Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected computer


  • This topic is locked This topic is locked

#1
Nayung116

Nayung116

    Member

  • Member
  • PipPip
  • 18 posts

Hello, i think that my computer has a virus.  My computer seems to be running slowly and weird tabs keep popping up.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2017
Ran by Kids (administrator) on MISTERMAGIC (30-06-2017 19:13:28)
Running from C:\Users\Kids\Contacts\Desktop
Loaded Profiles: Kids (Available Profiles: Kids)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
(SRecorder Company) C:\Program Files (x86)\SRecorder\SRecorder.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Dropbox, Inc.) C:\Users\Kids\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\jmesoft\Service.exe
(© 2015 Microsoft Corporation) C:\Users\Kids\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Kids\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Dropbox, Inc.) C:\Users\Kids\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Kids\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Twitch Interactive, Inc.) C:\Users\Kids\AppData\Roaming\Curse Client\Bin\Electron\TwitchUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-18] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-08-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [918008 2017-06-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-06-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe [222160 2016-09-28] (Razer Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2404952 2017-03-27] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: *.divx.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <==== ATTENTION
HKLM Group Policy restriction on software: *.png.com <==== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: ** <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <==== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <==== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <==== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <==== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <==== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <==== ATTENTION
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\Run: [Medialink Utilty] => C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe [2281488 2009-08-21] ()
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\Run: [Google Update] => C:\Users\Kids\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-27] (Google Inc.)
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\Run: [SRecorder] => C:\Program Files (x86)\SRecorder\SRecorder.exe [444616 2014-08-06] (SRecorder Company)
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-07] (Valve Corporation)
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\Run: [Dropbox Update] => C:\Users\Kids\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-16] (Dropbox, Inc.)
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\Run: [BingSvc] => C:\Users\Kids\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27742168 2017-06-07] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-03-08]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (No File)
Startup: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-03-27] ()
Startup: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-06-26]
ShortcutTarget: Dropbox.lnk -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-04-15]
ShortcutTarget: Twitch.lnk -> C:\Users\Kids\AppData\Roaming\Curse Client\Bin\Twitch.exe (Twitch Interactive, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51531;https=127.0.0.1:51531
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E0A66E06-343B-4876-8458-EAFC05969EE4}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LEND&bmod=LEND
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LEND
SearchScopes: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-11-23] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-23] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default [2017-06-30]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\zalxh0au.default -> Bing 
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\zalxh0au.default -> 
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\zalxh0au.default -> Bing 
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\zalxh0au.default -> Bing 
FF Homepage: Mozilla\Firefox\Profiles\zalxh0au.default -> hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=en-us
hxxp://finance.yahoo.com/
FF Keyword.URL: Mozilla\Firefox\Profiles\zalxh0au.default -> hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q=
FF Extension: (Avira Browser Safety) - C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\Extensions\[email protected] [2017-06-06]
FF Extension: (Bing Search) - C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\Extensions\[email protected] [2016-09-25]
FF Extension: (Bitdefender QuickScan) - C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2016-09-25]
FF SearchPlugin: C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\zalxh0au.default\searchplugins\bing-.xml [2016-09-25]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-17] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-03-27] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-17] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.4 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-27] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-1945432696-1015937987-3417527920-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Kids\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1945432696-1015937987-3417527920-1002: @talk.google.com/O1DPlugin -> C:\Users\Kids\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1945432696-1015937987-3417527920-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Kids\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-1945432696-1015937987-3417527920-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Kids\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-1945432696-1015937987-3417527920-1002: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Users\Kids\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Kids\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default [2017-06-30]
CHR Extension: (From Dust) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj [2014-07-08]
CHR Extension: (Google Docs) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-21]
CHR Extension: (Google Drive) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-17]
CHR Extension: (YouTube) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-21]
CHR Extension: (Adblock Plus) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-04-15]
CHR Extension: (Bing) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2016-09-26]
CHR Extension: (Google Sheets) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-21]
CHR Extension: (Google Docs Offline) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-17]
CHR Extension: (AdBlock) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-06-30]
CHR Extension: (Jojo`s Fashion Show) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcbbhahgmlncagolcocmpaghklceonac [2014-09-19]
CHR Extension: (SoundCloud) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2016-08-17]
CHR Extension: (Little Alchemy) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2016-08-17]
CHR Extension: (Anatronica - 3D Interactive Anatomy) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\nalpooddpdnhjicpjgnhaihnnfnmbpee [2014-07-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Gmail) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-21]
CHR Extension: (Chrome Media Router) - C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-30]
CHR HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-08-18] (Advanced Micro Devices, Inc.) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1128432 2017-06-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [490968 2017-06-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [490968 2017-06-18] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1524216 2017-06-18] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [356256 2017-06-08] (Avira Operations GmbH & Co. KG)
S3 EasyAntiCheat; C:\windows\SysWOW64\EasyAntiCheat.exe [182304 2015-02-01] (EasyAntiCheat Ltd)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [133376 2016-09-28] (Razer Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [675272 2017-05-23] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdefix; C:\windows\System32\DRIVERS\amdefix.sys [18456 2015-07-17] (Advanced Micro Devices)
R0 avdevprot; C:\windows\System32\DRIVERS\avdevprot.sys [64504 2017-06-18] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [185032 2017-06-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [149976 2017-06-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [35328 2017-03-23] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-23] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2017-06-30] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R2 rzpmgrk; C:\windows\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\windows\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-30 19:11 - 2017-06-30 19:11 - 02440704 _____ (Farbar) C:\Users\Kids\Downloads\FRST64.exe
2017-06-29 21:48 - 2017-06-29 21:48 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-06-26 14:37 - 2017-06-26 14:37 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-06-24 13:10 - 2017-06-24 13:11 - 04734784 _____ () C:\Users\Kids\Downloads\TechnicLauncher (3).exe
2017-06-24 13:03 - 2017-06-24 13:03 - 04734784 _____ () C:\Users\Kids\Downloads\TechnicLauncher (2).exe
2017-06-18 12:40 - 2017-06-18 12:40 - 00064504 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avdevprot.sys
2017-06-15 20:51 - 2017-06-15 20:51 - 00039806 _____ C:\Users\Kids\Downloads\Neon Genisis sheet music.pdf
2017-06-15 20:35 - 2017-06-15 20:36 - 02254921 _____ C:\Users\Kids\Downloads\Page 182.m4a
2017-06-13 19:34 - 2017-06-02 01:28 - 02317824 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2017-06-13 19:34 - 2017-06-02 01:28 - 02222080 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2017-06-13 19:34 - 2017-06-02 01:28 - 00778240 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2017-06-13 19:34 - 2017-06-02 01:28 - 00491520 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2017-06-13 19:34 - 2017-06-02 01:28 - 00288256 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2017-06-13 19:34 - 2017-06-02 01:11 - 00591872 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2017-06-13 19:34 - 2017-06-02 01:11 - 00249856 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2017-06-13 19:34 - 2017-06-02 01:10 - 00733696 _____ (Microsoft Corporation) C:\windows\HelpPane.exe
2017-06-13 19:34 - 2017-06-02 01:09 - 01549824 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2017-06-13 19:34 - 2017-06-02 01:09 - 01400320 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2017-06-13 19:34 - 2017-05-16 11:19 - 00394448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2017-06-13 19:34 - 2017-05-16 10:35 - 00346320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2017-06-13 19:34 - 2017-05-14 13:19 - 25738752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2017-06-13 19:34 - 2017-05-14 13:10 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2017-06-13 19:34 - 2017-05-14 13:01 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2017-06-13 19:34 - 2017-05-14 12:55 - 05975040 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2017-06-13 19:34 - 2017-05-14 12:11 - 20274688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2017-06-13 19:34 - 2017-05-14 11:54 - 15252992 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2017-06-13 19:34 - 2017-05-14 11:52 - 03240960 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2017-06-13 19:34 - 2017-05-14 11:44 - 04549120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2017-06-13 19:34 - 2017-05-14 11:38 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2017-06-13 19:34 - 2017-05-14 11:30 - 13664768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2017-06-13 19:34 - 2017-05-14 11:15 - 02767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2017-06-13 19:34 - 2017-05-12 11:27 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2017-06-13 19:34 - 2017-05-12 11:26 - 05547752 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2017-06-13 19:34 - 2017-05-12 11:26 - 00382696 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2017-06-13 19:34 - 2017-05-12 11:24 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2017-06-13 19:34 - 2017-05-12 11:22 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2017-06-13 19:34 - 2017-05-12 11:22 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2017-06-13 19:34 - 2017-05-12 11:07 - 04001000 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2017-06-13 19:34 - 2017-05-12 11:07 - 03945704 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2017-06-13 19:34 - 2017-05-12 11:07 - 00308456 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2017-06-13 19:34 - 2017-05-12 11:04 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2017-06-13 19:34 - 2017-05-12 11:03 - 00629760 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2017-06-13 19:34 - 2017-05-12 11:03 - 00313344 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2017-06-13 19:34 - 2017-05-12 10:52 - 03222528 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2017-06-13 19:34 - 2017-05-10 08:33 - 00091368 _____ (Microsoft Corporation) C:\windows\system32\MigAutoPlay.exe
2017-06-13 19:34 - 2017-05-10 08:29 - 14183936 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2017-06-13 19:34 - 2017-05-10 08:29 - 01867776 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2017-06-13 19:34 - 2017-05-10 08:16 - 00091368 _____ (Microsoft Corporation) C:\windows\SysWOW64\MigAutoPlay.exe
2017-06-13 19:34 - 2017-05-10 08:14 - 02651136 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2017-06-13 19:34 - 2017-05-10 08:12 - 12880896 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2017-06-13 19:34 - 2017-05-10 07:52 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2017-06-13 19:34 - 2017-05-09 08:30 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2017-06-13 19:34 - 2017-05-09 08:29 - 00970240 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2017-06-13 19:34 - 2017-05-09 08:11 - 00497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32spl.dll
2017-06-13 19:34 - 2017-05-07 08:33 - 00094440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2017-06-13 19:34 - 2017-04-27 15:50 - 03550208 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_47.dll
2017-06-13 19:34 - 2017-04-12 06:05 - 04296704 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_47.dll
2017-06-13 19:33 - 2017-06-02 01:28 - 00115200 _____ (Microsoft Corporation) C:\windows\system32\mssitlb.dll
2017-06-13 19:33 - 2017-06-02 01:28 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\mssprxy.dll
2017-06-13 19:33 - 2017-06-02 01:28 - 00075264 _____ (Microsoft Corporation) C:\windows\system32\msscntrs.dll
2017-06-13 19:33 - 2017-06-02 01:28 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\msshooks.dll
2017-06-13 19:33 - 2017-06-02 01:10 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe
2017-06-13 19:33 - 2017-06-02 01:09 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2017-06-13 19:33 - 2017-06-02 01:09 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2017-06-13 19:33 - 2017-06-02 01:09 - 00197120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssphtb.dll
2017-06-13 19:33 - 2017-06-02 01:09 - 00104448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssitlb.dll
2017-06-13 19:33 - 2017-06-02 01:09 - 00059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscntrs.dll
2017-06-13 19:33 - 2017-06-02 01:09 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssprxy.dll
2017-06-13 19:33 - 2017-06-02 00:58 - 00427520 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2017-06-13 19:33 - 2017-06-02 00:58 - 00164352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2017-06-13 19:33 - 2017-06-02 00:57 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchFilterHost.exe
2017-06-13 19:33 - 2017-06-02 00:57 - 00009728 _____ (Microsoft Corporation) C:\windows\SysWOW64\msshooks.dll
2017-06-13 19:33 - 2017-05-20 21:28 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2017-06-13 19:33 - 2017-05-20 21:28 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2017-06-13 19:33 - 2017-05-20 21:24 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2017-06-13 19:33 - 2017-05-20 21:24 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2017-06-13 19:33 - 2017-05-20 21:06 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2017-06-13 19:33 - 2017-05-20 20:55 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2017-06-13 19:33 - 2017-05-20 20:48 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2017-06-13 19:33 - 2017-05-20 20:48 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2017-06-13 19:33 - 2017-05-20 20:48 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2017-06-13 19:33 - 2017-05-20 20:47 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2017-06-13 19:33 - 2017-05-20 20:46 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2017-06-13 19:33 - 2017-05-20 20:42 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2017-06-13 19:33 - 2017-05-14 13:46 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2017-06-13 19:33 - 2017-05-14 13:46 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2017-06-13 19:33 - 2017-05-14 13:28 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2017-06-13 19:33 - 2017-05-14 13:27 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2017-06-13 19:33 - 2017-05-14 13:27 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2017-06-13 19:33 - 2017-05-14 13:27 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2017-06-13 19:33 - 2017-05-14 13:26 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2017-06-13 19:33 - 2017-05-14 13:24 - 02899456 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2017-06-13 19:33 - 2017-05-14 13:17 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2017-06-13 19:33 - 2017-05-14 13:16 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2017-06-13 19:33 - 2017-05-14 13:12 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2017-06-13 19:33 - 2017-05-14 13:10 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2017-06-13 19:33 - 2017-05-14 13:10 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2017-06-13 19:33 - 2017-05-14 13:10 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2017-06-13 19:33 - 2017-05-14 12:57 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2017-06-13 19:33 - 2017-05-14 12:48 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2017-06-13 19:33 - 2017-05-14 12:47 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2017-06-13 19:33 - 2017-05-14 12:46 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2017-06-13 19:33 - 2017-05-14 12:42 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2017-06-13 19:33 - 2017-05-14 12:41 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2017-06-13 19:33 - 2017-05-14 12:38 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2017-06-13 19:33 - 2017-05-14 12:37 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2017-06-13 19:33 - 2017-05-14 12:36 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2017-06-13 19:33 - 2017-05-14 12:23 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2017-06-13 19:33 - 2017-05-14 12:23 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2017-06-13 19:33 - 2017-05-14 12:22 - 00499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2017-06-13 19:33 - 2017-05-14 12:22 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2017-06-13 19:33 - 2017-05-14 12:22 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2017-06-13 19:33 - 2017-05-14 12:21 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2017-06-13 19:33 - 2017-05-14 12:20 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2017-06-13 19:33 - 2017-05-14 12:19 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2017-06-13 19:33 - 2017-05-14 12:18 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2017-06-13 19:33 - 2017-05-14 12:17 - 02132992 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2017-06-13 19:33 - 2017-05-14 12:16 - 02290176 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2017-06-13 19:33 - 2017-05-14 12:15 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2017-06-13 19:33 - 2017-05-14 12:14 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2017-06-13 19:33 - 2017-05-14 12:12 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2017-06-13 19:33 - 2017-05-14 12:11 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2017-06-13 19:33 - 2017-05-14 12:10 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2017-06-13 19:33 - 2017-05-14 12:10 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2017-06-13 19:33 - 2017-05-14 12:02 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2017-06-13 19:33 - 2017-05-14 11:57 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2017-06-13 19:33 - 2017-05-14 11:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-06-13 19:33 - 2017-05-14 11:56 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2017-06-13 19:33 - 2017-05-14 11:53 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2017-06-13 19:33 - 2017-05-14 11:52 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2017-06-13 19:33 - 2017-05-14 11:50 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2017-06-13 19:33 - 2017-05-14 11:49 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2017-06-13 19:33 - 2017-05-14 11:42 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2017-06-13 19:33 - 2017-05-14 11:40 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2017-06-13 19:33 - 2017-05-14 11:39 - 02057216 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2017-06-13 19:33 - 2017-05-14 11:37 - 01544704 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2017-06-13 19:33 - 2017-05-14 11:27 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2017-06-13 19:33 - 2017-05-14 11:11 - 01314816 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2017-06-13 19:33 - 2017-05-14 11:11 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2017-06-13 19:33 - 2017-05-12 11:26 - 00706792 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2017-06-13 19:33 - 2017-05-12 11:22 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 10:55 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2017-06-13 19:33 - 2017-05-12 10:54 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2017-06-13 19:33 - 2017-05-12 10:54 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2017-06-13 19:33 - 2017-05-12 10:51 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2017-06-13 19:33 - 2017-05-12 10:50 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2017-06-13 19:33 - 2017-05-12 10:46 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2017-06-13 19:33 - 2017-05-12 10:43 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2017-06-13 19:33 - 2017-05-12 10:41 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2017-06-13 19:33 - 2017-05-12 10:41 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2017-06-13 19:33 - 2017-05-12 10:41 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2017-06-13 19:33 - 2017-05-12 10:41 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2017-06-13 19:33 - 2017-05-12 10:40 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 10:40 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 10:40 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 10:40 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-06-13 19:33 - 2017-05-12 09:25 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2017-06-13 19:33 - 2017-05-12 08:58 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2017-06-13 19:33 - 2017-05-12 08:58 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2017-06-13 19:33 - 2017-05-10 08:29 - 03165184 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2017-06-13 19:33 - 2017-05-10 08:29 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2017-06-13 19:33 - 2017-05-10 08:29 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2017-06-13 19:33 - 2017-05-10 08:28 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2017-06-13 19:33 - 2017-05-10 08:13 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2017-06-13 19:33 - 2017-05-10 08:13 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2017-06-13 19:33 - 2017-05-10 08:13 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2017-06-13 19:33 - 2017-05-10 08:13 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2017-06-13 19:33 - 2017-05-10 08:13 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2017-06-13 19:33 - 2017-05-10 08:13 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2017-06-13 19:33 - 2017-05-10 08:12 - 01499648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2017-06-13 19:33 - 2017-05-10 08:12 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2017-06-13 19:33 - 2017-05-10 08:00 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2017-06-13 19:33 - 2017-05-10 08:00 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2017-06-13 19:33 - 2017-05-10 08:00 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2017-06-13 19:33 - 2017-05-10 08:00 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2017-06-13 19:33 - 2017-05-07 08:29 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2017-06-13 19:33 - 2017-03-30 08:03 - 00046080 _____ (Microsoft Corporation) C:\windows\system32\rundll32.exe
2017-06-13 19:33 - 2017-03-30 07:58 - 00045056 _____ (Microsoft Corporation) C:\windows\SysWOW64\rundll32.exe
2017-06-11 20:12 - 2017-06-11 20:12 - 00398666 _____ C:\Users\Kids\Downloads\videoplayback.mp4
2017-06-11 20:12 - 2017-06-11 20:12 - 00398666 _____ C:\Users\Kids\Downloads\videoplayback (2).mp4
2017-06-11 20:12 - 2017-06-11 20:12 - 00398666 _____ C:\Users\Kids\Downloads\videoplayback (1).mp4
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-30 19:13 - 2014-03-30 08:35 - 00000000 ____D C:\FRST
2017-06-30 19:12 - 2016-09-25 20:09 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Skype
2017-06-30 19:10 - 2013-03-24 20:12 - 00000000 ____D C:\Users\Kids\AppData\Local\Adobe
2017-06-30 19:10 - 2009-07-13 21:45 - 00020688 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-30 19:10 - 2009-07-13 21:45 - 00020688 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-30 19:09 - 2016-11-18 00:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-30 19:09 - 2016-08-16 17:47 - 00000914 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1945432696-1015937987-3417527920-1002UA.job
2017-06-30 19:06 - 2016-09-25 20:08 - 00000000 ____D C:\ProgramData\Skype
2017-06-30 19:05 - 2017-04-15 14:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-06-30 19:02 - 2016-11-26 08:17 - 00000000 ____D C:\Users\Kids\AppData\LocalLow\Mozilla
2017-06-30 19:02 - 2012-10-14 12:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-30 19:00 - 2014-07-02 23:12 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-30 18:57 - 2015-03-27 19:12 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Curse Client
2017-06-30 18:55 - 2015-02-28 11:59 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-30 18:54 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-06-30 18:49 - 2016-08-16 17:47 - 00000862 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1945432696-1015937987-3417527920-1002Core.job
2017-06-29 21:53 - 2014-09-18 07:32 - 00000000 ____D C:\Users\Kids\AppData\Local\CrashDumps
2017-06-29 21:48 - 2014-07-02 23:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-06-29 21:48 - 2014-07-02 23:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-06-28 13:19 - 2012-04-24 12:33 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-26 14:37 - 2012-11-26 10:03 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Dropbox
2017-06-24 15:17 - 2014-08-13 00:01 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-24 15:17 - 2013-01-25 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-06-24 13:15 - 2015-01-31 08:59 - 00000000 ____D C:\Users\Kids\AppData\Roaming\.technic
2017-06-24 13:01 - 2012-10-14 13:12 - 00000000 ____D C:\Users\Kids\AppData\Roaming\.minecraft
2017-06-19 20:13 - 2016-09-13 07:21 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-06-18 12:40 - 2016-10-05 06:18 - 00034128 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avusbflt.sys
2017-06-18 12:40 - 2013-03-29 16:41 - 00185032 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2017-06-18 12:40 - 2013-03-29 16:41 - 00149976 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2017-06-17 13:04 - 2009-07-13 22:13 - 00782010 _____ C:\windows\system32\PerfStringBackup.INI
2017-06-17 13:04 - 2009-07-13 20:20 - 00000000 ____D C:\windows\inf
2017-06-17 08:41 - 2012-10-14 13:00 - 00803328 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-06-17 08:41 - 2012-10-14 13:00 - 00144896 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-17 08:41 - 2012-10-14 13:00 - 00004312 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-06-17 08:40 - 2012-10-14 13:00 - 00000000 ____D C:\windows\system32\Macromed
2017-06-17 08:40 - 2012-04-24 12:26 - 00000000 ____D C:\windows\SysWOW64\Macromed
2017-06-15 15:04 - 2009-07-13 20:20 - 00000000 ____D C:\windows\rescache
2017-06-14 03:38 - 2013-03-12 21:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-14 03:38 - 2013-03-12 21:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-14 03:38 - 2009-07-13 21:45 - 00412424 _____ C:\windows\system32\FNTCACHE.DAT
2017-06-14 03:35 - 2009-07-13 20:20 - 00000000 ____D C:\windows\SysWOW64\migwiz
2017-06-14 03:35 - 2009-07-13 20:20 - 00000000 ____D C:\windows\system32\migwiz
2017-06-14 03:16 - 2013-03-12 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-13 19:10 - 2016-08-16 17:47 - 00000000 ____D C:\Users\Kids\AppData\Local\Dropbox
 
==================== Files in the root of some directories =======
 
2014-08-29 16:59 - 2014-09-07 10:23 - 0000660 _____ () C:\Users\Kids\AppData\Roaming\LiveSupport.exe_log.txt
2014-08-29 16:59 - 2014-08-29 16:59 - 0000092 _____ () C:\Users\Kids\AppData\Roaming\regsvr32.exe_log.txt
2014-02-04 21:16 - 2014-11-21 21:36 - 0021504 _____ () C:\Users\Kids\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-29 09:17 - 2014-02-09 10:17 - 0000824 _____ () C:\Users\Kids\AppData\Local\RT2870_{C55B70B6-81CD-4D1C-B948-3EE882D310EA}_prof
2014-01-29 09:17 - 2014-02-02 14:25 - 0000828 _____ () C:\Users\Kids\AppData\Local\RT2870_{C55B70B6-81CD-4D1C-B948-3EE882D310EA}_sta
2014-01-29 09:21 - 2014-02-09 10:16 - 0001001 _____ () C:\Users\Kids\AppData\Local\RT2870_{C55B70B6-81CD-4D1C-B948-3EE882D310EA}_wsc
 
Some files in TEMP:
====================
2014-02-02 11:48 - 2014-08-13 00:01 - 0000000 ____D () C:\Users\Kids\AppData\Local\Temp\avgnt.exe
2013-08-04 23:15 - 2013-08-04 23:15 - 4292136 _____ (www.Bandisoft.com) C:\Users\Kids\AppData\Local\Temp\bdfilters.dll
2016-09-25 20:27 - 2016-09-25 20:27 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\Kids\AppData\Local\Temp\BSvcProcessor.exe
2016-09-25 20:27 - 2016-09-25 20:27 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\Kids\AppData\Local\Temp\BSvcUpdater.exe
2016-08-16 17:43 - 2016-08-16 17:43 - 0043008 _____ () C:\Users\Kids\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpht4ncu.dll
2014-05-14 03:22 - 2014-05-14 03:22 - 0000000 _____ () C:\Users\Kids\AppData\Local\Temp\e6oxqekg.dll
2014-05-03 09:02 - 2009-07-13 18:15 - 0462848 _____ (Microsoft Corporation) C:\Users\Kids\AppData\Local\Temp\FirewallAPI.dll
2016-09-06 20:03 - 2016-09-06 20:03 - 0000000 _____ () C:\Users\Kids\AppData\Local\Temp\GUR7475.exe
2016-09-06 20:03 - 2016-09-06 20:03 - 0000000 _____ () C:\Users\Kids\AppData\Local\Temp\GURA3FD.exe
2016-10-19 15:24 - 2016-10-19 15:24 - 0737856 _____ (Oracle Corporation) C:\Users\Kids\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-18 16:46 - 2017-01-18 16:46 - 0739904 _____ (Oracle Corporation) C:\Users\Kids\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-04-19 20:49 - 2017-04-19 20:49 - 0739904 _____ (Oracle Corporation) C:\Users\Kids\AppData\Local\Temp\jre-8u131-windows-au.exe
2015-03-04 15:28 - 2015-03-04 15:28 - 0561576 _____ (Oracle Corporation) C:\Users\Kids\AppData\Local\Temp\jre-8u40-windows-au.exe
2014-11-21 04:17 - 2014-11-21 04:17 - 0000000 _____ () C:\Users\Kids\AppData\Local\Temp\ncjewmqd.dll
2014-10-03 17:54 - 2014-10-03 17:54 - 0465408 _____ () C:\Users\Kids\AppData\Local\Temp\OpenComputersMod-1.3.2.525-native.32.dll
2014-09-01 16:21 - 2014-09-01 16:21 - 0465408 ____N () C:\Users\Kids\AppData\Local\Temp\OpenComputersMod-1.3.3.54-native.32.dll
2014-09-21 16:57 - 2014-11-02 18:53 - 0465408 ____N () C:\Users\Kids\AppData\Local\Temp\OpenComputersMod-native.32.dll
2014-03-02 13:39 - 2014-03-13 15:13 - 0918016 _____ () C:\Users\Kids\AppData\Local\Temp\Quarantine.exe
2014-02-05 04:05 - 2014-02-05 04:05 - 0009216 _____ () C:\Users\Kids\AppData\Local\Temp\SendMsg.dll
2014-04-27 14:16 - 2014-04-27 14:16 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite.dll
2014-04-30 11:52 - 2014-04-30 11:52 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite20810.dll
2014-04-27 14:46 - 2014-04-27 14:46 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite24026.dll
2014-04-29 19:45 - 2014-04-29 19:45 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite28196.dll
2014-04-27 20:16 - 2014-04-27 20:16 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite30136.dll
2014-05-01 18:07 - 2014-05-01 18:07 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite58916.dll
2014-04-28 16:14 - 2014-04-28 16:14 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite63873.dll
2014-04-30 12:02 - 2014-04-30 12:02 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite70396.dll
2014-05-01 22:38 - 2014-05-01 22:38 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite98985.dll
2014-04-30 17:57 - 2014-04-30 17:57 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite99965.dll
2017-04-15 13:58 - 2017-04-15 13:58 - 14456872 _____ (Microsoft Corporation) C:\Users\Kids\AppData\Local\Temp\vc_redist.x86.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-24 16:24
 
==================== End of FRST.txt ============================

 

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by Kids (30-06-2017 19:16:52)
Running from C:\Users\Kids\Contacts\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-10-14 18:09:49)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1945432696-1015937987-3417527920-500 - Administrator - Disabled)
Guest (S-1-5-21-1945432696-1015937987-3417527920-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1945432696-1015937987-3417527920-1004 - Limited - Enabled)
Kids (S-1-5-21-1945432696-1015937987-3417527920-1002 - Administrator - Enabled) => C:\Users\Kids
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.0.1.188 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0_1) (Version: 18.0.1 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Apowersoft Online Launcher version 1.4.5 (HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.4.5 - APOWERSOFT LIMITED)
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.27.34 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{14d00649-a178-473f-bf48-eec016dc4bfa}) (Version: 1.2.89.29905 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{271D5399-34AF-4611-BCD9-B09185B2BBE0}) (Version: 1.2.89.29905 - Avira Operations GmbH & Co. KG) Hidden
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.2.2.1111 - Bandisoft.com)
Bandicut (HKLM-x32\...\Bandicut) (Version: 2.5.0.263 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Camtasia Studio 8 (HKLM-x32\...\{765AD29A-7EF5-4456-8F6F-83467E52AB52}) (Version: 8.4.3.1792 - TechSmith Corporation)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
CryptoPrevent v4.3.0 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Curse Client (HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version:  - NCH Software)
Dropbox (HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\Dropbox) (Version: 29.4.20 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 0978 - Ezvid, inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
iTunes (HKLM\...\{6C01A0A7-7440-4D48-93C6-2927A1E93FE6}) (Version: 12.6.0.100 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
Lenovo Driver and Application Installation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.10.3426 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.5317 - CyberLink Corp.) Hidden
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.5317 - CyberLink Corp.)
Lenovo Rescue System (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)
LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.3.0309 - Lenovo)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Medialink MWN-USB150N (HKLM-x32\...\{34E93A7F-599F-4BBB-B2A1-4FCE77971AB9}) (Version: 1.00.0000 - Medialink)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 54.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 en-US)) (Version: 54.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.0.6368 - Mozilla)
PC Tech Hotline (HKLM-x32\...\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1) (Version: 3.0.0.4 - Crawler, LLC) <==== ATTENTION
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 7.6.8.66 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6334 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Robocraft version 0.3.290 (HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\{9F101691-69D3-422E-BB5C-8CAD7110781B}_is1) (Version: 0.3.290 - Freejam)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
SRecorder (HKLM-x32\...\SRecorder_is1) (Version: 2.0.0.0 - SRecorder Company)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Techne - 1  (HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\...\244a1e8693fd9c7e) (Version: 1.3.0.15 - ZeuX and r4wk)
Total War: ROME II - Emperor Edition (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version:  - NCH Software)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.22-5 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)
Windows Driver Package - Advanced Micro Devices, Inc System  (04/15/2010 5.12.0.13) (HKLM\...\219D5BE6B14468E687B5EFF7979E68AA355A5299) (Version: 04/15/2010 5.12.0.13 - Advanced Micro Devices, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0A928C5C-315B-49E5-AAA9-307A541ACF90} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {2CF063DF-68C5-4F5E-9F23-742A29EB3BC6} - System32\Tasks\AdobeAAMUpdater-1.0-MisterMagic-Kids => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {62FD249F-EAA2-46DC-A1A7-0F9779FDEFFF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1945432696-1015937987-3417527920-1002UA => C:\Users\Kids\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-08-16] (Dropbox, Inc.)
Task: {63590C8E-D0BE-4E98-922D-709118EEE9EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-16] (Google Inc.)
Task: {798B20EA-3592-4F58-AF62-4B3E78D5D326} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1945432696-1015937987-3417527920-1002Core => C:\Users\Kids\AppData\Local\Google\Update\GoogleUpdate.exe [2016-08-16] (Google Inc.)
Task: {7BB8C16D-576B-43D4-975B-A925A5A1A8EC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {989254BA-49C8-4349-9512-94F7BF64FD5B} - System32\Tasks\Information-firefoxinstaller => C:\Program Files (x86)\Information\Information-firefoxinstaller.exe <==== ATTENTION
Task: {99567155-FDAD-44B5-9066-7D7FF9FFBE3F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-17] (Adobe Systems Incorporated)
Task: {C9D71317-FA0F-4856-B676-BC8399A62A3D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-16] (Google Inc.)
Task: {CD08F7F7-CD34-43F3-B9D5-CEC5BEA2703A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1945432696-1015937987-3417527920-1002UA => C:\Users\Kids\AppData\Local\Google\Update\GoogleUpdate.exe [2016-08-16] (Google Inc.)
Task: {D2DBA4BF-2D5B-4DA5-ADDA-AF1C54146154} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1945432696-1015937987-3417527920-1002Core => C:\Users\Kids\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-08-16] (Dropbox, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1945432696-1015937987-3417527920-1002Core.job => C:\Users\Kids\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1945432696-1015937987-3417527920-1002UA.job => C:\Users\Kids\AppData\Local\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Kids\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-03-27 12:20 - 2017-03-27 12:20 - 01354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-03-27 12:20 - 2017-03-27 12:20 - 00092472 _____ () C:\Program Files\iTunes\zlib1.dll
2014-01-29 09:00 - 2009-08-21 16:44 - 02281488 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
2017-03-16 16:08 - 2017-03-16 16:08 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-16 16:08 - 2017-03-16 16:08 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-04-24 11:31 - 2011-03-15 20:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2012-04-24 11:31 - 2011-05-17 13:54 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2011-08-18 16:44 - 2011-08-18 16:44 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-03-14 14:21 - 2011-03-14 14:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-08-18 17:03 - 2011-08-18 17:03 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2016-09-24 16:20 - 2016-09-24 16:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-10-25 09:57 - 2016-10-25 09:57 - 31723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2017-06-28 13:19 - 2017-06-22 20:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-28 13:19 - 2017-06-22 20:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2016-10-21 13:38 - 2017-05-23 10:04 - 01658312 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-01-29 09:00 - 2007-12-06 11:24 - 01167360 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\acAuth.dll
2014-01-29 09:00 - 2009-04-06 16:27 - 00098304 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllPublicFunc.dll
2014-01-29 09:00 - 2009-01-05 21:12 - 00159744 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllCommonCtrl.dll
2014-01-29 09:00 - 2009-04-06 16:27 - 00032768 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllMultiLanguage.dll
2014-08-29 16:59 - 2012-01-24 01:41 - 13675008 _____ () C:\Program Files (x86)\SRecorder\avcodec-53.dll
2014-08-29 16:59 - 2012-01-24 01:41 - 00139776 _____ () C:\Program Files (x86)\SRecorder\avutil-51.dll
2014-08-29 16:59 - 2012-01-24 01:41 - 02516992 _____ () C:\Program Files (x86)\SRecorder\avformat-53.dll
2014-08-29 16:59 - 2012-01-24 01:41 - 00302080 _____ () C:\Program Files (x86)\SRecorder\swscale-2.dll
2009-12-04 16:59 - 2009-12-04 16:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 17:04 - 2009-12-04 17:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2012-04-24 11:31 - 2011-05-17 13:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2017-06-26 14:37 - 2017-06-26 03:27 - 00801600 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2017-06-26 14:37 - 2017-06-26 03:27 - 01787200 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2017-06-13 19:14 - 2017-06-26 03:26 - 00100296 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00018888 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\select.pyd
2017-06-13 19:14 - 2017-06-26 03:29 - 00019776 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00035792 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2017-06-26 14:37 - 2017-06-26 03:28 - 00020824 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00123856 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00694224 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 01729360 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 00020816 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-06-26 14:37 - 2017-06-26 03:26 - 00145864 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-06-26 14:37 - 2017-06-26 03:26 - 00019408 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2017-06-26 14:37 - 2017-06-26 03:27 - 00116688 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2017-06-13 19:14 - 2017-06-26 03:26 - 00105928 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\win32api.pyd
2017-06-13 19:14 - 2017-06-26 03:30 - 00022864 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 00060736 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 00038712 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00024528 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\win32event.pyd
2017-06-26 14:37 - 2017-06-26 03:27 - 00392656 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-06-26 14:37 - 2017-06-26 03:26 - 00020936 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00116176 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\win32security.pyd
2017-06-13 19:14 - 2017-06-26 03:29 - 00392512 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00124880 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\win32file.pyd
2017-06-13 19:14 - 2017-06-26 03:30 - 00026456 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00024016 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00175560 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\win32gui.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00030160 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00043472 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\win32process.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00048592 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\win32service.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00057808 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00024016 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-06-26 14:37 - 2017-06-26 03:28 - 00022336 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-06-13 19:14 - 2017-06-26 03:30 - 00082264 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2017-06-13 19:14 - 2017-06-26 03:30 - 00025432 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2017-06-26 14:37 - 2017-06-26 03:28 - 00246608 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 00027488 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 03928896 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00083912 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\sip.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 01826104 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 01972024 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00028616 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 00171336 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 00042816 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 00531264 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 00133432 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 00224064 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 00207680 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00060880 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-06-13 19:14 - 2017-06-26 03:30 - 00054608 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2017-06-13 19:14 - 2017-06-26 03:30 - 00022864 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-06-13 19:14 - 2017-06-26 03:30 - 00022872 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-06-13 19:14 - 2017-06-26 03:30 - 00021848 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-06-13 19:14 - 2017-06-26 03:30 - 00022872 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2017-06-13 19:14 - 2017-06-26 03:26 - 00349128 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2017-06-13 19:14 - 2017-06-26 03:30 - 00023896 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 00025936 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-06-26 14:37 - 2017-06-26 03:27 - 00036296 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\librsync.dll
2017-06-26 14:37 - 2017-06-26 03:29 - 00084288 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-06-13 19:14 - 2017-06-26 03:30 - 00030536 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2017-06-26 14:37 - 2017-06-26 03:27 - 00017864 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\libEGL.dll
2017-06-26 14:37 - 2017-06-26 03:27 - 01631184 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-06-13 19:14 - 2017-06-26 03:30 - 00026456 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-06-13 19:14 - 2017-06-26 03:29 - 00023368 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\wincrashpad.compiled._Crashpad.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 00546104 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2017-06-26 14:37 - 2017-06-26 03:29 - 00357688 _____ () C:\Users\Kids\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2017-03-14 08:31 - 2017-03-14 08:31 - 52051544 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-11-24 09:37 - 2016-08-19 17:12 - 00149352 _____ () C:\Program Files (x86)\Razer\Razer Cortex\SimbaDeviceControl.dll
2017-01-25 20:07 - 2017-01-25 20:07 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-01-25 20:07 - 2017-01-25 20:07 - 00214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-01-25 20:06 - 2017-01-25 20:06 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2017-01-25 20:07 - 2017-01-25 20:07 - 00125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-03-14 08:35 - 2017-03-14 08:35 - 00110680 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin7.dll
2017-01-25 20:07 - 2017-01-25 20:07 - 00086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-12-10 10:28 - 2017-04-15 13:54 - 01950528 _____ () C:\Users\Kids\AppData\Roaming\Curse Client\Bin\Electron\ffmpeg.dll
2017-05-31 11:41 - 2017-05-31 11:41 - 01982976 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 _____ C:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6CB7C06C-290A-40F1-A525-80671B9CA186}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{98CB6D8B-DB8C-446C-BD88-9988BA827108}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{687D948C-796C-4C7D-947C-DF353AA218D6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{8ABC2225-1B51-404A-B3BB-4EECE5F012B7}] => (Allow) LPort=2869
FirewallRules: [{F0E1E06C-FB8B-4047-B8FC-BCE89F8215C6}] => (Allow) LPort=1900
FirewallRules: [{FF5D4BDC-1F2B-4416-949B-D06F8CD9CF34}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B9E4A9CE-CC95-4982-BAA9-40B43EF2B4E6}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{F7D7D3D0-4E89-4296-B196-AC53A0641E88}] => (Allow) C:\Users\Kids\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{ADA73739-86DD-4BE4-AD4A-231D8B43105D}] => (Allow) C:\Users\Kids\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{8BC81107-B50D-4433-8883-33AD11C90073}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{28717F9D-6D81-4E0D-BD53-F8EEAD45C236}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{7DDC119A-D4B7-47E2-A7C9-04836F302B60}C:\users\kids\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kids\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{CA8F0D62-A712-443C-8577-058A1E1274B5}C:\users\kids\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kids\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{9FC835A9-00B1-4BD6-AC2A-64858E637E90}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{3B0F5EE4-59E9-41A7-92E3-DF66D2D5306E}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{AC750C32-8880-405A-8E44-7F90EB0BC0BB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{22703913-D0C0-40BD-88EB-3BBD75C53977}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{878C2951-FA0F-4E8D-95DF-EB76FFF08FDD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AE07E5DD-74A1-4585-B125-9939875EE309}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{17A9B73A-43BF-421F-9ED7-FC908A8200FD}] => (Allow) LPort=8317
FirewallRules: [{111F22BA-DB79-4D59-BDA9-4FB1E7271619}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{401A3AD0-001D-4F1E-9D95-A8980DE88CBC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{36DFB148-84B0-424E-892E-4569044333BD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6CE2D809-93D1-4244-A807-6150F14A548D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4B4C73A1-00ED-42C9-80A3-5B49DB9E468D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2AB81EDB-4953-4060-AAA1-CFBA14056785}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A2174C1D-FE0E-494D-B8A5-27DA355562FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{E7FD324D-CC3B-48BD-88E9-9F141906B9D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D7A2F173-BCA0-45FD-992D-FAC8ED556C10}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{156C44F4-8E00-42BB-A625-2C19A4A73C3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{C8F9E40E-982A-4A2C-B989-502B4CFECAD4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{18EE7B87-F865-460E-9266-7DE1B31164CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{BD975D78-5CAA-42EF-8C6D-8651E1F65800}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{A39E8EE1-D95F-4893-B06B-585955084FA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{CC830ED9-67F2-4FA4-8F0A-452E3BB3364A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2224D0D2-4406-4AFB-8F6E-6BA47C81CFDE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{38EEE6D5-0E56-4FCB-B3F0-11733342F0AC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0D43595A-5174-4992-9C3E-087A770B201C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{59C94222-6054-47CA-B854-1090B96FC83D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F64EC445-7633-415C-97B6-0A33EFE12CF2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E1C8079E-B222-47D2-8D97-5724D9BC48E6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2A6026D7-302C-4480-BF96-B4207BB23E42}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{DA5FD1CE-E87B-4A79-8E4C-54AA84E5020B}] => (Allow) C:\Users\Kids\Contacts\Desktop\stuff\TechnicLauncher (1).exe
FirewallRules: [{20C61E05-5B1B-4F54-99D0-0A2411B2ED4F}] => (Allow) C:\Users\Kids\Contacts\Desktop\stuff\TechnicLauncher (1).exe
FirewallRules: [{86C43BE7-54A2-403B-B415-7E594E4A01D0}] => (Allow) C:\Users\Kids\Contacts\Desktop\stuff\TechnicLauncher (1).exe
FirewallRules: [{49CFDB60-CAF2-4AD3-A0FB-8DF4DAD1F54C}] => (Allow) C:\Users\Kids\Contacts\Desktop\stuff\TechnicLauncher (1).exe
FirewallRules: [{52FA0B28-E03A-45A6-9C31-9E49AFAA3AC3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
21-06-2017 06:49:22 Scheduled Checkpoint
29-06-2017 00:00:05 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/30/2017 06:56:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/30/2017 12:02:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 59047
 
Error: (06/30/2017 12:02:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 59047
 
Error: (06/30/2017 12:02:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/30/2017 12:02:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 49421
 
Error: (06/30/2017 12:02:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 49421
 
Error: (06/30/2017 12:02:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/30/2017 12:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 39437
 
Error: (06/30/2017 12:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 39437
 
Error: (06/30/2017 12:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (06/30/2017 07:02:50 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E0A66E06-343B-4876-8458-EAFC05969EE4}.
The backup browser is stopping.
 
Error: (06/30/2017 06:57:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/30/2017 06:54:42 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:53:19 PM on ‎6/‎30/‎2017 was unexpected.
 
Error: (06/30/2017 06:52:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RpcSs service.
 
Error: (06/30/2017 06:51:56 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E0A66E06-343B-4876-8458-EAFC05969EE4}.
The backup browser is stopping.
 
Error: (06/30/2017 06:51:35 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
 
Error: (06/30/2017 06:51:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.
 
Error: (06/30/2017 06:50:35 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RpcSs service.
 
Error: (06/30/2017 06:50:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
 
Error: (06/30/2017 06:49:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
 
==================== Memory info =========================== 
 
Processor: AMD A4-3420 APU with Radeon™ HD Graphics
Percentage of memory in use: 66%
Total physical RAM: 5626.02 MB
Available physical RAM: 1869.23 MB
Total Virtual: 11250.2 MB
Available Virtual: 5850.38 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:440.59 GB) (Free:279.82 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 82BC915B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=440.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)
 
==================== End of Addition.txt ============================

Edited by Nayung116, 30 June 2017 - 08:38 PM.

  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,652 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Programs to uninstall
PC Tech Hotline


Next

Download AdwCleaner from here. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
iO5EZayK.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

  • 0

#3
Nayung116

Nayung116

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

I was unable to find the program "Pc Tech Hotline," here is the adwcleaner repot

 

 

# AdwCleaner v6.047 - Logfile created 01/07/2017 at 09:23:50
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-29.3 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Kids - MISTERMAGIC
# Running from : C:\Users\Kids\Contacts\Desktop\adwcleaner_6.047.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveSupport
[-] Folder deleted: C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\Kids\AppData\Roaming\LiveSupport.exe_log.txt
[-] File deleted: C:\Users\Kids\AppData\Roaming\regsvr32.exe_log.txt
[-] File deleted: C:\Users\Kids\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\xVidly.lnk
[-] File deleted: C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_amfclgbdpgndipgoegfpkkgobahigbcl_0.localstorage
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a37804e0-4c35-486f-9197-5b486daf6aa6}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\Software\Information
[-] Key deleted: HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Information
[-] Key deleted: HKU\S-1-5-19\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key deleted: HKU\S-1-5-20\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key deleted: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\Software\LiveSupport
[-] Key deleted: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\Software\Optimizer Pro
[-] Key deleted: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\Software\PCTechHotline
[-] Key deleted: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\Software\AVSoftware
[-] Key deleted: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key deleted: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\Software\AppDataLow\Software\Information
[-] Key deleted: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Information
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\Software\Information
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Information
[#] Key deleted on reboot: HKCU\Software\LiveSupport
[#] Key deleted on reboot: HKCU\Software\Optimizer Pro
[#] Key deleted on reboot: HKCU\Software\PCTechHotline
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\AVSoftware
[#] Key deleted on reboot: HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Information
[-] Key deleted: HKLM\SOFTWARE\Information
[-] Key deleted: HKLM\SOFTWARE\PCTechHotline
[-] Key deleted: HKLM\SOFTWARE\VBMZ
[-] Key deleted: HKLM\SOFTWARE\AVSoftware
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1
[#] Key deleted on reboot: [x64] HKCU\Software\LiveSupport
[#] Key deleted on reboot: [x64] HKCU\Software\Optimizer Pro
[#] Key deleted on reboot: [x64] HKCU\Software\PCTechHotline
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\AVSoftware
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Information
[-] Key deleted: [x64] HKLM\SOFTWARE\AVSoftware
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95}
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
 
 
***** [ Web browsers ] *****
 
[-] Firefox preferences cleaned: "extensions.ace85a36c113a4928aa8688a31bd595e7aa144f8ac1f6481f991c18bf0472c970com50368.50368.internaldb.monetization_plugin_bundledUrls.value" -  "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3A%7B%22urls%22%3A%5B%22i_crdrjs_info%22%2C%22i.crdrjs.info%22%5D%7D%2C%22plushd_v%22%3A%7B%22urls%22%3A%5B%22i_crdrjs_info%22%2C%22i.crdrjs.info%22%5D%7D%2C%2250onred_s%22%3A%7B%22urls%22%3A%5B%22giganticsavings-a.akamaihd.net/loaders/%5BA-Z%2Ca-z%2C0-9%5D+/l.js%22%5D%7D%2C%2250onred_v%22%3A%7B%22urls%22%3A%5B%22beecoup-a.akamaihd.net/loaders/%5BA-Z%2Ca-z%2C0-9%5D+/l.js%22%5D%7D%2C%22revizer_s%22%3A%7B%22urls%22%3A%5B%22gim.mapopti.net%22%5D%7D%2C%22sterkly_s%22%3A%7B%22urls%22%3A%5B%22wac.edgecastcdn.net/800952/4d2cc865-d951-4ee0-addf-e4a06284de74%22%5D%7D%7D"
[-] Firefox preferences cleaned: "extensions.ace85a36c113a4928aa8688a31bd595e7aa144f8ac1f6481f991c18bf0472c970com50368.50368.publisher" -  "VisualBee"
[-] [C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: fcfenmboojpjinhpgggodefccipikbpd
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [6500 Bytes] - [01/07/2017 09:23:50]
C:\AdwCleaner\AdwCleaner[R0].txt - [12499 Bytes] - [30/03/2014 07:56:56]
C:\AdwCleaner\AdwCleaner[R1].txt - [3922 Bytes] - [03/05/2014 08:24:47]
C:\AdwCleaner\AdwCleaner[R2].txt - [1780 Bytes] - [22/05/2014 21:28:19]
C:\AdwCleaner\AdwCleaner[S0].txt - [12254 Bytes] - [30/03/2014 07:58:22]
C:\AdwCleaner\AdwCleaner[S1].txt - [3907 Bytes] - [03/05/2014 08:26:03]
C:\AdwCleaner\AdwCleaner[S2].txt - [1857 Bytes] - [22/05/2014 21:28:53]
C:\AdwCleaner\AdwCleaner[S3].txt - [6464 Bytes] - [01/07/2017 09:22:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [7086 Bytes] ##########

  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,652 posts
Looks like adwCleaner got the pc tech program.

Download the enclosed => file.Attached File  fixlist.txt   9.43KB   19 downloads Save it in the location FRST64 is. Run FRST and click on the Fix button. Wait until finished.

The tool will make a log in the location FRST is, (Fixlog.txt). Please post it to your reply.
  • 0

#5
Nayung116

Nayung116

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by Kids (01-07-2017 10:06:58) Run:4
Running from C:\Users\Kids\Contacts\Desktop
Loaded Profiles: Kids (Available Profiles: Kids)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll -> No File
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (No File)
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LEND&bmod=LEND
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
2014-02-02 11:48 - 2014-08-13 00:01 - 0000000 ____D () C:\Users\Kids\AppData\Local\Temp\avgnt.exe
2013-08-04 23:15 - 2013-08-04 23:15 - 4292136 _____ (www.Bandisoft.com) C:\Users\Kids\AppData\Local\Temp\bdfilters.dll
2016-09-25 20:27 - 2016-09-25 20:27 - 1118360 _____ (� 2015 Microsoft Corporation) C:\Users\Kids\AppData\Local\Temp\BSvcProcessor.exe
2016-09-25 20:27 - 2016-09-25 20:27 - 0170128 _____ (� 2015 Microsoft Corporation) C:\Users\Kids\AppData\Local\Temp\BSvcUpdater.exe
2016-08-16 17:43 - 2016-08-16 17:43 - 0043008 _____ () C:\Users\Kids\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpht4ncu.dll
2014-05-14 03:22 - 2014-05-14 03:22 - 0000000 _____ () C:\Users\Kids\AppData\Local\Temp\e6oxqekg.dll
2014-05-03 09:02 - 2009-07-13 18:15 - 0462848 _____ (Microsoft Corporation) C:\Users\Kids\AppData\Local\Temp\FirewallAPI.dll
2016-09-06 20:03 - 2016-09-06 20:03 - 0000000 _____ () C:\Users\Kids\AppData\Local\Temp\GUR7475.exe
2016-09-06 20:03 - 2016-09-06 20:03 - 0000000 _____ () C:\Users\Kids\AppData\Local\Temp\GURA3FD.exe
2016-10-19 15:24 - 2016-10-19 15:24 - 0737856 _____ (Oracle Corporation) C:\Users\Kids\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-18 16:46 - 2017-01-18 16:46 - 0739904 _____ (Oracle Corporation) C:\Users\Kids\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-04-19 20:49 - 2017-04-19 20:49 - 0739904 _____ (Oracle Corporation) C:\Users\Kids\AppData\Local\Temp\jre-8u131-windows-au.exe
2015-03-04 15:28 - 2015-03-04 15:28 - 0561576 _____ (Oracle Corporation) C:\Users\Kids\AppData\Local\Temp\jre-8u40-windows-au.exe
2014-11-21 04:17 - 2014-11-21 04:17 - 0000000 _____ () C:\Users\Kids\AppData\Local\Temp\ncjewmqd.dll
2014-10-03 17:54 - 2014-10-03 17:54 - 0465408 _____ () C:\Users\Kids\AppData\Local\Temp\OpenComputersMod-1.3.2.525-native.32.dll
2014-09-01 16:21 - 2014-09-01 16:21 - 0465408 ____N () C:\Users\Kids\AppData\Local\Temp\OpenComputersMod-1.3.3.54-native.32.dll
2014-09-21 16:57 - 2014-11-02 18:53 - 0465408 ____N () C:\Users\Kids\AppData\Local\Temp\OpenComputersMod-native.32.dll
2014-03-02 13:39 - 2014-03-13 15:13 - 0918016 _____ () C:\Users\Kids\AppData\Local\Temp\Quarantine.exe
2014-02-05 04:05 - 2014-02-05 04:05 - 0009216 _____ () C:\Users\Kids\AppData\Local\Temp\SendMsg.dll
2014-04-27 14:16 - 2014-04-27 14:16 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite.dll
2014-04-30 11:52 - 2014-04-30 11:52 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite20810.dll
2014-04-27 14:46 - 2014-04-27 14:46 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite24026.dll
2014-04-29 19:45 - 2014-04-29 19:45 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite28196.dll
2014-04-27 20:16 - 2014-04-27 20:16 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite30136.dll
2014-05-01 18:07 - 2014-05-01 18:07 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite58916.dll
2014-04-28 16:14 - 2014-04-28 16:14 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite63873.dll
2014-04-30 12:02 - 2014-04-30 12:02 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite70396.dll
2014-05-01 22:38 - 2014-05-01 22:38 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite98985.dll
2014-04-30 17:57 - 2014-04-30 17:57 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite99965.dll
2017-04-15 13:58 - 2017-04-15 13:58 - 14456872 _____ (Microsoft Corporation) C:\Users\Kids\AppData\Local\Temp\vc_redist.x86.exe
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File
CustomCLSID: HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Kids\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll => No File 
Task: {989254BA-49C8-4349-9512-94F7BF64FD5B} - System32\Tasks\Information-firefoxinstaller => C:\Program Files (x86)\Information\Information-firefoxinstaller.exe <==== ATTENTION
C:\Program Files (x86)\Information
CMD: bitsadmin /reset /allusers
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt1 => key removed successfully
HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt10 => key removed successfully
HKLM\Software\Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt2 => key removed successfully
HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt3 => key removed successfully
HKLM\Software\Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt4 => key removed successfully
HKLM\Software\Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt5 => key removed successfully
HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt6 => key removed successfully
HKLM\Software\Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt7 => key removed successfully
HKLM\Software\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt8 => key removed successfully
HKLM\Software\Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt9 => key removed successfully
HKLM\Software\Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1 => key removed successfully
HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2 => key removed successfully
HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3 => key removed successfully
HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4 => key removed successfully
HKLM\Software\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe => not found.
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\System\CurrentControlSet\Services\wacommousefilter => key removed successfully
wacommousefilter => service removed successfully
HKLM\System\CurrentControlSet\Services\wacomvhid => key removed successfully
wacomvhid => service removed successfully
C:\Users\Kids\AppData\Local\Temp\avgnt.exe => moved successfully
C:\Users\Kids\AppData\Local\Temp\bdfilters.dll => moved successfully
C:\Users\Kids\AppData\Local\Temp\BSvcProcessor.exe => moved successfully
C:\Users\Kids\AppData\Local\Temp\BSvcUpdater.exe => moved successfully
C:\Users\Kids\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpht4ncu.dll => moved successfully
C:\Users\Kids\AppData\Local\Temp\e6oxqekg.dll => moved successfully
C:\Users\Kids\AppData\Local\Temp\FirewallAPI.dll => moved successfully
C:\Users\Kids\AppData\Local\Temp\GUR7475.exe => moved successfully
C:\Users\Kids\AppData\Local\Temp\GURA3FD.exe => moved successfully
C:\Users\Kids\AppData\Local\Temp\jre-8u111-windows-au.exe => moved successfully
C:\Users\Kids\AppData\Local\Temp\jre-8u121-windows-au.exe => moved successfully
C:\Users\Kids\AppData\Local\Temp\jre-8u131-windows-au.exe => moved successfully
C:\Users\Kids\AppData\Local\Temp\jre-8u40-windows-au.exe => moved successfully
C:\Users\Kids\AppData\Local\Temp\ncjewmqd.dll => moved successfully
C:\Users\Kids\AppData\Local\Temp\OpenComputersMod-1.3.2.525-native.32.dll => moved successfully
C:\Users\Kids\AppData\Local\Temp\OpenComputersMod-1.3.3.54-native.32.dll => moved successfully
C:\Users\Kids\AppData\Local\Temp\OpenComputersMod-native.32.dll => moved successfully
C:\Users\Kids\AppData\Local\Temp\Quarantine.exe => moved successfully
C:\Users\Kids\AppData\Local\Temp\SendMsg.dll => moved successfully
C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite.dll => moved successfully
C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite20810.dll => moved successfully
C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite24026.dll => moved successfully
C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite28196.dll => moved successfully
C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite30136.dll => moved successfully
C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite58916.dll => moved successfully
C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite63873.dll => moved successfully
C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite70396.dll => moved successfully
C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite98985.dll => moved successfully
C:\Users\Kids\AppData\Local\Temp\System.Data.SQLite99965.dll => moved successfully
C:\Users\Kids\AppData\Local\Temp\vc_redist.x86.exe => moved successfully
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => key removed successfully
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKU\S-1-5-21-1945432696-1015937987-3417527920-1002_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{989254BA-49C8-4349-9512-94F7BF64FD5B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{989254BA-49C8-4349-9512-94F7BF64FD5B} => key removed successfully
C:\windows\System32\Tasks\Information-firefoxinstaller => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Information-firefoxinstaller => key removed successfully
"C:\Program Files (x86)\Information" => not found.
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {BAE1A37D-7F97-423E-9E16-8D79BA9E5C58}.
{6B61D9DA-4B4A-4C8B-8E9E-A0325620EB37} canceled.
1 out of 2 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 65633536 B
Java, Flash, Steam htmlcache => 139285893 B
Windows/system/drivers => 343670472 B
Edge => 0 B
Chrome => 538245568 B
Firefox => 216545442 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 49808 B
systemprofile32 => 66356 B
LocalService => 0 B
NetworkService => 0 B
Kids => 1258233538 B
 
RecycleBin => 148628440 B
EmptyTemp: => 2.5 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 10:12:31 ====

  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,652 posts
Hello 2 more scans to run JRT and Malwarebytes.

Next
  • Please download Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

    Next
    • Please download Malwarebytes Anti-Malware to your desktop.
    • Double-click mbam-setup-version.exe and follow the prompts to install the program.
    • Launch Malwarebytes Anti-Malware
    • Then click Finish.
    • If an update is found, you will be prompted to download and install the latest version.
    • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
    • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
    • Reboot your computer if prompted.
    Posting the Malwarebytes log.
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • post that saved log to your next reply.
    In your next reply post;
  • The JRT.txt Log
  • Malwarebytes log

  • 0

#7
Nayung116

Nayung116

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

I'm not sure what to post for the AdwCleaner [C1].txt Log

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Home Premium x64 
Ran by Kids (Administrator) on Sun 07/02/2017 at 18:33:12.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 11 
 
Successfully deleted: C:\Users\Kids\AppData\Local\{59E6C722-A035-4935-AA7A-D16677D3A028} (Empty Folder)
Successfully deleted: C:\Users\Kids\AppData\Local\{A237D359-D719-4673-9C23-A03B0844A939} (Empty Folder)
Successfully deleted: C:\Users\Kids\AppData\Local\{CE5FBDE0-74B4-4700-9DFA-F3C2032B35B4} (Empty Folder)
Successfully deleted: C:\Users\Kids\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NU1HNM1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Kids\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HS4AC2XI (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Kids\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L33ACREP (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Kids\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z32Z7AG3 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NU1HNM1 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HS4AC2XI (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L33ACREP (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z32Z7AG3 (Temporary Internet Files Folder) 
 
 
 
Registry: 2 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/02/2017 at 18:37:51.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
 
 
 
 
Malwarebytes log:
 
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 7/2/17
Scan Time: 7:10 PM
Log File: boop.txt
Administrator: Yes
 
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2280
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: MisterMagic\Kids
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 357226
Threats Detected: 25
Threats Quarantined: 25
Time Elapsed: 8 min, 25 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 12
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7054E672-778C-4582-94E9-56A07B85591C}, Quarantined, [249], [237509],1.0.2280
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7054e672-778c-4582-94e9-56a07b85591c}, Quarantined, [249], [237509],1.0.2280
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B353D28D-147E-47C1-9A5C-07A62DD50861}, Quarantined, [249], [237508],1.0.2280
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{b353d28d-147e-47c1-9a5c-07a62dd50861}, Quarantined, [249], [237508],1.0.2280
PUP.Optional.CrossRider, HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{27B5A3EE-1E99-4DD5-A89A-B497D0213470}, Quarantined, [249], [237487],1.0.2280
PUP.Optional.CrossRider, HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7054e672-778c-4582-94e9-56a07b85591c}, Quarantined, [249], [237487],1.0.2280
PUP.Optional.CrossRider, HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{70C71212-9E49-4584-B882-A110CB45FC78}, Quarantined, [249], [237488],1.0.2280
PUP.Optional.CrossRider, HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{a37804e0-4c35-486f-9197-5b486daf6aa6}, Quarantined, [249], [237488],1.0.2280
PUP.Optional.CrossRider, HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{b353d28d-147e-47c1-9a5c-07a62dd50861}, Quarantined, [249], [237486],1.0.2280
PUP.Optional.CrossRider, HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D879CF14-9E9F-43B0-98B1-99CF3CD61087}, Quarantined, [249], [237488],1.0.2280
PUP.Optional.CrossRider, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555035568}, Quarantined, [249], [324197],1.0.2280
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{a37804e0-4c35-486f-9197-5b486daf6aa6}, Quarantined, [249], [237510],1.0.2280
 
Registry Value: 13
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7054e672-778c-4582-94e9-56a07b85591c}|APPNAME, Quarantined, [249], [237509],1.0.2280
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{b353d28d-147e-47c1-9a5c-07a62dd50861}|APPNAME, Quarantined, [249], [237508],1.0.2280
PUP.Optional.CrossRider.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|INFORMATION-BG.EXE, Quarantined, [1022], [260099],1.0.2280
PUP.Optional.CrossRider, HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{27B5A3EE-1E99-4DD5-A89A-B497D0213470}|APPNAME, Quarantined, [249], [237487],1.0.2280
PUP.Optional.CrossRider, HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7054e672-778c-4582-94e9-56a07b85591c}|APPNAME, Quarantined, [249], [237487],1.0.2280
PUP.Optional.CrossRider, HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{70C71212-9E49-4584-B882-A110CB45FC78}|APPNAME, Quarantined, [249], [237488],1.0.2280
PUP.Optional.CrossRider, HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{a37804e0-4c35-486f-9197-5b486daf6aa6}|APPNAME, Quarantined, [249], [237488],1.0.2280
PUP.Optional.CrossRider, HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{b353d28d-147e-47c1-9a5c-07a62dd50861}|APPNAME, Quarantined, [249], [237486],1.0.2280
PUP.Optional.CrossRider, HKU\S-1-5-21-1945432696-1015937987-3417527920-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D879CF14-9E9F-43B0-98B1-99CF3CD61087}|APPNAME, Quarantined, [249], [237488],1.0.2280
PUP.Optional.CrossRider, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555035568}|, Quarantined, [249], [324197],1.0.2280
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7054e672-778c-4582-94e9-56a07b85591c}|APPNAME, Quarantined, [249], [237509],1.0.2280
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{a37804e0-4c35-486f-9197-5b486daf6aa6}|APPNAME, Quarantined, [249], [237510],1.0.2280
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{b353d28d-147e-47c1-9a5c-07a62dd50861}|APPNAME, Quarantined, [249], [237508],1.0.2280
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

Edited by Nayung116, 02 July 2017 - 08:26 PM.

  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,652 posts
Hello,

I'm not sure what to post for the AdwCleaner [C1].txt Log

That was my typo sorry about that.

We should be running better now. If not what issues remain and in what browser ? Run the computer for a while and let me know.
  • 0

#9
Nayung116

Nayung116

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Yes, my computer seems to be running much better now.


  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,652 posts
Hello,

We need to remove the tools we used and then close the topic.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

Why we need to remove some of our tools:
Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight. They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.


Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0

#11
Nayung116

Nayung116

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
# DelFix v1.010 - Logfile created 04/07/2017 at 08:52:13
# Updated 26/04/2015 by Xplode
# Username : Kids - MISTERMAGIC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Kids\Contacts\Desktop\Addition.txt
Deleted : C:\Users\Kids\Contacts\Desktop\adwcleaner_6.047.exe
Deleted : C:\Users\Kids\Contacts\Desktop\Fixlog.txt
Deleted : C:\Users\Kids\Contacts\Desktop\FRST.txt
Deleted : C:\Users\Kids\Contacts\Desktop\FRST64.exe
Deleted : C:\Users\Kids\Contacts\Desktop\JRT.exe
Deleted : C:\Users\Kids\Contacts\Desktop\JRT.txt
Deleted : C:\Users\Kids\Downloads\adwcleaner_3.210.exe
Deleted : C:\Users\Kids\Downloads\adwcleaner_6.047 (1).exe
Deleted : C:\Users\Kids\Downloads\adwcleaner_6.047.exe
Deleted : C:\Users\Kids\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Kids\Downloads\FRST64.exe
Deleted : C:\Users\Kids\Downloads\JRT (1).exe
Deleted : C:\Users\Kids\Downloads\JRT.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Cleaning system restore ...
 
Deleted : RP #225 [Scheduled Checkpoint | 06/21/2017 13:49:22]
Deleted : RP #226 [Scheduled Checkpoint | 06/29/2017 07:00:05]
Deleted : RP #228 [Restore Point Created by FRST | 07/01/2017 17:07:10]
Deleted : RP #229 [Windows Update | 07/02/2017 10:00:26]
Deleted : RP #230 [JRT Pre-Junkware Removal | 07/03/2017 01:33:13]
Deleted : RP #231 [Windows Update | 07/03/2017 10:00:27]
Deleted : RP #232 [Windows Update | 07/04/2017 10:00:57]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,652 posts
Looks good, if there are no further issues we can close the topic.

Thanks
Joe
  • 0

#13
Nayung116

Nayung116

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Thank you for all your help!  :)


  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,652 posts
You're welcome !

You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP