 18:55 - 2017-06-15 18:55 - 00000000 ____D C:\ProgramData\s7t4
2017-06-15 18:52 - 2017-06-15 18:52 - 00000000 ____D C:\ProgramData\s6pk
2017-06-15 18:52 - 2017-06-15 18:52 - 00000000 ____D C:\ProgramData\s3v0
2017-06-15 18:52 - 2017-06-15 18:52 - 00000000 ____D C:\ProgramData\s1no
2017-06-15 18:50 - 2017-06-15 18:50 - 00000000 ____D C:\ProgramData\s6vk
2017-06-15 18:50 - 2017-06-15 18:50 - 00000000 ____D C:\ProgramData\s5rs
2017-06-15 18:50 - 2017-06-15 18:50 - 00000000 ____D C:\ProgramData\s1is
2017-06-15 18:45 - 2017-06-15 18:45 - 10414157 _____ C:\Users\Daniel_2\Downloads\GetSystemInfo6.2 (2).zip
2017-06-15 18:44 - 2017-06-15 18:45 - 10414157 _____ C:\Users\Daniel_2\Downloads\GetSystemInfo6.2 (1).zip
2017-06-15 16:54 - 2017-06-15 16:55 - 64232976 _____ (Malwarebytes ) C:\Users\Daniel_2\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092 (1).exe
2017-06-15 16:25 - 2017-06-15 16:28 - 138831128 _____ (Microsoft Corporation) C:\Users\Daniel_2\Downloads\msert (1).exe
2017-06-15 16:08 - 2017-04-21 14:53 - 00029376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2017-06-15 16:08 - 2017-04-21 14:53 - 00018600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2017-06-15 16:08 - 2017-04-21 14:50 - 00030912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2017-06-15 16:08 - 2017-04-21 14:50 - 00018592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2017-06-15 16:08 - 2017-04-11 11:27 - 00993632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2017-06-15 16:08 - 2017-04-11 11:27 - 00690008 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2017-06-15 16:08 - 2017-03-15 11:15 - 00987840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2017-06-15 16:08 - 2017-03-15 11:15 - 00485576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2017-06-15 13:16 - 2017-06-15 13:16 - 00000468 _____ C:\Users\Daniel_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mpam-fex64.lnk
2017-06-15 12:20 - 2017-06-15 12:21 - 00892944 _____ (Microsoft Corporation) C:\Users\Daniel_2\Downloads\mssstool64 (2).exe
2017-06-15 12:06 - 2017-06-15 12:06 - 00892944 _____ (Microsoft Corporation) C:\Users\Daniel_2\Downloads\mssstool64 (1).exe
2017-06-15 12:05 - 2017-06-15 12:05 - 00892944 _____ (Microsoft Corporation) C:\Users\Daniel_2\Downloads\mssstool64.exe
2017-06-15 10:51 - 2017-06-16 14:17 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B53B559B-0217-4370-8E56-2C2F05E20BEF}
2017-06-15 10:15 - 2017-06-15 21:33 - 00003240 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-06-15 10:03 - 2017-06-15 10:03 - 00000000 ____D C:\Users\Daniel_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-06-15 09:56 - 2017-06-15 09:56 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-06-14 16:01 - 2017-06-14 16:01 - 00000000 ____D C:\ProgramData\s12s
2017-06-14 15:54 - 2017-06-14 15:55 - 02923656 _____ C:\Users\Daniel_2\Downloads\GetSystemInfo5.2.zip
2017-06-14 15:28 - 2017-06-14 15:28 - 00000000 ____D C:\ProgramData\s5p0
2017-06-14 15:23 - 2017-06-14 15:23 - 00000000 ____D C:\ProgramData\sk4
2017-06-14 15:23 - 2017-06-14 15:23 - 00000000 ____D C:\ProgramData\s7rk
2017-06-14 15:20 - 2017-06-14 15:20 - 10583640 _____ (AO Kaspersky Lab) C:\Users\Daniel_2\Downloads\GetSystemInfo6.2 (1).exe
2017-06-14 15:20 - 2017-06-14 15:20 - 00000000 ____D C:\ProgramData\sd4o
2017-06-14 15:20 - 2017-06-14 15:20 - 00000000 ____D C:\ProgramData\s9f8
2017-06-14 15:20 - 2017-06-14 15:20 - 00000000 ____D C:\ProgramData\s6r8
2017-06-14 15:16 - 2017-06-15 19:28 - 00000000 ____D C:\Users\Daniel_2\Desktop\New folder
2017-06-14 15:02 - 2017-06-14 15:02 - 00000000 ____D C:\ProgramData\sdg8
2017-06-14 14:56 - 2017-06-14 14:56 - 00000000 ____D C:\ProgramData\sdpc
2017-06-14 14:56 - 2017-06-14 14:56 - 00000000 ____D C:\ProgramData\sauo
2017-06-14 14:53 - 2017-06-14 14:53 - 00000000 ____D C:\ProgramData\s5t8
2017-06-14 14:47 - 2017-06-14 14:47 - 00000000 ____D C:\ProgramData\s6e0
2017-06-14 14:47 - 2017-06-14 14:47 - 00000000 ____D C:\ProgramData\s334
2017-06-14 14:40 - 2017-06-14 14:40 - 00000000 ____D C:\ProgramData\se9k
2017-06-14 14:40 - 2017-06-14 14:40 - 00000000 ____D C:\ProgramData\s98c
2017-06-14 14:39 - 2017-06-14 14:40 - 00000000 ____D C:\ProgramData\scic
2017-06-14 14:39 - 2017-06-14 14:39 - 10583640 _____ (AO Kaspersky Lab) C:\Users\Daniel_2\Downloads\GetSystemInfo6.2.exe
2017-06-14 14:38 - 2017-06-14 14:39 - 10414157 _____ C:\Users\Daniel_2\Downloads\GetSystemInfo6.2.zip
2017-06-14 13:30 - 2017-06-14 13:30 - 00002020 _____ C:\Users\Daniel_2\Desktop\6.8.2017 37748679  Compromised Computer Notification from Cox Communications - DNSChanger.txt
2017-06-14 13:26 - 2017-06-14 13:26 - 00300398 _____ C:\Users\Daniel_2\Desktop\cox-email.pdf
2017-06-14 13:00 - 2017-06-14 13:01 - 138309400 _____ (Microsoft Corporation) C:\Users\Daniel_2\Downloads\msert.exe
2017-06-14 12:39 - 2017-06-03 03:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 12:39 - 2017-06-03 03:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-14 12:39 - 2017-06-03 03:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 12:39 - 2017-06-03 02:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-14 12:39 - 2017-06-03 02:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-14 12:39 - 2017-06-03 02:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-14 12:39 - 2017-06-03 02:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-14 12:39 - 2017-06-03 02:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-06-14 12:39 - 2017-06-03 02:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-06-14 12:39 - 2017-06-03 02:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-14 12:39 - 2017-06-03 02:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-14 12:39 - 2017-06-03 02:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 12:39 - 2017-06-03 02:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 12:39 - 2017-06-03 02:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 12:39 - 2017-06-03 02:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 12:39 - 2017-06-03 02:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 12:39 - 2017-06-03 02:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 12:39 - 2017-06-03 02:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-06-14 12:39 - 2017-06-03 02:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 12:39 - 2017-06-03 02:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-14 12:39 - 2017-06-03 02:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-14 12:39 - 2017-06-03 02:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-14 12:39 - 2017-06-03 02:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll
2017-06-14 12:39 - 2017-06-03 02:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-06-14 12:39 - 2017-06-03 02:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll
2017-06-14 12:39 - 2017-06-03 02:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-06-14 12:39 - 2017-06-03 02:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-06-14 12:39 - 2017-06-03 02:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-14 12:39 - 2017-06-03 02:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-06-14 12:39 - 2017-06-03 02:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 12:39 - 2017-06-03 02:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 12:39 - 2017-06-03 02:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 12:39 - 2017-06-03 02:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll
2017-06-14 12:39 - 2017-06-03 02:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 12:39 - 2017-06-03 02:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-06-14 12:39 - 2017-06-03 02:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 12:39 - 2017-06-03 02:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-06-14 12:39 - 2017-06-03 02:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll
2017-06-14 12:39 - 2017-06-03 02:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 12:39 - 2017-06-03 02:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 12:39 - 2017-06-03 02:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 12:39 - 2017-06-03 02:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 12:39 - 2017-06-03 01:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 12:39 - 2017-06-03 01:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 12:39 - 2017-06-03 01:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 12:39 - 2017-06-03 01:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-06-14 12:39 - 2017-06-03 01:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 12:39 - 2017-03-03 23:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-06-14 12:39 - 2016-09-06 21:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-06-14 12:38 - 2017-06-03 03:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-14 12:38 - 2017-06-03 03:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-14 12:38 - 2017-06-03 03:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-14 12:38 - 2017-06-03 03:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 12:38 - 2017-06-03 03:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-14 12:38 - 2017-06-03 03:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 12:38 - 2017-06-03 03:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 12:38 - 2017-06-03 02:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-14 12:38 - 2017-06-03 02:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 12:38 - 2017-06-03 02:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 12:38 - 2017-06-03 02:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-14 12:38 - 2017-06-03 02:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 12:38 - 2017-06-03 02:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-14 12:38 - 2017-06-03 02:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-06-14 12:38 - 2017-06-03 02:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-14 12:38 - 2017-06-03 02:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2017-06-14 12:38 - 2017-06-03 02:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 12:38 - 2017-06-03 02:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 12:38 - 2017-06-03 02:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-06-14 12:38 - 2017-06-03 02:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-06-14 12:38 - 2017-06-03 02:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 12:38 - 2017-06-03 02:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-06-14 12:38 - 2017-06-03 02:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 12:38 - 2017-06-03 02:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 12:38 - 2017-06-03 02:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 12:38 - 2017-06-03 02:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-14 12:38 - 2017-06-03 02:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 12:38 - 2017-06-03 02:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 12:38 - 2017-06-03 02:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 12:38 - 2017-06-03 02:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 12:38 - 2017-06-03 02:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 12:38 - 2017-06-03 02:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 12:38 - 2017-06-03 02:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 12:38 - 2017-06-03 02:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 12:38 - 2017-06-03 02:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 12:38 - 2017-06-03 02:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 12:38 - 2017-06-03 02:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-06-14 12:38 - 2017-06-03 02:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-06-14 12:38 - 2017-06-03 02:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-14 12:38 - 2017-06-03 02:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll
2017-06-14 12:38 - 2017-06-03 02:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-06-14 12:38 - 2017-06-03 02:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll
2017-06-14 12:38 - 2017-06-03 02:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-06-14 12:38 - 2017-06-03 02:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 12:38 - 2017-06-03 02:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 12:38 - 2017-06-03 02:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-06-14 12:38 - 2017-06-03 02:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 12:38 - 2017-06-03 02:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-06-14 12:38 - 2017-06-03 02:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll
2017-06-14 12:38 - 2017-06-03 02:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 12:38 - 2017-06-03 02:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-14 12:38 - 2017-06-03 02:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 12:38 - 2017-06-03 02:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-06-14 12:38 - 2017-06-03 02:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-14 12:38 - 2017-06-03 02:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 12:38 - 2017-06-03 01:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-06-14 12:38 - 2017-06-03 01:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 12:38 - 2017-06-03 01:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-06-14 12:38 - 2017-06-03 01:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 12:38 - 2017-06-03 01:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-14 12:38 - 2017-06-03 01:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 12:38 - 2017-06-03 01:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-06-14 12:38 - 2017-06-03 01:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-14 12:38 - 2017-06-03 01:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-06-14 12:38 - 2017-06-03 01:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 12:38 - 2017-06-03 01:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 12:38 - 2017-06-03 01:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 12:38 - 2017-06-03 01:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 12:38 - 2017-06-03 01:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-14 12:38 - 2017-06-03 01:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 12:38 - 2017-06-03 01:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 12:38 - 2017-06-03 01:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll
2017-06-14 12:38 - 2017-06-03 01:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-14 12:38 - 2017-06-03 01:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 12:38 - 2017-06-03 01:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 12:38 - 2017-06-03 01:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 12:38 - 2017-06-02 23:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls
2017-06-14 12:38 - 2017-05-24 22:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-06-14 12:38 - 2017-03-03 23:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-06-14 12:38 - 2017-03-03 23:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-06-14 12:38 - 2017-03-03 23:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-06-14 12:37 - 2017-06-03 02:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-12 14:09 - 2017-06-12 14:09 - 64232976 _____ (Malwarebytes ) C:\Users\Daniel_2\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe
2017-06-12 11:07 - 2017-06-12 11:11 - 00000000 ____D C:\Users\Daniel_2\Desktop\2017-Pics
2017-06-12 09:56 - 2017-06-12 09:56 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-06-02 14:47 - 2017-06-02 14:48 - 00000000 ____D C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-05-30 15:04 - 2017-05-30 15:04 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-05-30 15:04 - 2017-05-30 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-05-30 15:03 - 2017-05-30 15:04 - 00000000 ____D C:\Program Files\iTunes
2017-05-30 15:03 - 2017-05-30 15:03 - 00000000 ____D C:\Program Files\iPod
2017-05-30 14:58 - 2017-05-30 14:58 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-05-30 14:57 - 2017-05-30 14:57 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-05-22 10:52 - 2017-05-22 10:52 - 04789838 _____ C:\Users\Daniel_2\Desktop\Pentair Partners.pdf
2017-05-22 10:48 - 2017-05-22 10:48 - 00390645 _____ C:\Users\Daniel_2\Desktop\Pool-Dorrado.pdf
2017-05-22 10:48 - 2017-05-22 10:48 - 00000000 ____D C:\Users\Daniel_2\AppData\LocalLow\Temp
2017-05-18 22:17 - 2017-05-18 22:17 - 00166288 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2017-05-18 22:17 - 2017-05-18 22:17 - 00131984 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus.sys
2017-05-17 14:25 - 2017-05-17 14:25 - 00247298 _____ C:\Users\Cheryl\Downloads\{4DC6E3F9-9288-47EB-B830-355D557C4FDD}.pdf
2017-05-17 14:24 - 2017-05-17 14:24 - 00088187 _____ C:\Users\Cheryl\Downloads\{158CEFFD-62FE-47B7-AC0A-4A951AA0C28C}.pdf
2017-05-17 14:24 - 2017-05-17 14:24 - 00076221 _____ C:\Users\Cheryl\Downloads\{BA677973-66F3-44DD-A536-F59D5A450C3E}.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-16 14:15 - 2012-02-21 12:02 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-06-16 13:41 - 2016-10-02 04:15 - 00000000 ____D C:\Users\Daniel
2017-06-16 13:29 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-16 10:35 - 2016-07-16 04:47 - 00000000 __RHD C:\Users\Public\Libraries
2017-06-16 10:31 - 2012-07-02 22:38 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-06-16 10:29 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-16 10:21 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF
2017-06-16 09:46 - 2015-12-16 20:19 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-15 22:55 - 2016-10-02 04:09 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-15 22:27 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-15 21:34 - 2017-04-21 09:56 - 00000000 ____D C:\Program Files\Common Files\AV
2017-06-15 21:24 - 2016-10-02 04:15 - 01377926 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-15 21:17 - 2016-10-02 04:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-15 21:16 - 2016-07-15 23:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-06-15 19:48 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\rescache
2017-06-15 19:02 - 2011-03-12 12:50 - 00000000 ____D C:\Users\Daniel\Desktop\New folder
2017-06-15 16:13 - 2016-07-16 04:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-15 15:44 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-15 14:11 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\registration
2017-06-15 13:28 - 2015-12-20 11:50 - 00000000 ____D C:\WINDOWS\pss
2017-06-15 11:48 - 2011-03-09 11:37 - 00000000 ____D C:\Users\Daniel\AppData\Local\ElevatedDiagnostics
2017-06-15 10:51 - 2015-02-25 14:29 - 00000000 __SHD C:\Users\Daniel\AppData\Local\EmieUserList
2017-06-15 10:51 - 2015-02-25 14:29 - 00000000 __SHD C:\Users\Daniel\AppData\Local\EmieSiteList
2017-06-15 10:04 - 2014-04-13 14:02 - 00000000 ____D C:\Users\Daniel_2\AppData\Roaming\Dropbox
2017-06-15 10:03 - 2015-06-29 14:34 - 00000000 ____D C:\Users\Daniel_2\AppData\Local\Dropbox
2017-06-15 09:58 - 2016-10-02 04:09 - 00223672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-15 09:56 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-15 09:56 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-15 09:56 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-15 09:49 - 2014-04-14 14:18 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-15 09:49 - 2014-04-14 14:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-14 14:59 - 2014-01-07 15:09 - 00001387 _____ C:\Users\Daniel_2\Desktop\Internet Explorer.lnk
2017-06-14 14:59 - 2012-02-29 12:27 - 00002519 _____ C:\Users\Daniel_2\Desktop\Google Chrome.lnk
2017-06-14 14:59 - 2011-02-17 11:03 - 00001383 _____ C:\Users\Daniel_2\Desktop\Internet Explorer (64-bit).lnk
2017-06-14 14:01 - 2014-04-14 15:57 - 00000000 ____D C:\Users\Daniel_2\Desktop\2014-Pics
2017-06-14 13:26 - 2013-08-19 14:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 13:18 - 2011-02-15 21:27 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 13:17 - 2014-04-14 14:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-14 12:48 - 2006-11-02 05:34 - 00000275 _____ C:\WINDOWS\win.ini
2017-06-14 12:42 - 2015-12-18 16:15 - 00002415 _____ C:\Users\Daniel_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-14 12:42 - 2015-12-18 16:15 - 00000000 ___RD C:\Users\Daniel_2\OneDrive
2017-06-14 11:50 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-14 11:50 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-12 13:11 - 2016-07-15 23:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-06-12 13:11 - 2011-02-15 10:13 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-06-12 10:35 - 2014-04-13 12:23 - 00000000 ____D C:\ProgramData\Samsung
2017-06-12 10:35 - 2014-04-13 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2017-06-12 10:35 - 2014-04-13 12:23 - 00000000 ____D C:\Program Files (x86)\Samsung
2017-06-12 10:35 - 2011-02-15 09:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-06-12 10:11 - 2014-04-13 12:48 - 00001973 _____ C:\Users\Public\Desktop\Samsung Kies 3.lnk
2017-06-12 10:08 - 2014-04-13 12:52 - 00000000 ____D C:\Program Files\SAMSUNG
2017-06-12 10:04 - 2014-04-13 12:48 - 00000000 ____D C:\Users\Daniel_2\Documents\SelfMV
2017-06-02 23:36 - 2016-07-16 04:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-02 23:36 - 2016-07-16 04:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-02 14:48 - 2012-12-22 12:55 - 00000000 ____D C:\Users\Cheryl\AppData\Roaming\Dropbox
2017-06-02 14:46 - 2015-06-24 17:53 - 00000000 ____D C:\Users\Cheryl\AppData\Local\Dropbox
2017-05-30 15:04 - 2011-07-20 09:47 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Apple Computer
2017-05-30 15:02 - 2011-07-13 09:47 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-05-30 14:57 - 2011-07-13 09:47 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-05-30 14:56 - 2012-12-30 18:32 - 00000000 ____D C:\Users\Daniel_2\Desktop\htc 12-30-12
2017-05-22 10:56 - 2012-02-29 12:27 - 00002527 _____ C:\Users\Daniel_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2011-03-12 12:37 - 2011-03-12 12:51 - 0000077 _____ () C:\Users\Daniel\AppData\Roaming\Rim.Desktop.Exception.log
2011-03-12 11:55 - 2011-07-01 08:14 - 0002021 _____ () C:\Users\Daniel\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-04-03 16:16 - 2011-01-04 09:26 - 0076407 _____ () C:\Users\Daniel\AppData\Roaming\Smiley.ico
2011-03-12 12:38 - 2011-03-12 12:38 - 0003584 _____ () C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-02-16 09:17 - 2011-02-18 11:27 - 0021315 _____ () C:\Users\Daniel\AppData\Local\HWVendorDetection.log
2012-07-09 15:03 - 2016-07-29 13:20 - 0009456 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
2017-06-12 10:06 - 2017-06-12 10:17 - 0066048 _____ () C:\Users\Daniel\AppData\Local\Temp\Execute2App.exe
2017-06-12 10:17 - 2017-06-12 10:17 - 0331264 _____ (TODO: <회사 이름>) C:\Users\Daniel\AppData\Local\Temp\Kies3RemoveAll.exe
2017-06-12 10:06 - 2014-05-07 17:43 - 0568832 _____ (Microsoft Corporation) C:\Users\Daniel\AppData\Local\Temp\msvcp90.dll
2017-06-12 10:06 - 2014-05-07 17:43 - 0655872 _____ (Microsoft Corporation) C:\Users\Daniel\AppData\Local\Temp\msvcr90.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-16 10:00
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01
Ran by Daniel (16-06-2017 14:30:32)
Running from C:\Users\Daniel\AppData\Local\Microsoft\Windows\INetCache\IE\UIOH6R5P
Windows 10 Home Version 1607 (X64) (2016-10-02 11:46:47)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1459875843-3859104557-3610610433-500 - Administrator - Disabled)
Cheryl (S-1-5-21-1459875843-3859104557-3610610433-1002 - Limited - Enabled) => C:\Users\Cheryl
Daniel (S-1-5-21-1459875843-3859104557-3610610433-1000 - Administrator - Enabled) => C:\Users\Daniel
Daniel_2 (S-1-5-21-1459875843-3859104557-3610610433-1001 - Limited - Enabled) => C:\Users\Daniel_2
DefaultAccount (S-1-5-21-1459875843-3859104557-3610610433-503 - Limited - Disabled)
Guest (S-1-5-21-1459875843-3859104557-3610610433-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.118 - Adobe Systems Incorporated)
Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.103 - NOS Microsystems Ltd.)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.126 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.20) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated)
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C4200 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
c4200_Help (x32 Version: 82.0.210.000 - Hewlett-Packard) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.3.11069.2 - Cisco Consumer Products LLC)
Cisco Network Magic (x32 Version: 5.5.09195.0 - Pure Networks) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart C4200 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{276C40A7-8110-4976-80D2-39C669B84D32}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{39C8BE76-CF6A-466F-8618-0B52CC4CA0FC}) (Version: 8.3.27.17 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.5.26.37 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 13.5 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Java 7 Update 13 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217013FF}) (Version: 7.0.130 - Oracle)
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
KB0817 Keyboard Driver (HKLM-x32\...\{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}) (Version: 1.30.0000 - Gateway)
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Office Basic Edition 2003 (HKLM-x32\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\MyFreeCodec) (Version:  - )
Network Magic (HKLM-x32\...\Network MagicUninstall) (Version: 5.5.9195.0 - Cisco Systems, Inc.)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
PS_AIO_Software_min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
Pure Networks Platform (x32 Version: 11.2.09195.1 - Pure Networks) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => No File
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => No File
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => No File
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00CEAAFB-AEC9-4978-976A-586E6563D59B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-07-04] (HP Inc.)
Task: {02213FD6-60D8-457B-89F3-A60AC7442549} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {03B6334A-6BE5-4E4F-867B-5679ADDA8083} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {09F2325D-59CB-464B-BE25-3685ABA4DF9D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {172722BA-B6B5-431B-844E-44E5E737C28C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {1C979D42-756E-497B-B2BC-D350FCF4B784} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {29BB3931-56E9-40CF-AB95-0B259ADDC873} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1001Core => C:\Users\Daniel_2\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {2E790289-858D-4F2D-ADDE-1A748A39A106} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {2FF3C4C7-EB54-45B3-8B32-BC8404481209} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {31D87257-9357-41F2-A4B7-87EA9F2C5546} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {34001681-BBF0-478A-85F5-48E5B7B5CF95} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3615A49D-A61A-45BC-A592-712EE2559A57} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {377A66EC-7279-4521-87CE-891048DE0B14} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {388F9F29-88F1-4D75-9D92-2D4647ECAB84} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3CE9EB16-0B12-42A6-9A2F-9A5C5A502097} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {3D3D461E-7C93-4176-A48F-D024C8515929} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3E2C178C-11F7-4DE2-8A47-186BD961B494} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {3E8F5E01-DBAC-4DB5-83FD-BA8525468515} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {455ED4FC-2A18-4297-B7E5-2658D5F092D4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {46B43F4E-8A35-477A-96EF-7BFBD8072C00} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {4C07A74D-1C39-4BEC-A48A-DA3F179196D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.)
Task: {50A93176-A9EB-4C6F-9345-2BF1C352FAA4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {52DC586D-B8BD-48F3-BE92-C7AB25FAC819} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1001UA1d262d764b28348 => C:\Users\Daniel_2\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {544CA68F-9B0F-4DFA-BBE6-FDAA42BA3DA4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1002UA => C:\Users\Cheryl\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {5746F87C-CD37-499B-9457-6CA7B5488BA6} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {58483233-A679-4CFD-A4E1-9B4DAD1F9383} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {6B151AC9-0CB6-4ABB-961D-6A6051590871} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1002UA1d2596bbeb2fe6e => C:\Users\Cheryl\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {6C6FF72E-C7D3-424A-96AF-1211E845DB0B} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6D93B13B-158F-4E19-B2A0-11F9A9CFC01E} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {6E274A6E-8A3E-469C-A81D-4D056C43FB7A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-10] (Adobe Systems Incorporated)
Task: {6F7580F4-D954-4223-97E7-C3C13B5955F3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\WINDOWS\system32\gatherWiredInfo.vbs
Task: {73E98F4D-8F11-4293-B224-886A86279B1B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {743FC4C8-94EB-45CD-AB21-EC24271C0BD0} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Cheryl\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {744AE0B4-EFAA-4AC8-951C-A10E6D7B1399} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {76AF196A-28CB-427F-98AF-0A105CFE123F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1002Core1d2596bbe85b1c1 => C:\Users\Cheryl\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {7A31E640-84AB-4EDF-B16E-2F6881843424} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7F04D7D6-226F-4593-94C5-CC3FD2954F51} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {83CF1578-64B1-4086-B435-899720E2325E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1002Core => C:\Users\Cheryl\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {83EFBE05-1046-449F-BC39-75E0AE5A19F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-07-04] (HP Inc.)
Task: {8481A720-1CAC-499B-B272-EA9DA3D1C8D0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8A7E9D2D-0AA5-4D06-9CEA-D2341C74CBCD} - System32\Tasks\MHotkey => C:\WINDOWS\MHotKey.exe [2008-05-30] ()
Task: {8BF70707-B77D-41AF-A62F-80C6CDAB6435} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1002UA1d2395428366d1 => C:\Users\Cheryl\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.)
Task: {934781AC-7AED-4309-8336-2A3FA8DFD2C2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {94F5741F-D978-4666-9B25-86CB0B648C2E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.)
Task: {99118D40-261A-47CC-AD19-03505BBEA8E2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {9917A237-AE31-468D-92F6-EED3A47EAC05} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {99764903-67FC-4E31-A6B6-0255EBDEAA4F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B0B90252-AED1-4AB3-AD4C-DE211ABC46AA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B5E58CB6-F542-40D5-9B6F-AD2B9F1F6646} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2016-07-04] (HP Inc.)
Task: {B79DB5D9-4017-4FEC-A7AA-7839A649F209} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab)
Task: {BCA81336-74CB-4555-AB2F-21435F0AAE0D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BDD396F9-81BC-44F0-A65E-B16B570859DF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1001Core1d262d76485369e => C:\Users\Daniel_2\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {C11A29F8-DC60-4968-BF44-7A4EF27D82E9} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C3AB2B7C-6539-4425-AF65-ED697E5B870A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1002Core1d2395425711ca => C:\Users\Cheryl\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.)
Task: {CBF7A2CB-005A-47D7-9673-D8E13AB4515A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CDC2AB77-412A-44C9-9934-3B7F3CE9B273} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1001UA1d24e41137fa61c => C:\Users\Daniel_2\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-12-04] (Dropbox, Inc.)
Task: {DB43E39A-2B74-4E73-9DB0-A9DAF0700141} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E09469F7-2445-4EB2-A214-2C160EB57A76} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1001Core1d24e4112aa0d1e => C:\Users\Daniel_2\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-12-04] (Dropbox, Inc.)
Task: {E0D62EF0-0796-4D0F-8192-141CF2EDFDCD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E6B20F2A-B2D8-4E9B-B3D1-0BDC568CB6AF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {E8737731-5173-4D77-8202-2683497C7724} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1001UA => C:\Users\Daniel_2\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\WINDOWS\system32\gatherWirelessInfo.vbs
Task: {F0268BDF-3911-4196-9D4F-E864FEBCD24C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F308ACFE-22E8-4EFB-A299-072270A4DB59} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {F6B6CF55-FC3E-4783-8930-EEB410DFE153} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F7110351-8DE2-4153-9420-0BED6DEA87C4} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F7159B2E-FB79-4F0A-BDAF-CF60832A2FE6} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F989708B-D73D-4BA9-AC9B-D36449D63F93} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FA9C59DC-9D4C-4916-87E4-9192558CC846} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {FC1F4D7C-521F-4089-9BC6-FAAA0185BA2C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-06-16] (Safer-Networking Ltd.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1001Core1d24e4112aa0d1e.job => C:\Users\Daniel_2\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1001UA1d24e41137fa61c.job => C:\Users\Daniel_2\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1002Core1d2395425711ca.job => C:\Users\Cheryl\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1002UA1d2395428366d1.job => C:\Users\Cheryl\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1001Core.job => C:\Users\Daniel_2\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1001UA.job => C:\Users\Daniel_2\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1002Core.job => C:\Users\Cheryl\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1002UA.job => C:\Users\Cheryl\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-05-09 00:44 - 2017-05-09 00:44 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-06-15 19:26 - 2017-05-25 14:11 - 02270664 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-07-16 04:42 - 2016-07-16 04:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-06-14 12:38 - 2017-06-03 03:01 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2011-02-21 16:06 - 2008-05-30 10:50 - 00581120 _____ () C:\WINDOWS\MHotKey.exe
2017-06-16 09:49 - 2017-06-16 09:49 - 00959168 _____ () C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll
2016-10-02 05:01 - 2016-10-02 05:01 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 19:00 - 2017-03-03 23:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 19:01 - 2017-03-03 23:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 19:01 - 2017-03-03 23:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 19:01 - 2017-03-03 23:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-06-14 12:38 - 2017-06-03 01:47 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-06-14 12:38 - 2017-06-03 01:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-06-14 12:38 - 2017-06-03 01:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 00092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 01354040 _____ () C:\Program Files\iTunes\libxml2.dll
2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\kpcengine.2.3.dll
2017-06-15 19:54 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-06-15 19:54 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-06-15 19:54 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-06-15 19:54 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-06-16 09:48 - 2017-06-16 09:48 - 00679624 _____ () C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\ClientTelemetry.dll
2009-07-13 17:37 - 2009-07-13 17:37 - 00152112 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
2009-07-13 17:37 - 2009-07-13 17:37 - 00098304 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Daniel_2\Desktop\vr4qph.jpg:com.dropbox.attributes [322]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7936 more sites.
 
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\123simsen.com -> www.123simsen.com
 
There are 7937 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 05:34 - 2017-06-15 21:39 - 00454552 ____R C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123moviedownload.com
127.0.0.1 123moviedownload.com
 
There are 15600 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel\AppData\Local\Microsoft\Windows\Themes\img6.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{802E1D9D-6DC8-4A5F-A996-5CD679BED14F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{244529DB-60CB-4042-8C8E-DE606F7FC383}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0316495F-2E52-49DA-89D2-BE2D96A9134F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9ECFF359-583C-48AC-A921-6E071F106DDD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{E179896F-D3B7-4CCD-8359-65BD2A3CA3D9}C:\users\cheryl\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\cheryl\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{4C7FEB1A-C735-4BFD-82EB-94C91128CE95}C:\users\cheryl\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\cheryl\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{B3AE1F0F-A840-4C44-9342-59313776958C}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{4ED76042-82F9-4B66-817C-70BC1A3382ED}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{1C0CAB25-5559-4DBF-B777-7C91A55350C9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{3340EBA9-241B-4223-AAB8-F555C2192552}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{C5497E31-CF10-4CEF-8433-72788D90576A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{4C982D6E-92D4-4D02-81F5-D7CD9198C38B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{A8A4BA28-7BF6-4E33-8B7D-51E2623DD129}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{6E729FE0-7608-4549-BF26-A7F2E99DA6B3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{EB2C4D7E-143B-4C05-8837-6B46C8A5C01D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{74A5ECFB-433B-420B-B3A8-981A054CB117}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{FB9D6429-77E3-4AD8-9C81-D9C3F88AD5FC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{E5EC9155-F8E3-4E79-9F99-7E7A469425D6}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{3A0EE91C-427A-4D73-A66C-BE8618C3E2F4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{DD4AC37F-75DE-4C7A-95FA-72B904592BED}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{C76B3975-F8D2-4BE3-AFAE-086A7E1DAEC3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{2FA49990-4014-4DEE-B329-A60FE05C4638}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{0C400A04-DFC5-466E-A9A5-AA2BE721C2B3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{4549F95D-D73C-4FB5-AEF8-BB200493F7CA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{DADDFAC8-9E23-4E11-81C7-B05C7B5BC704}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{44177B5E-80AA-49EF-B4E6-CC939DA8E3FE}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{C486FE1E-F66C-464C-AC78-8677EE3F8E6D}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{3D367012-E0D6-463E-B466-5847A2A0E1A0}] => (Allow) C:\Users\Cheryl\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9DF61F9C-01EB-41D8-BE13-66DABCAC6EE9}] => (Allow) C:\Users\Cheryl\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{AEA13169-B8C0-411A-89AA-30F78C73DD0A}] => (Allow) C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{DD4CC8A9-7CB3-4B19-B660-0BF0D932B848}] => (Allow) C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FAA5A98F-94C3-43A8-AA23-4163228E8A74}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{785EB0A1-88BA-4412-94B1-12FB6EAAED0E}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{7D7BACBB-CB42-443A-A88A-3B004543F426}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{2F06E08F-69B0-4712-9FF5-22265B87FD63}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
FirewallRules: [{0038FCF1-1B01-472C-8520-C6B958D70E55}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
30-05-2017 14:50:48 Windows Update
06-06-2017 18:13:11 Scheduled Checkpoint
12-06-2017 11:06:17 Windows Update
15-06-2017 16:05:48 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/16/2017 01:26:51 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWinLogon.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWinLogon.dll" on line 2.
The manifest file root element must be assembly.
 
Error: (06/16/2017 01:26:51 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\Tools.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\Tools.dll" on line 2.
The manifest file root element must be assembly.
 
Error: (06/16/2017 01:26:51 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Windows\System32\sdnclean64.exe".Error in manifest or policy file "C:\Windows\System32\sdnclean64.exe" on line 2.
The manifest file root element must be assembly.
 
Error: (06/16/2017 01:26:51 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDResources.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDResources.dll" on line 2.
The manifest file root element must be assembly.
 
Error: (06/16/2017 01:26:51 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScanLibrary.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScanLibrary.dll" on line 2.
The manifest file root element must be assembly.
 
Error: (06/16/2017 01:26:51 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTasks.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTasks.dll" on line 2.
The manifest file root element must be assembly.
 
Error: (06/16/2017 01:26:50 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLists.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLists.dll" on line 2.
The manifest file root element must be assembly.
 
Error: (06/16/2017 01:26:50 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys" on line 2.
The manifest file root element must be assembly.
 
Error: (06/16/2017 01:26:50 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunizeLibrary.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunizeLibrary.dll" on line 2.
The manifest file root element must be assembly.
 
Error: (06/16/2017 01:26:50 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv32.sys".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv32.sys" on line 2.
The manifest file root element must be assembly.
 
 
System errors:
=============
Error: (06/16/2017 02:15:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/16/2017 01:24:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/16/2017 10:33:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error: 
A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (06/16/2017 10:31:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error: 
A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (06/16/2017 10:31:16 AM) (Source: DCOM) (EventID: 10016) (User: Daniel-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Daniel-PC\Daniel SID (S-1-5-21-1459875843-3859104557-3610610433-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/16/2017 10:02:07 AM) (Source: DCOM) (EventID: 10016) (User: Daniel-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{9E175B6D-F52A-11D8-B9A5-505054503030}
 and APPID 
{9E175B9C-F52A-11D8-B9A5-505054503030}
 to the user Daniel-PC\Daniel SID (S-1-5-21-1459875843-3859104557-3610610433-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/16/2017 09:46:44 AM) (Source: DCOM) (EventID: 10016) (User: Daniel-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{260EB9DE-5CBE-4BFF-A99A-3710AF55BF1E}
 and APPID 
{260EB9DE-5CBE-4BFF-A99A-3710AF55BF1E}
 to the user Daniel-PC\Daniel SID (S-1-5-21-1459875843-3859104557-3610610433-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.14393.1358_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/16/2017 09:45:43 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/15/2017 09:31:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/15/2017 09:17:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SDWSCService service failed to start due to the following error: 
A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
 
CodeIntegrity:
===================================
  Date: 2017-06-16 14:29:25.715
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-06-16 14:29:25.712
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-06-16 14:29:25.678
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-06-16 14:29:25.674
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-06-16 13:26:51.191
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-06-16 10:37:52.690
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-06-16 10:35:25.668
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-06-16 10:34:19.763
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-06-16 10:33:42.873
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-06-16 10:31:19.516
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 52%
Total physical RAM: 4061.17 MB
Available physical RAM: 1938.57 MB
Total Virtual: 8157.17 MB
Available Virtual: 5647.59 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:595.73 GB) (Free:512.05 GB) NTFS ==>[drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 68AC7C90)
Partition 1: (Active) - (Size=595.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================
 

  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,624 posts
  • MVP

I don't see anything active but you do have Spybot S&D which is not really good for Win 10.  (Actually it hasn't been good since Win 2000).  Please uninstall it and have it remove any immunizations. 

Also remove Java 7 Update 13 

Hardly any sites require Java so best not to reinstall the latest version unless you know you need it.

 

You do have some odd folders so let's look at them.  Also there is a file in Temp that looks dangerous. 

 

 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   514bytes   58 downloads
 
Run FRST and press Fix
A fix log will be generated please post that 
 
 
Run FRST again (after removing Spybot & Java) as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 

  • 0

#6
Javamonkey

Javamonkey

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts

Here are the reports you had requested.  I am still getting weird activity on my network like the linkLinuxclient,Full Ford and Samsung-TV popping up.

 

 

 

 

 Fix result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01

Ran by Daniel (17-06-2017 10:44:48) Run:1
Running from C:\Users\Daniel\Downloads
Loaded Profiles: Daniel & Daniel_2 (Available Profiles: Daniel & Daniel_2 & Cheryl & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CMD: dir /a C:\WINDOWS\UpdateAssistantV2
CMD: dir /a C:\ProgramData\s12s
C:\Users\Daniel\AppData\Local\Temp\Execute2App.exe
C:\Users\Daniel\AppData\Local\Temp\Kies3RemoveAll.exe
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
 
*****************
 
 
========= dir /a C:\WINDOWS\UpdateAssistantV2 =========
 
 Volume in drive C has no label.
 Volume Serial Number is 786E-10C9
 
 Directory of C:\WINDOWS\UpdateAssistantV2
 
06/15/2017  09:56 AM    <DIR>          .
06/15/2017  09:56 AM    <DIR>          ..
05/24/2017  07:15 PM         6,394,488 Windows10Upgrade.exe
               1 File(s)      6,394,488 bytes
               2 Dir(s)  546,414,546,944 bytes free
 
========= End of CMD: =========
 
 
========= dir /a C:\ProgramData\s12s =========
 
 Volume in drive C has no label.
 Volume Serial Number is 786E-10C9
 
 Directory of C:\ProgramData\s12s
 
06/14/2017  04:01 PM    <DIR>          .
06/14/2017  04:01 PM    <DIR>          ..
               0 File(s)              0 bytes
               2 Dir(s)  546,414,485,504 bytes free
 
========= End of CMD: =========
 
C:\Users\Daniel\AppData\Local\Temp\Execute2App.exe => moved successfully
C:\Users\Daniel\AppData\Local\Temp\Kies3RemoveAll.exe => moved successfully
 
========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========
 
Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
 
========= End of CMD: =========
 
 
==== End of Fixlog 10:46:54 ====
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2017 01
Ran by Daniel (administrator) on DANIEL-PC (17-06-2017 10:49:45)
Running from C:\Users\Daniel\Downloads
Loaded Profiles: Daniel & Daniel_2 (Available Profiles: Daniel & Daniel_2 & Cheryl & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Dropbox, Inc.) C:\Users\Daniel_2\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
(Creative) C:\Windows\CNYHKey.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
() C:\Windows\mHotkey.exe
(Chicony) C:\Windows\ModLEDKey.exe
(Chicony) C:\Windows\ChiFuncExt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Windows\mHotkey.exe
(Chicony) C:\Windows\ChiFuncExt.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
(Creative) C:\Windows\CNYHKey.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Chicony) C:\Windows\ModLEDKey.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [nmctxth] => C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [647216 2009-07-07] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [nmapp] => C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe [472112 2009-07-08] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [LchDrvKey] => C:\WINDOWS\LchDrvKey.exe [36864 2007-03-28] ()
HKLM-x32\...\Run: [LedKey] => C:\WINDOWS\CNYHKey.exe [339968 2008-04-23] (Creative)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-05-09] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\Run: [ISUSPM] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [205480 2007-08-30] (Macrovision Corporation)
HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [572416 2017-03-03] (Microsoft Corporation)
HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\Run: [ISUSPM] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [205480 2007-08-30] (Macrovision Corporation)
HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\Run: [Google Update] => C:\Users\Daniel_2\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-05-15] (Google Inc.)
HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\Run: [Dropbox Update] => C:\Users\Daniel_2\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-04] (Dropbox, Inc.)
HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\RunOnce: [Uninstall C:\Users\Daniel_2\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Daniel_2\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\MountPoints2: D - "D:\Setup.exe" 
HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [572416 2017-03-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-07-29]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-06-02]
ShortcutTarget: Dropbox.lnk -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Daniel_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-03-27]
ShortcutTarget: Dropbox.lnk -> C:\Users\Daniel\AppData\Roaming\Dropbox\OldBinaries\bin_qw0zby\bin\Dropbox.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{aeac262f-8c32-4555-b2ac-17f41d8c5fea}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{cfbeb970-56f7-4545-84e6-812b68fdfd2f}: [DhcpNameServer] 8.8.8.8 8.8.4.4
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001 -> {2F2D4505-ABF5-4347-BF3E-BFF5F902BA88} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-04-21] (AO Kaspersky Lab)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-11] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2017-04-21] (AO Kaspersky Lab)
BHO-x32: No Name -> {53707962-6F74-2D53-2644-206D7942484F} -> No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-11] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-11] (Google Inc.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-04-21] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-11] (Google Inc.)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2017-04-21] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001 -> No Name - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} -  No File
Toolbar: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001 -> No Name - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} hxxp://nmreports.linksys.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll [2009-07-14] (Cisco Systems, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll [2009-07-14] (Cisco Systems, Inc.)
 
FireFox:
========
FF Extension: (Kaspersky URL Advisor) - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2012-02-21] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012-02-21] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-04-21]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_126.dll [2017-06-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_126.dll [2017-06-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-12-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @nosltd.com/getPlus+®,version=1.6.2.103 -> C:\Program Files (x86)\NOS\bin\np_gp.dll [2011-05-25] (NOS Microsystems Ltd.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1459875843-3859104557-3610610433-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Daniel_2\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-1459875843-3859104557-3610610433-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Daniel_2\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-15] (Google Inc.)
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
StartMenuInternet: Google Chrome - C:\Users\Daniel_2\AppData\Local\Google\Chrome\Application\chrome.exe
StartMenuInternet: Google Chrome.Cheryl - C:\Users\Cheryl\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [53248 2011-05-25] (NOS Microsystems Ltd.)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R0 CSCrySec; C:\WINDOWS\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\WINDOWS\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-05-25] ()
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [197336 2017-04-21] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [520176 2017-04-21] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [168736 2017-06-15] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1018592 2017-04-21] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2017-04-21] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [229288 2017-04-29] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2017-04-21] (AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [251656 2017-04-29] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [112912 2017-04-29] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [173144 2017-04-29] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [136416 2017-04-21] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199392 2017-04-21] (AO Kaspersky Lab)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188312 2017-06-15] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-06-15] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [44960 2017-06-15] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-15] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-06-16] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 RimVSerPort; C:\WINDOWS\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-17 10:49 - 2017-06-17 10:50 - 00023342 _____ C:\Users\Daniel\Downloads\FRST.txt
2017-06-17 10:44 - 2017-06-17 10:46 - 00001951 _____ C:\Users\Daniel\Downloads\Fixlog.txt
2017-06-16 17:33 - 2017-06-16 17:33 - 00000085 _____ C:\WINDOWS\wininit.ini
2017-06-16 17:32 - 2017-06-16 14:46 - 00454610 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20170616-173210.backup
2017-06-16 14:46 - 2017-06-15 21:39 - 00454552 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20170616-144616.backup
2017-06-16 10:16 - 2017-06-17 10:49 - 00000000 ____D C:\FRST
2017-06-16 10:10 - 2017-06-16 10:11 - 02438656 _____ (Farbar) C:\Users\Daniel\Downloads\FRST64.exe
2017-06-16 10:07 - 2017-06-16 10:07 - 00000000 ____D C:\Users\Daniel\AppData\Local\Comms
2017-06-16 10:02 - 2017-06-16 10:02 - 00000000 ____D C:\Users\Daniel\AppData\Local\MicrosoftEdge
2017-06-16 10:00 - 2017-06-16 10:00 - 00000000 ____D C:\WINDOWS\Panther
2017-06-16 09:49 - 2017-06-16 09:49 - 00002409 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-16 09:49 - 2017-06-16 09:49 - 00000000 ___RD C:\Users\Daniel\OneDrive
2017-06-16 09:46 - 2017-06-16 10:31 - 00000000 ____D C:\Users\Daniel\AppData\Local\Packages
2017-06-16 09:46 - 2017-06-16 09:46 - 00000000 ____D C:\Users\Daniel\AppData\Local\Publishers
2017-06-16 09:45 - 2017-06-16 13:25 - 00000000 ____D C:\Users\Daniel\AppData\Local\ConnectedDevicesPlatform
2017-06-16 09:45 - 2017-06-16 09:45 - 00000000 ____D C:\Users\Daniel\AppData\Local\TileDataLayer
2017-06-15 21:39 - 2015-02-25 14:31 - 00450713 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20170615-213957.backup
2017-06-15 21:34 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-06-15 19:54 - 2017-06-16 17:33 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-06-15 19:54 - 2017-06-15 19:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-06-15 19:52 - 2017-06-15 19:53 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Daniel_2\Downloads\spybot-2.4.exe
2017-06-15 19:27 - 2017-06-16 10:04 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-06-15 19:27 - 2017-06-15 21:18 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-06-15 19:27 - 2017-06-15 21:18 - 00044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-06-15 19:27 - 2017-06-15 21:17 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-15 19:27 - 2017-06-15 19:27 - 00188312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-06-15 19:26 - 2017-06-15 19:26 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-15 19:26 - 2017-06-15 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-15 19:26 - 2017-06-15 19:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-15 19:26 - 2017-06-15 19:26 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-15 19:26 - 2017-05-25 11:58 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-06-15 19:23 - 2017-06-15 19:23 - 04577221 _____ C:\Users\Daniel_2\Desktop\GSI6_DANIEL-PC_Daniel_06_15_2017_19_12_58.zip
2017-06-15 19:23 - 2017-06-15 19:23 - 00000000 ____D C:\ProgramData\s6vs
2017-06-15 19:18 - 2017-06-15 19:18 - 00000000 ____D C:\ProgramData\s70
2017-06-15 19:18 - 2017-06-15 19:18 - 00000000 ____D C:\ProgramData\s6ts
2017-06-15 19:12 - 2017-06-15 19:12 - 00000000 ____D C:\ProgramData\s95c
2017-06-15 19:12 - 2017-06-15 19:12 - 00000000 ____D C:\ProgramData\s90c
2017-06-15 19:12 - 2017-06-15 19:12 - 00000000 ____D C:\ProgramData\s46c
2017-06-15 19:01 - 2017-06-15 19:01 - 04560291 _____ C:\Users\Daniel\Desktop\GSI6_DANIEL-PC_Daniel_06_15_2017_18_52_42.zip
2017-06-15 19:01 - 2017-06-15 19:01 - 00000000 ____D C:\ProgramData\s8e4
2017-06-15 18:55 - 2017-06-15 18:55 - 00000000 ____D C:\ProgramData\s92s
2017-06-15 18:55 - 2017-06-15 18:55 - 00000000 ____D C:\ProgramData\s7t4
2017-06-15 18:52 - 2017-06-15 18:52 - 00000000 ____D C:\ProgramData\s6pk
2017-06-15 18:52 - 2017-06-15 18:52 - 00000000 ____D C:\ProgramData\s3v0
2017-06-15 18:52 - 2017-06-15 18:52 - 00000000 ____D C:\ProgramData\s1no
2017-06-15 18:50 - 2017-06-15 18:50 - 00000000 ____D C:\ProgramData\s6vk
2017-06-15 18:50 - 2017-06-15 18:50 - 00000000 ____D C:\ProgramData\s5rs
2017-06-15 18:50 - 2017-06-15 18:50 - 00000000 ____D C:\ProgramData\s1is
2017-06-15 18:45 - 2017-06-15 18:45 - 10414157 _____ C:\Users\Daniel_2\Downloads\GetSystemInfo6.2 (2).zip
2017-06-15 18:44 - 2017-06-15 18:45 - 10414157 _____ C:\Users\Daniel_2\Downloads\GetSystemInfo6.2 (1).zip
2017-06-15 16:54 - 2017-06-15 16:55 - 64232976 _____ (Malwarebytes ) C:\Users\Daniel_2\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092 (1).exe
2017-06-15 16:25 - 2017-06-15 16:28 - 138831128 _____ (Microsoft Corporation) C:\Users\Daniel_2\Downloads\msert (1).exe
2017-06-15 16:08 - 2017-04-21 14:53 - 00029376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2017-06-15 16:08 - 2017-04-21 14:53 - 00018600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2017-06-15 16:08 - 2017-04-21 14:50 - 00030912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2017-06-15 16:08 - 2017-04-21 14:50 - 00018592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2017-06-15 16:08 - 2017-04-11 11:27 - 00993632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2017-06-15 16:08 - 2017-04-11 11:27 - 00690008 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2017-06-15 16:08 - 2017-03-15 11:15 - 00987840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2017-06-15 16:08 - 2017-03-15 11:15 - 00485576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2017-06-15 13:16 - 2017-06-15 13:16 - 00000468 _____ C:\Users\Daniel_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mpam-fex64.lnk
2017-06-15 12:20 - 2017-06-15 12:21 - 00892944 _____ (Microsoft Corporation) C:\Users\Daniel_2\Downloads\mssstool64 (2).exe
2017-06-15 12:06 - 2017-06-15 12:06 - 00892944 _____ (Microsoft Corporation) C:\Users\Daniel_2\Downloads\mssstool64 (1).exe
2017-06-15 12:05 - 2017-06-15 12:05 - 00892944 _____ (Microsoft Corporation) C:\Users\Daniel_2\Downloads\mssstool64.exe
2017-06-15 10:51 - 2017-06-16 16:20 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B53B559B-0217-4370-8E56-2C2F05E20BEF}
2017-06-15 10:15 - 2017-06-15 21:33 - 00003240 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-06-15 10:03 - 2017-06-15 10:03 - 00000000 ____D C:\Users\Daniel_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-06-15 09:56 - 2017-06-15 09:56 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-06-14 16:01 - 2017-06-14 16:01 - 00000000 ____D C:\ProgramData\s12s
2017-06-14 15:54 - 2017-06-14 15:55 - 02923656 _____ C:\Users\Daniel_2\Downloads\GetSystemInfo5.2.zip
2017-06-14 15:28 - 2017-06-14 15:28 - 00000000 ____D C:\ProgramData\s5p0
2017-06-14 15:23 - 2017-06-14 15:23 - 00000000 ____D C:\ProgramData\sk4
2017-06-14 15:23 - 2017-06-14 15:23 - 00000000 ____D C:\ProgramData\s7rk
2017-06-14 15:20 - 2017-06-14 15:20 - 10583640 _____ (AO Kaspersky Lab) C:\Users\Daniel_2\Downloads\GetSystemInfo6.2 (1).exe
2017-06-14 15:20 - 2017-06-14 15:20 - 00000000 ____D C:\ProgramData\sd4o
2017-06-14 15:20 - 2017-06-14 15:20 - 00000000 ____D C:\ProgramData\s9f8
2017-06-14 15:20 - 2017-06-14 15:20 - 00000000 ____D C:\ProgramData\s6r8
2017-06-14 15:16 - 2017-06-15 19:28 - 00000000 ____D C:\Users\Daniel_2\Desktop\New folder
2017-06-14 15:02 - 2017-06-14 15:02 - 00000000 ____D C:\ProgramData\sdg8
2017-06-14 14:56 - 2017-06-14 14:56 - 00000000 ____D C:\ProgramData\sdpc
2017-06-14 14:56 - 2017-06-14 14:56 - 00000000 ____D C:\ProgramData\sauo
2017-06-14 14:53 - 2017-06-14 14:53 - 00000000 ____D C:\ProgramData\s5t8
2017-06-14 14:47 - 2017-06-14 14:47 - 00000000 ____D C:\ProgramData\s6e0
2017-06-14 14:47 - 2017-06-14 14:47 - 00000000 ____D C:\ProgramData\s334
2017-06-14 14:40 - 2017-06-14 14:40 - 00000000 ____D C:\ProgramData\se9k
2017-06-14 14:40 - 2017-06-14 14:40 - 00000000 ____D C:\ProgramData\s98c
2017-06-14 14:39 - 2017-06-14 14:40 - 00000000 ____D C:\ProgramData\scic
2017-06-14 14:39 - 2017-06-14 14:39 - 10583640 _____ (AO Kaspersky Lab) C:\Users\Daniel_2\Downloads\GetSystemInfo6.2.exe
2017-06-14 14:38 - 2017-06-14 14:39 - 10414157 _____ C:\Users\Daniel_2\Downloads\GetSystemInfo6.2.zip
2017-06-14 13:30 - 2017-06-14 13:30 - 00002020 _____ C:\Users\Daniel_2\Desktop\6.8.2017 37748679  Compromised Computer Notification from Cox Communications - DNSChanger.txt
2017-06-14 13:26 - 2017-06-14 13:26 - 00300398 _____ C:\Users\Daniel_2\Desktop\cox-email.pdf
2017-06-14 13:00 - 2017-06-14 13:01 - 138309400 _____ (Microsoft Corporation) C:\Users\Daniel_2\Downloads\msert.exe
2017-06-14 12:39 - 2017-06-03 03:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 12:39 - 2017-06-03 03:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-14 12:39 - 2017-06-03 03:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 12:39 - 2017-06-03 02:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-14 12:39 - 2017-06-03 02:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-14 12:39 - 2017-06-03 02:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-14 12:39 - 2017-06-03 02:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-14 12:39 - 2017-06-03 02:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-06-14 12:39 - 2017-06-03 02:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-06-14 12:39 - 2017-06-03 02:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-14 12:39 - 2017-06-03 02:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-14 12:39 - 2017-06-03 02:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 12:39 - 2017-06-03 02:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 12:39 - 2017-06-03 02:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 12:39 - 2017-06-03 02:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 12:39 - 2017-06-03 02:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 12:39 - 2017-06-03 02:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 12:39 - 2017-06-03 02:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-06-14 12:39 - 2017-06-03 02:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 12:39 - 2017-06-03 02:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-14 12:39 - 2017-06-03 02:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-14 12:39 - 2017-06-03 02:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-14 12:39 - 2017-06-03 02:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll
2017-06-14 12:39 - 2017-06-03 02:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-06-14 12:39 - 2017-06-03 02:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll
2017-06-14 12:39 - 2017-06-03 02:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-06-14 12:39 - 2017-06-03 02:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-06-14 12:39 - 2017-06-03 02:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-14 12:39 - 2017-06-03 02:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-06-14 12:39 - 2017-06-03 02:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 12:39 - 2017-06-03 02:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 12:39 - 2017-06-03 02:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 12:39 - 2017-06-03 02:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll
2017-06-14 12:39 - 2017-06-03 02:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 12:39 - 2017-06-03 02:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-06-14 12:39 - 2017-06-03 02:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 12:39 - 2017-06-03 02:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-06-14 12:39 - 2017-06-03 02:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll
2017-06-14 12:39 - 2017-06-03 02:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 12:39 - 2017-06-03 02:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 12:39 - 2017-06-03 02:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 12:39 - 2017-06-03 02:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 12:39 - 2017-06-03 01:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 12:39 - 2017-06-03 01:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 12:39 - 2017-06-03 01:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 12:39 - 2017-06-03 01:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-06-14 12:39 - 2017-06-03 01:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 12:39 - 2017-03-03 23:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-06-14 12:39 - 2016-09-06 21:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-06-14 12:38 - 2017-06-03 03:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-06-14 12:38 - 2017-06-03 03:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-14 12:38 - 2017-06-03 03:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-14 12:38 - 2017-06-03 03:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-14 12:38 - 2017-06-03 03:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 12:38 - 2017-06-03 03:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-14 12:38 - 2017-06-03 03:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 12:38 - 2017-06-03 03:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 12:38 - 2017-06-03 02:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-14 12:38 - 2017-06-03 02:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 12:38 - 2017-06-03 02:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 12:38 - 2017-06-03 02:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-14 12:38 - 2017-06-03 02:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 12:38 - 2017-06-03 02:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-14 12:38 - 2017-06-03 02:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-06-14 12:38 - 2017-06-03 02:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-14 12:38 - 2017-06-03 02:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2017-06-14 12:38 - 2017-06-03 02:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 12:38 - 2017-06-03 02:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 12:38 - 2017-06-03 02:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-06-14 12:38 - 2017-06-03 02:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-06-14 12:38 - 2017-06-03 02:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 12:38 - 2017-06-03 02:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-06-14 12:38 - 2017-06-03 02:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 12:38 - 2017-06-03 02:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 12:38 - 2017-06-03 02:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 12:38 - 2017-06-03 02:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-14 12:38 - 2017-06-03 02:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 12:38 - 2017-06-03 02:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 12:38 - 2017-06-03 02:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 12:38 - 2017-06-03 02:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 12:38 - 2017-06-03 02:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 12:38 - 2017-06-03 02:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 12:38 - 2017-06-03 02:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 12:38 - 2017-06-03 02:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 12:38 - 2017-06-03 02:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 12:38 - 2017-06-03 02:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 12:38 - 2017-06-03 02:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-06-14 12:38 - 2017-06-03 02:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-06-14 12:38 - 2017-06-03 02:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-14 12:38 - 2017-06-03 02:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll
2017-06-14 12:38 - 2017-06-03 02:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-06-14 12:38 - 2017-06-03 02:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll
2017-06-14 12:38 - 2017-06-03 02:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-06-14 12:38 - 2017-06-03 02:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 12:38 - 2017-06-03 02:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 12:38 - 2017-06-03 02:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-06-14 12:38 - 2017-06-03 02:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 12:38 - 2017-06-03 02:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-06-14 12:38 - 2017-06-03 02:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll
2017-06-14 12:38 - 2017-06-03 02:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 12:38 - 2017-06-03 02:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-14 12:38 - 2017-06-03 02:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 12:38 - 2017-06-03 02:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-06-14 12:38 - 2017-06-03 02:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-14 12:38 - 2017-06-03 02:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 12:38 - 2017-06-03 01:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-06-14 12:38 - 2017-06-03 01:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 12:38 - 2017-06-03 01:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-06-14 12:38 - 2017-06-03 01:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 12:38 - 2017-06-03 01:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-14 12:38 - 2017-06-03 01:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 12:38 - 2017-06-03 01:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-06-14 12:38 - 2017-06-03 01:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-14 12:38 - 2017-06-03 01:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-06-14 12:38 - 2017-06-03 01:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 12:38 - 2017-06-03 01:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 12:38 - 2017-06-03 01:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 12:38 - 2017-06-03 01:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 12:38 - 2017-06-03 01:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-14 12:38 - 2017-06-03 01:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 12:38 - 2017-06-03 01:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 12:38 - 2017-06-03 01:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll
2017-06-14 12:38 - 2017-06-03 01:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-14 12:38 - 2017-06-03 01:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 12:38 - 2017-06-03 01:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 12:38 - 2017-06-03 01:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 12:38 - 2017-06-02 23:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls
2017-06-14 12:38 - 2017-05-24 22:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-06-14 12:38 - 2017-03-03 23:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-06-14 12:38 - 2017-03-03 23:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-06-14 12:38 - 2017-03-03 23:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-06-14 12:37 - 2017-06-03 02:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-12 14:09 - 2017-06-12 14:09 - 64232976 _____ (Malwarebytes ) C:\Users\Daniel_2\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe
2017-06-12 11:07 - 2017-06-12 11:11 - 00000000 ____D C:\Users\Daniel_2\Desktop\2017-Pics
2017-06-12 09:56 - 2017-06-12 09:56 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-06-02 14:47 - 2017-06-02 14:48 - 00000000 ____D C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-05-30 15:04 - 2017-05-30 15:04 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-05-30 15:04 - 2017-05-30 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-05-30 15:03 - 2017-05-30 15:04 - 00000000 ____D C:\Program Files\iTunes
2017-05-30 15:03 - 2017-05-30 15:03 - 00000000 ____D C:\Program Files\iPod
2017-05-30 14:58 - 2017-05-30 14:58 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-05-30 14:57 - 2017-05-30 14:57 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-05-22 10:52 - 2017-05-22 10:52 - 04789838 _____ C:\Users\Daniel_2\Desktop\Pentair Partners.pdf
2017-05-22 10:48 - 2017-05-22 10:48 - 00390645 _____ C:\Users\Daniel_2\Desktop\Pool-Dorrado.pdf
2017-05-22 10:48 - 2017-05-22 10:48 - 00000000 ____D C:\Users\Daniel_2\AppData\LocalLow\Temp
2017-05-18 22:17 - 2017-05-18 22:17 - 00166288 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2017-05-18 22:17 - 2017-05-18 22:17 - 00131984 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-17 10:35 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-17 10:35 - 2012-02-21 12:02 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-06-16 17:33 - 2012-07-02 22:38 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-06-16 17:19 - 2016-10-02 04:09 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-16 13:41 - 2016-10-02 04:15 - 00000000 ____D C:\Users\Daniel
2017-06-16 10:35 - 2016-07-16 04:47 - 00000000 __RHD C:\Users\Public\Libraries
2017-06-16 10:29 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-16 10:21 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF
2017-06-16 09:46 - 2015-12-16 20:19 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-15 22:27 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-15 21:34 - 2017-04-21 09:56 - 00000000 ____D C:\Program Files\Common Files\AV
2017-06-15 21:24 - 2016-10-02 04:15 - 01377926 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-15 21:17 - 2016-10-02 04:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-15 21:16 - 2016-07-15 23:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-06-15 19:48 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\rescache
2017-06-15 19:02 - 2011-03-12 12:50 - 00000000 ____D C:\Users\Daniel\Desktop\New folder
2017-06-15 16:13 - 2016-07-16 04:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-15 15:44 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-15 14:11 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\registration
2017-06-15 13:28 - 2015-12-20 11:50 - 00000000 ____D C:\WINDOWS\pss
2017-06-15 11:48 - 2011-03-09 11:37 - 00000000 ____D C:\Users\Daniel\AppData\Local\ElevatedDiagnostics
2017-06-15 10:51 - 2015-02-25 14:29 - 00000000 __SHD C:\Users\Daniel\AppData\Local\EmieUserList
2017-06-15 10:51 - 2015-02-25 14:29 - 00000000 __SHD C:\Users\Daniel\AppData\Local\EmieSiteList
2017-06-15 10:04 - 2014-04-13 14:02 - 00000000 ____D C:\Users\Daniel_2\AppData\Roaming\Dropbox
2017-06-15 10:03 - 2015-06-29 14:34 - 00000000 ____D C:\Users\Daniel_2\AppData\Local\Dropbox
2017-06-15 09:58 - 2016-10-02 04:09 - 00223672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-15 09:56 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-15 09:56 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-15 09:56 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-15 09:49 - 2014-04-14 14:18 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-15 09:49 - 2014-04-14 14:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-14 14:59 - 2014-01-07 15:09 - 00001387 _____ C:\Users\Daniel_2\Desktop\Internet Explorer.lnk
2017-06-14 14:59 - 2012-02-29 12:27 - 00002519 _____ C:\Users\Daniel_2\Desktop\Google Chrome.lnk
2017-06-14 14:59 - 2011-02-17 11:03 - 00001383 _____ C:\Users\Daniel_2\Desktop\Internet Explorer (64-bit).lnk
2017-06-14 14:01 - 2014-04-14 15:57 - 00000000 ____D C:\Users\Daniel_2\Desktop\2014-Pics
2017-06-14 13:26 - 2013-08-19 14:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 13:18 - 2011-02-15 21:27 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 13:17 - 2014-04-14 14:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-14 12:48 - 2006-11-02 05:34 - 00000275 _____ C:\WINDOWS\win.ini
2017-06-14 12:42 - 2015-12-18 16:15 - 00002415 _____ C:\Users\Daniel_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-14 12:42 - 2015-12-18 16:15 - 00000000 ___RD C:\Users\Daniel_2\OneDrive
2017-06-14 11:50 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-14 11:50 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-12 13:11 - 2016-07-15 23:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-06-12 13:11 - 2011-02-15 10:13 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-06-12 10:35 - 2014-04-13 12:23 - 00000000 ____D C:\ProgramData\Samsung
2017-06-12 10:35 - 2014-04-13 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2017-06-12 10:35 - 2014-04-13 12:23 - 00000000 ____D C:\Program Files (x86)\Samsung
2017-06-12 10:35 - 2011-02-15 09:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-06-12 10:11 - 2014-04-13 12:48 - 00001973 _____ C:\Users\Public\Desktop\Samsung Kies 3.lnk
2017-06-12 10:08 - 2014-04-13 12:52 - 00000000 ____D C:\Program Files\SAMSUNG
2017-06-12 10:04 - 2014-04-13 12:48 - 00000000 ____D C:\Users\Daniel_2\Documents\SelfMV
2017-06-02 23:36 - 2016-07-16 04:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-02 23:36 - 2016-07-16 04:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-02 14:48 - 2012-12-22 12:55 - 00000000 ____D C:\Users\Cheryl\AppData\Roaming\Dropbox
2017-06-02 14:46 - 2015-06-24 17:53 - 00000000 ____D C:\Users\Cheryl\AppData\Local\Dropbox
2017-05-30 15:04 - 2011-07-20 09:47 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Apple Computer
2017-05-30 15:02 - 2011-07-13 09:47 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-05-30 14:57 - 2011-07-13 09:47 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-05-30 14:56 - 2012-12-30 18:32 - 00000000 ____D C:\Users\Daniel_2\Desktop\htc 12-30-12
2017-05-22 10:56 - 2012-02-29 12:27 - 00002527 _____ C:\Users\Daniel_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2011-03-12 12:37 - 2011-03-12 12:51 - 0000077 _____ () C:\Users\Daniel\AppData\Roaming\Rim.Desktop.Exception.log
2011-03-12 11:55 - 2011-07-01 08:14 - 0002021 _____ () C:\Users\Daniel\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-04-03 16:16 - 2011-01-04 09:26 - 0076407 _____ () C:\Users\Daniel\AppData\Roaming\Smiley.ico
2011-03-12 12:38 - 2011-03-12 12:38 - 0003584 _____ () C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-02-16 09:17 - 2011-02-18 11:27 - 0021315 _____ () C:\Users\Daniel\AppData\Local\HWVendorDetection.log
2012-07-09 15:03 - 2016-07-29 13:20 - 0009456 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
2017-06-12 10:06 - 2014-05-07 17:43 - 0568832 _____ (Microsoft Corporation) C:\Users\Daniel\AppData\Local\Temp\msvcp90.dll
2017-06-12 10:06 - 2014-05-07 17:43 - 0655872 _____ (Microsoft Corporation) C:\Users\Daniel\AppData\Local\Temp\msvcr90.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-16 10:00
 
==================== End of FRST.txt ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01
Ran by Daniel (17-06-2017 10:51:21)
Running from C:\Users\Daniel\Downloads
Windows 10 Home Version 1607 (X64) (2016-10-02 11:46:47)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1459875843-3859104557-3610610433-500 - Administrator - Disabled)
Cheryl (S-1-5-21-1459875843-3859104557-3610610433-1002 - Limited - Enabled) => C:\Users\Cheryl
Daniel (S-1-5-21-1459875843-3859104557-3610610433-1000 - Administrator - Enabled) => C:\Users\Daniel
Daniel_2 (S-1-5-21-1459875843-3859104557-3610610433-1001 - Limited - Enabled) => C:\Users\Daniel_2
DefaultAccount (S-1-5-21-1459875843-3859104557-3610610433-503 - Limited - Disabled)
Guest (S-1-5-21-1459875843-3859104557-3610610433-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.118 - Adobe Systems Incorporated)
Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.103 - NOS Microsystems Ltd.)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.126 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.20) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated)
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C4200 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
c4200_Help (x32 Version: 82.0.210.000 - Hewlett-Packard) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.3.11069.2 - Cisco Consumer Products LLC)
Cisco Network Magic (x32 Version: 5.5.09195.0 - Pure Networks) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\Dropbox) (Version: 28.4.14 - Dropbox, Inc.)
Google Chrome (HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart C4200 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{276C40A7-8110-4976-80D2-39C669B84D32}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{39C8BE76-CF6A-466F-8618-0B52CC4CA0FC}) (Version: 8.3.27.17 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.5.26.37 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 13.5 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
KB0817 Keyboard Driver (HKLM-x32\...\{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}) (Version: 1.30.0000 - Gateway)
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Office Basic Edition 2003 (HKLM-x32\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\MyFreeCodec) (Version:  - )
Network Magic (HKLM-x32\...\Network MagicUninstall) (Version: 5.5.9195.0 - Cisco Systems, Inc.)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
PhotoPad Image Editor (HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\PhotoPad) (Version:  - NCH Software)
PS_AIO_Software_min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
Pure Networks Platform (x32 Version: 11.2.09195.1 - Pure Networks) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
VideoPad Video Editor (HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\VideoPad) (Version:  - NCH Software)
WavePad Sound Editor (HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\WavePad) (Version:  - NCH Software)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => No File
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => No File
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => No File
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => No File
HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\ChromeHTML: -> C:\Users\Daniel_2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Daniel_2\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Daniel_2\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Daniel_2\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Daniel_2\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Daniel_2\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Daniel_2\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Daniel_2\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Daniel_2\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Daniel_2\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Daniel_2\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Daniel_2\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Daniel_2\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Daniel_2\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Daniel_2\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Daniel_2\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Daniel_2\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00CEAAFB-AEC9-4978-976A-586E6563D59B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-07-04] (HP Inc.)
Task: {02213FD6-60D8-457B-89F3-A60AC7442549} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {03B6334A-6BE5-4E4F-867B-5679ADDA8083} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {09F2325D-59CB-464B-BE25-3685ABA4DF9D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {172722BA-B6B5-431B-844E-44E5E737C28C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {1C979D42-756E-497B-B2BC-D350FCF4B784} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {29BB3931-56E9-40CF-AB95-0B259ADDC873} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1001Core => C:\Users\Daniel_2\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {2FF3C4C7-EB54-45B3-8B32-BC8404481209} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {31D87257-9357-41F2-A4B7-87EA9F2C5546} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {34001681-BBF0-478A-85F5-48E5B7B5CF95} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3615A49D-A61A-45BC-A592-712EE2559A57} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {388F9F29-88F1-4D75-9D92-2D4647ECAB84} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3CE9EB16-0B12-42A6-9A2F-9A5C5A502097} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {3D3D461E-7C93-4176-A48F-D024C8515929} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3E2C178C-11F7-4DE2-8A47-186BD961B494} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {3E8F5E01-DBAC-4DB5-83FD-BA8525468515} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {455ED4FC-2A18-4297-B7E5-2658D5F092D4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {46B43F4E-8A35-477A-96EF-7BFBD8072C00} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {4C07A74D-1C39-4BEC-A48A-DA3F179196D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.)
Task: {50A93176-A9EB-4C6F-9345-2BF1C352FAA4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {52DC586D-B8BD-48F3-BE92-C7AB25FAC819} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1001UA1d262d764b28348 => C:\Users\Daniel_2\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {544CA68F-9B0F-4DFA-BBE6-FDAA42BA3DA4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1002UA => C:\Users\Cheryl\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {5746F87C-CD37-499B-9457-6CA7B5488BA6} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {58483233-A679-4CFD-A4E1-9B4DAD1F9383} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {6B151AC9-0CB6-4ABB-961D-6A6051590871} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1002UA1d2596bbeb2fe6e => C:\Users\Cheryl\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {6C6FF72E-C7D3-424A-96AF-1211E845DB0B} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6D93B13B-158F-4E19-B2A0-11F9A9CFC01E} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {6E274A6E-8A3E-469C-A81D-4D056C43FB7A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-10] (Adobe Systems Incorporated)
Task: {6F7580F4-D954-4223-97E7-C3C13B5955F3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\WINDOWS\system32\gatherWiredInfo.vbs
Task: {73E98F4D-8F11-4293-B224-886A86279B1B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {743FC4C8-94EB-45CD-AB21-EC24271C0BD0} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Cheryl\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {744AE0B4-EFAA-4AC8-951C-A10E6D7B1399} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {76AF196A-28CB-427F-98AF-0A105CFE123F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1002Core1d2596bbe85b1c1 => C:\Users\Cheryl\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {7A31E640-84AB-4EDF-B16E-2F6881843424} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7F04D7D6-226F-4593-94C5-CC3FD2954F51} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {83CF1578-64B1-4086-B435-899720E2325E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1002Core => C:\Users\Cheryl\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {83EFBE05-1046-449F-BC39-75E0AE5A19F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-07-04] (HP Inc.)
Task: {8481A720-1CAC-499B-B272-EA9DA3D1C8D0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8A7E9D2D-0AA5-4D06-9CEA-D2341C74CBCD} - System32\Tasks\MHotkey => C:\WINDOWS\MHotKey.exe [2008-05-30] ()
Task: {8BF70707-B77D-41AF-A62F-80C6CDAB6435} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1002UA1d2395428366d1 => C:\Users\Cheryl\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.)
Task: {934781AC-7AED-4309-8336-2A3FA8DFD2C2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {94F5741F-D978-4666-9B25-86CB0B648C2E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.)
Task: {99118D40-261A-47CC-AD19-03505BBEA8E2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {9917A237-AE31-468D-92F6-EED3A47EAC05} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {99764903-67FC-4E31-A6B6-0255EBDEAA4F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B0B90252-AED1-4AB3-AD4C-DE211ABC46AA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B5E58CB6-F542-40D5-9B6F-AD2B9F1F6646} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2016-07-04] (HP Inc.)
Task: {B79DB5D9-4017-4FEC-A7AA-7839A649F209} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab)
Task: {BCA81336-74CB-4555-AB2F-21435F0AAE0D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BDD396F9-81BC-44F0-A65E-B16B570859DF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1001Core1d262d76485369e => C:\Users\Daniel_2\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {C11A29F8-DC60-4968-BF44-7A4EF27D82E9} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C3AB2B7C-6539-4425-AF65-ED697E5B870A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1002Core1d2395425711ca => C:\Users\Cheryl\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.)
Task: {CBF7A2CB-005A-47D7-9673-D8E13AB4515A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CDC2AB77-412A-44C9-9934-3B7F3CE9B273} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1001UA1d24e41137fa61c => C:\Users\Daniel_2\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-12-04] (Dropbox, Inc.)
Task: {DB43E39A-2B74-4E73-9DB0-A9DAF0700141} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E09469F7-2445-4EB2-A214-2C160EB57A76} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1001Core1d24e4112aa0d1e => C:\Users\Daniel_2\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-12-04] (Dropbox, Inc.)
Task: {E0D62EF0-0796-4D0F-8192-141CF2EDFDCD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E6B20F2A-B2D8-4E9B-B3D1-0BDC568CB6AF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {E8737731-5173-4D77-8202-2683497C7724} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1001UA => C:\Users\Daniel_2\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\WINDOWS\system32\gatherWirelessInfo.vbs
Task: {F0268BDF-3911-4196-9D4F-E864FEBCD24C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F308ACFE-22E8-4EFB-A299-072270A4DB59} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {F6B6CF55-FC3E-4783-8930-EEB410DFE153} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F7110351-8DE2-4153-9420-0BED6DEA87C4} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F7159B2E-FB79-4F0A-BDAF-CF60832A2FE6} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F989708B-D73D-4BA9-AC9B-D36449D63F93} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FA9C59DC-9D4C-4916-87E4-9192558CC846} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1001Core1d24e4112aa0d1e.job => C:\Users\Daniel_2\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1001UA1d24e41137fa61c.job => C:\Users\Daniel_2\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1002Core1d2395425711ca.job => C:\Users\Cheryl\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1002UA1d2395428366d1.job => C:\Users\Cheryl\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1001Core.job => C:\Users\Daniel_2\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1001UA.job => C:\Users\Daniel_2\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1002Core.job => C:\Users\Cheryl\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1459875843-3859104557-3610610433-1002UA.job => C:\Users\Cheryl\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-05-09 00:44 - 2017-05-09 00:44 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-06-15 19:26 - 2017-05-25 14:11 - 02270664 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-07-16 04:42 - 2016-07-16 04:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-06-14 12:38 - 2017-06-03 03:01 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-10-02 05:01 - 2016-10-02 05:01 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 19:00 - 2017-03-03 23:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 19:01 - 2017-03-03 23:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 19:01 - 2017-03-03 23:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 19:01 - 2017-03-03 23:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-06-14 12:38 - 2017-06-03 01:47 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-06-14 12:38 - 2017-06-03 01:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-06-14 12:38 - 2017-06-03 01:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 00092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 01354040 _____ () C:\Program Files\iTunes\libxml2.dll
2011-02-21 16:06 - 2008-05-30 10:50 - 00581120 _____ () C:\WINDOWS\MHotkey.exe
2017-06-16 09:49 - 2017-06-16 09:49 - 00959168 _____ () C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll
2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\kpcengine.2.3.dll
2009-07-13 17:37 - 2009-07-13 17:37 - 00152112 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
2009-07-13 17:37 - 2009-07-13 17:37 - 00098304 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
2017-06-16 09:48 - 2017-06-16 09:48 - 00679624 _____ () C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\ClientTelemetry.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Daniel_2\Desktop\vr4qph.jpg:com.dropbox.attributes [322]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\adanak.net -> www.adanak.net
IE restricted site: HKU\.DEFAULT\...\adexchangeprediction.com -> www.adexchangeprediction.com
IE restricted site: HKU\.DEFAULT\...\advancemark.info -> www.advancemark.info
IE restricted site: HKU\.DEFAULT\...\albrechto.co -> www.albrechto.co
IE restricted site: HKU\.DEFAULT\...\batbrowse.com -> www.batbrowse.com
IE restricted site: HKU\.DEFAULT\...\betterbrowse.net -> www.betterbrowse.net
IE restricted site: HKU\.DEFAULT\...\browsebeyond.net -> www.browsebeyond.net
IE restricted site: HKU\.DEFAULT\...\browsepax.co -> www.browsepax.co
IE restricted site: HKU\.DEFAULT\...\buenosearch.com -> www.buenosearch.com
IE restricted site: HKU\.DEFAULT\...\crankweb.com -> www.crankweb.com
IE restricted site: HKU\.DEFAULT\...\crimsolite.co -> crimsolite.co
IE restricted site: HKU\.DEFAULT\...\divapton.biz -> www.divapton.biz
IE restricted site: HKU\.DEFAULT\...\dlappzonenorth.com -> www.dlappzonenorth.com
IE restricted site: HKU\.DEFAULT\...\doughgo.biz -> www.doughgo.biz
IE restricted site: HKU\.DEFAULT\...\enhancetronic.net -> www.enhancetronic.net
IE restricted site: HKU\.DEFAULT\...\errorfound.xyz -> www.errorfound.xyz
IE restricted site: HKU\.DEFAULT\...\explainidentifycoding.info -> www.explainidentifycoding.info
IE restricted site: HKU\.DEFAULT\...\fassurun.co -> www.fassurun.co
IE restricted site: HKU\.DEFAULT\...\findopolis.net -> www.findopolis.net
IE restricted site: HKU\.DEFAULT\...\fralimbo.net -> www.fralimbo.net
 
There are 53 more sites.
 
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\adanak.net -> www.adanak.net
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\adexchangeprediction.com -> www.adexchangeprediction.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\advancemark.info -> www.advancemark.info
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\albrechto.co -> www.albrechto.co
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\batbrowse.com -> www.batbrowse.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\betterbrowse.net -> www.betterbrowse.net
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\browsebeyond.net -> www.browsebeyond.net
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\browsepax.co -> www.browsepax.co
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\buenosearch.com -> www.buenosearch.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\crankweb.com -> www.crankweb.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\crimsolite.co -> crimsolite.co
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\divapton.biz -> www.divapton.biz
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\dlappzonenorth.com -> www.dlappzonenorth.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\doughgo.biz -> www.doughgo.biz
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\enhancetronic.net -> www.enhancetronic.net
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\errorfound.xyz -> www.errorfound.xyz
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\explainidentifycoding.info -> www.explainidentifycoding.info
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\fassurun.co -> www.fassurun.co
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\findopolis.net -> www.findopolis.net
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\...\fralimbo.net -> www.fralimbo.net
 
There are 53 more sites.
 
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\adanak.net -> www.adanak.net
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\adexchangeprediction.com -> www.adexchangeprediction.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\advancemark.info -> www.advancemark.info
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\albrechto.co -> www.albrechto.co
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\batbrowse.com -> www.batbrowse.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\betterbrowse.net -> www.betterbrowse.net
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\browsebeyond.net -> www.browsebeyond.net
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\browsepax.co -> www.browsepax.co
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\buenosearch.com -> www.buenosearch.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\crankweb.com -> www.crankweb.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\crimsolite.co -> crimsolite.co
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\divapton.biz -> www.divapton.biz
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\dlappzonenorth.com -> www.dlappzonenorth.com
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\doughgo.biz -> www.doughgo.biz
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\enhancetronic.net -> www.enhancetronic.net
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\errorfound.xyz -> www.errorfound.xyz
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\explainidentifycoding.info -> www.explainidentifycoding.info
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\fassurun.co -> www.fassurun.co
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\findopolis.net -> www.findopolis.net
IE restricted site: HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\...\fralimbo.net -> www.fralimbo.net
 
There are 53 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 05:34 - 2017-06-16 17:32 - 00000857 ____R C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
::1 localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1459875843-3859104557-3610610433-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel\AppData\Local\Microsoft\Windows\Themes\img6.jpg
HKU\S-1-5-21-1459875843-3859104557-3610610433-1001\Control Panel\Desktop\\Wallpaper -> c:\users\daniel_2\appdata\local\microsoft\windows\themes\img1.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{802E1D9D-6DC8-4A5F-A996-5CD679BED14F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{244529DB-60CB-4042-8C8E-DE606F7FC383}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0316495F-2E52-49DA-89D2-BE2D96A9134F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9ECFF359-583C-48AC-A921-6E071F106DDD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{E179896F-D3B7-4CCD-8359-65BD2A3CA3D9}C:\users\cheryl\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\cheryl\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{4C7FEB1A-C735-4BFD-82EB-94C91128CE95}C:\users\cheryl\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\cheryl\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{B3AE1F0F-A840-4C44-9342-59313776958C}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{4ED76042-82F9-4B66-817C-70BC1A3382ED}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{1C0CAB25-5559-4DBF-B777-7C91A55350C9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{3340EBA9-241B-4223-AAB8-F555C2192552}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{C5497E31-CF10-4CEF-8433-72788D90576A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{4C982D6E-92D4-4D02-81F5-D7CD9198C38B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{A8A4BA28-7BF6-4E33-8B7D-51E2623DD129}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{6E729FE0-7608-4549-BF26-A7F2E99DA6B3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{EB2C4D7E-143B-4C05-8837-6B46C8A5C01D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{74A5ECFB-433B-420B-B3A8-981A054CB117}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{FB9D6429-77E3-4AD8-9C81-D9C3F88AD5FC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{E5EC9155-F8E3-4E79-9F99-7E7A469425D6}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{3A0EE91C-427A-4D73-A66C-BE8618C3E2F4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{DD4AC37F-75DE-4C7A-95FA-72B904592BED}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{C76B3975-F8D2-4BE3-AFAE-086A7E1DAEC3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{2FA49990-4014-4DEE-B329-A60FE05C4638}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{0C400A04-DFC5-466E-A9A5-AA2BE721C2B3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{4549F95D-D73C-4FB5-AEF8-BB200493F7CA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{DADDFAC8-9E23-4E11-81C7-B05C7B5BC704}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{44177B5E-80AA-49EF-B4E6-CC939DA8E3FE}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{C486FE1E-F66C-464C-AC78-8677EE3F8E6D}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{3D367012-E0D6-463E-B466-5847A2A0E1A0}] => (Allow) C:\Users\Cheryl\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9DF61F9C-01EB-41D8-BE13-66DABCAC6EE9}] => (Allow) C:\Users\Cheryl\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{AEA13169-B8C0-411A-89AA-30F78C73DD0A}] => (Allow) C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{DD4CC8A9-7CB3-4B19-B660-0BF0D932B848}] => (Allow) C:\Users\Daniel_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FAA5A98F-94C3-43A8-AA23-4163228E8A74}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{785EB0A1-88BA-4412-94B1-12FB6EAAED0E}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{7D7BACBB-CB42-443A-A88A-3B004543F426}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{320A9B4F-4203-422B-B569-69E4AEEA67D3}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
FirewallRules: [{ED55D0B2-94A3-459A-BB00-A9923420161C}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
 
==================== Restore Points =========================
 
30-05-2017 14:50:48 Windows Update
06-06-2017 18:13:11 Scheduled Checkpoint
12-06-2017 11:06:17 Windows Update
15-06-2017 16:05:48 Windows Update
16-06-2017 17:22:56 Removed HTC BMP USB Driver.
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 60%
Total physical RAM: 4061.17 MB
Available physical RAM: 1619.84 MB
Total Virtual: 8157.17 MB
Available Virtual: 4865.5 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:595.73 GB) (Free:509 GB) NTFS ==>[drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 68AC7C90)
Partition 1: (Active) - (Size=595.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================
 
 
 
 
 
Thank you, I look forward to your findings.
 
 
 
 
 
 
Javamonkey
 

 


  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,624 posts
  • MVP

Could you explain:

 

I am still getting weird activity on my network like the linkLinuxclient,Full Ford and Samsung-TV popping up.

 

 

How are you seeing these?  What router are you using?  Does it have WiFi?  Does the WiFi require a password to connect?

 

Let's run Rogue Killer
 
Portable 32 bits
Portable 64 bits <==Use this one
 
Download and Save.
 
 
 
Right click on the downloaded file (RogueKillerX64.exe or RogueKiller.exe)  and Run As admin
 
Start Scan
Start Scan
 
Will take about 20 minutes to complete.
 
Open Report
Export TXT (save it to your desktop as rk) Save
 
Do not let Rogue Killer remove anything until you hear from me.  Leave Rogue Killer up (but minimized) so you won't have to rescan.
 
Open rk.txt and copy and paste it to your next Reply. 

  • 0

#8
Javamonkey

Javamonkey

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
I am seeing them pop up in File Explorer under network. I notice every time I log on or run a report one or three of these mentioned devices or users will pop up within the network. I have a Motorola Surfboard modem which is shut down and an Cisco E1000 wifi router. I reset the router using the disc and it generated a new network name and password.

I have nothing connected to the network yet and I see the network from my phone. Anyway, I will try and get this report back to you today if not Tuesday. I have been going to the library to post to you and download. U am to paranoid to turn on the internet yet unless you think it is ok. I just don't want to compromise my Geeks to Go account since this is my only communication.



Talk to you later,


Javamonkey
  • 0

#9
Javamonkey

Javamonkey

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
I am seeing them pop up in File Explorer under network. I notice every time I log on or run a report one or three of these mentioned devices or users will pop up within the network. I have a Motorola Surfboard modem which is shut down and an Cisco E1000 wifi router. I reset the router using the disc and it generated a new network name and password.

I have nothing connected to the network yet and I see the network from my phone. Anyway, I will try and get this report back to you today if not Tuesday. I have been going to the library to post to you and download. U am to paranoid to turn on the internet yet unless you think it is ok. I just don't want to compromise my Geeks to Go account since this is my only communication.



Talk to you later,


Javamonkey
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,624 posts
  • MVP

I think you can use the Internet.

 

If you open an elevated Command Prompt (admin)

 

then type:

arp  -a

hit Enter.

 

You will get something like:

 

 
Interface: 192.168.1.110 --- 0xb
  Internet Address      Physical Address      Type
  192.168.1.254         60-03-47-15-1f-fc     dynamic
  192.168.1.255         ff-ff-ff-ff-ff-ff     static
  224.0.0.22            01-00-5e-00-00-16     static
  224.0.0.251           01-00-5e-00-00-fb     static
  224.0.0.252           01-00-5e-00-00-fc     static
  239.255.255.250       01-00-5e-7f-ff-fa     static
  255.255.255.255       ff-ff-ff-ff-ff-ff     static
 
Only the dynamic entries are valid.  The one dynamic entry in my list is the router.  What do you see?

  • 0

Advertisements


#11
Javamonkey

Javamonkey

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts

Here is the RK report. I will post the dynamic address later.

 

 

RogueKiller V12.11.2.0 (x64) [Jun 12 2017] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Daniel [Administrator]
Started from : C:\Users\Daniel\Desktop\RogueKiller_portable64.exe
Mode : Scan -- Date : 06/17/2017 15:06:16 (Duration : 00:37:32)
 
¤¤¤ Processes : 3 ¤¤¤
[Suspicious.Path] ChiFuncExt.exe(11456) -- C:\Windows\ChiFuncExt.exe[-] -> Found
[Suspicious.Path] CNYHKey.exe(8572) -- C:\Windows\CNYHKey.exe[-] -> Found
[Suspicious.Path] ModLEDKey.exe(208) -- C:\Windows\ModLedKey.exe[-] -> Found
 
¤¤¤ Registry : 12 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Myfree Codec -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1459875843-3859104557-3610610433-1000\Software\jZip -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1459875843-3859104557-3610610433-1000\Software\Myfree Codec -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1459875843-3859104557-3610610433-1000\Software\YahooPartnerToolbar -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1459875843-3859104557-3610610433-1000\Software\jZip -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1459875843-3859104557-3610610433-1000\Software\Myfree Codec -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1459875843-3859104557-3610610433-1000\Software\YahooPartnerToolbar -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1459875843-3859104557-3610610433-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1459875843-3859104557-3610610433-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec -> Found
[PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Found
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | LchDrvKey : LchDrvKey.exe [-] -> Found
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | LedKey : CNYHKey.exe [-] -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 3 ¤¤¤
[PUP.Gen1][Folder] C:\Users\Daniel\AppData\Roaming\Yahoo!\Companion -> Found
[PUP.Gen1][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\MyFree Codec -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDT721064SLA360 +++++
--- User ---
[MBR] ac575a5987c0f06b3a0d742d72b6ad5e
[BSP] 3bfe257a20a54a5057a2529bde4ed202 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 610028 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1249339392 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: Multiple Flash Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
 
 
Thanks,
 
Java 

  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,624 posts
  • MVP
You can let RK remove these:
 
¤¤¤ Registry : 12 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Myfree Codec -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1459875843-3859104557-3610610433-1000\Software\jZip -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1459875843-3859104557-3610610433-1000\Software\Myfree Codec -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1459875843-3859104557-3610610433-1000\Software\YahooPartnerToolbar -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1459875843-3859104557-3610610433-1000\Software\jZip -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1459875843-3859104557-3610610433-1000\Software\Myfree Codec -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1459875843-3859104557-3610610433-1000\Software\YahooPartnerToolbar -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1459875843-3859104557-3610610433-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1459875843-3859104557-3610610433-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec -> Found
[PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Found
 
¤¤¤ Files : 3 ¤¤¤
[PUP.Gen1][Folder] C:\Users\Daniel\AppData\Roaming\Yahoo!\Companion -> Found
[PUP.Gen1][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\MyFree Codec -> Found
 

  • 0

#13
Javamonkey

Javamonkey

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
OK I removed the files. I also ran another report let me know if you want me to post it.
  • 0

#14
Javamonkey

Javamonkey

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
OK I removed the files. I also ran another report let me know if you want me to post it.
  • 0

#15
Javamonkey

Javamonkey

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
OK I removed the files. I also ran another report let me know if you want me to post it.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP