Solved The Viking has new computer problems

[The Viking]

Hi Broni,

I posted the following on the general forums page a week ago ... there were a few replies from some members, but no attempt to clean or fix my computer were made.

You have helped me in the past and I'm sure I could use your help again. As usual, I have no idea how I got infected again.

Original post:
https://www.techspot.com/community/topics/files-wont-open-in-windows-7.235995/#post-1609386

I've had computer problems for the past 2 weeks ... some of the symptoms are (These happen intermittently):

- Can't open Task Manager by double clicking task bar.
- Can't open Hearts or other files and games in Start menu.
- Avast presents with "We're embarrassed ... can't open" screen with 2 options (1 Exit. 2 Retry). And Avast is disabled. Even in Safe Mode.
- When I run a full virus scan with Avast, even after an hour, I'm presented with a "progress" screen that shows 0% even after an hour.
- Hotmail/Outlook (email service) won't open.
- On Start Menu, Restart and/or Shut Down do nothing.
- File folders take forever to load and/or populate.
- Sometimes when a web page doesn't load, there's a message in the bottom left that says, "resolving host". Page is usually still trying to load and usually never completes ... endless loop?
- Links on some pages don't load, although the busy little arrowed circle (top left) seems to be trying.

Broni has helped me in the past with issues ... he's very good at fixing problems.

Thank you,

Dennis

 

[Broni]

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[The Viking]

Hi again Broni,

I just ran Farbar and will post the logs right after this question ...

I still have JRT and TFC on my desktop. Do you want me to uninstall them and then reinstall them when the time comes?
Here are the 2 Farbar logs ...


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2017
Ran by Dennis (administrator) on DENNIS-PC (22-05-2017 21:50:08)
Running from C:\Users\Dennis\Desktop
Loaded Profiles: Dennis (Available Profiles: Dennis & July14-2014)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Visicom Media Inc.) C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
() C:\Program Files (x86)\SpeedFan\speedfan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2011-01-05] (Acer Incorporated)
HKLM\...\Run: [OOTag] => C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-22] (Microsoft)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-01] (UltimateOutsider)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-19] (AVAST Software)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2650576 2017-05-05] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-911639588-1509253152-2454761001-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9772248 2017-05-05] (Piriform Ltd)
HKU\S-1-5-21-911639588-1509253152-2454761001-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [43984 2017-05-19] (Glarysoft Ltd)
HKU\S-1-5-21-911639588-1509253152-2454761001-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-19] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-19] (AVAST Software)
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bitPCloudBroom64.exe \systemroot\system32\BroomData.bitPCloudBroom64.exe \systemroot\system32\BroomData.bit
GroupPolicyScripts-x32: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.59.144.19 64.59.150.135
Tcpip\..\Interfaces\{3F03EB82-C645-4B1F-953B-0034968DACA2}: [DhcpNameServer] 64.59.144.19 64.59.150.135

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-911639588-1509253152-2454761001-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-911639588-1509253152-2454761001-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-25] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-05] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-05] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-25] (Oracle Corporation)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxps://files.pcpitstop.com/cab/pcmatic.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)

FireFox:
========
FF DefaultProfile: ktc8jgaw.default
FF ProfilePath: C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\ktc8jgaw.default [2017-05-22]
FF Extension: (Avast SafePrice) - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\ktc8jgaw.default\Extensions\sp@avast.com.xpi [2017-05-08]
FF Extension: (Avast Online Security) - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\ktc8jgaw.default\Extensions\wrc@avast.com.xpi [2017-05-08]
FF Extension: (QuickJava) - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\ktc8jgaw.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2016-11-23]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-11-14] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-17] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-25] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-911639588-1509253152-2454761001-1000: jpl.nasa.gov/NASAEyes -> C:\Users\Dennis\NASA's Eyes\npNASAEyes.dll [2016-07-13] (Jet Propulsion Laboratory)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxp://www.google.com/
CHR Profile: C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default [2016-11-21]
CHR Extension: (Google Slides) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-18]
CHR Extension: (Google Docs) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-18]
CHR Extension: (Google Drive) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-18]
CHR Extension: (YouTube) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-18]
CHR Extension: (Avast Online Security) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2016-11-18]
CHR Extension: (Avast SafePrice) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-18]
CHR Extension: (Avast SafePrice) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcoadmpfijfcmokecmkgolhbaeclfage [2016-11-18]
CHR Extension: (Google Sheets) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-18]
CHR Extension: (Google Docs Offline) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-18]
CHR Extension: (Avast Online Security) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-18]
CHR Extension: (Gmail) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-18]
CHR Extension: (Chrome Media Router) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-18]
CHR Profile: C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-05-22]
CHR Extension: (Google Docs) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Drive) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (YouTube) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-21]
CHR Extension: (Google Search) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Docs Offline) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Avast Online Security) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-05-20]
CHR Extension: (Google Wallet) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-19]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fcoadmpfijfcmokecmkgolhbaeclfage] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [okmhneofinpilciglijihehjpaegledb] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-19] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-19] (AVAST Software)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2015-11-20] (Microsoft Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155080 2017-05-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [287752 2015-10-02] (Visicom Media Inc.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [137216 2015-11-19] (Microsoft Corporation) [File not signed]
S3 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [304408 2017-02-01] (RaMMicHaeL)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-05-19] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-05-19] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-05-19] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-05-19] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-19] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-05-19] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-19] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-19] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-05-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-05-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-05-19] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-19] (AVAST Software)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77440 2017-05-05] ()
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2016-11-07] (Glarysoft Ltd)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251832 2017-05-22] (Malwarebytes)
R3 panda_url_filteringd; C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [28624 2016-07-13] () [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2014-12-21] ()
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [29160 2014-08-07] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

[The Viking]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-22 21:50 - 2017-05-22 21:52 - 00022717 _____ C:\Users\Dennis\Desktop\FRST.txt
2017-05-22 21:30 - 2017-05-22 21:50 - 00000000 ____D C:\FRST
2017-05-22 21:29 - 2017-05-22 21:29 - 02429952 _____ (Farbar) C:\Users\Dennis\Desktop\FRST64.exe
2017-05-22 21:26 - 2017-05-22 21:26 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-05-22 11:02 - 2017-05-22 21:41 - 00183986 _____ C:\Windows\ntbtlog.txt
2017-05-20 17:41 - 2017-05-20 17:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2017-05-20 17:27 - 2017-05-20 17:27 - 00425304 _____ (Secure By Design Inc.) C:\Users\Dennis\Downloads\Ninite Shockwave Installer.exe
2017-05-20 16:43 - 2017-05-20 16:43 - 09548112 _____ (Piriform Ltd) C:\Users\Dennis\Downloads\ccsetup530.exe
2017-05-19 19:43 - 2017-04-16 01:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-19 19:43 - 2017-04-16 00:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-19 19:43 - 2017-04-16 00:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-19 19:43 - 2017-04-15 23:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-19 19:42 - 2017-04-27 18:14 - 05547240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-19 19:42 - 2017-04-27 18:14 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-05-19 19:42 - 2017-04-27 18:14 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-05-19 19:42 - 2017-04-27 18:14 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-05-19 19:42 - 2017-04-27 18:14 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-05-19 19:42 - 2017-04-27 18:11 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-05-19 19:42 - 2017-04-27 18:10 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-19 19:42 - 2017-04-27 18:10 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-05-19 19:42 - 2017-04-27 18:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-05-19 19:42 - 2017-04-27 18:10 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-05-19 19:42 - 2017-04-27 18:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-05-19 19:42 - 2017-04-27 18:10 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-19 19:42 - 2017-04-27 18:10 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-05-19 19:42 - 2017-04-27 18:10 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-05-19 19:42 - 2017-04-27 18:10 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-05-19 19:42 - 2017-04-27 18:10 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-05-19 19:42 - 2017-04-27 18:10 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-05-19 19:42 - 2017-04-27 18:10 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-05-19 19:42 - 2017-04-27 18:10 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-05-19 19:42 - 2017-04-27 18:10 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-05-19 19:42 - 2017-04-27 18:10 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-05-19 19:42 - 2017-04-27 18:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-05-19 19:42 - 2017-04-27 18:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-05-19 19:42 - 2017-04-27 18:10 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-05-19 19:42 - 2017-04-27 18:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-05-19 19:42 - 2017-04-27 18:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-05-19 19:42 - 2017-04-27 18:10 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-05-19 19:42 - 2017-04-27 18:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-05-19 19:42 - 2017-04-27 18:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-05-19 19:42 - 2017-04-27 18:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 17:36 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-05-19 19:42 - 2017-04-27 17:36 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-05-19 19:42 - 2017-04-27 17:34 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 17:19 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-05-19 19:42 - 2017-04-27 17:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-05-19 19:42 - 2017-04-27 17:19 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-05-19 19:42 - 2017-04-27 17:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-05-19 19:42 - 2017-04-27 17:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-05-19 19:42 - 2017-04-27 17:14 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-05-19 19:42 - 2017-04-27 17:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-19 19:42 - 2017-04-27 17:11 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-19 19:42 - 2017-04-27 17:11 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-19 19:42 - 2017-04-27 17:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-05-19 19:42 - 2017-04-27 17:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-05-19 19:42 - 2017-04-27 17:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-05-19 19:42 - 2017-04-27 17:08 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-05-19 19:42 - 2017-04-27 17:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-05-19 19:42 - 2017-04-27 17:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-05-19 19:42 - 2017-04-27 17:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-05-19 19:42 - 2017-04-27 17:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-05-19 19:42 - 2017-04-27 17:07 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 17:07 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 17:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-05-19 19:42 - 2017-04-27 17:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-05-19 19:42 - 2017-04-26 07:59 - 03220992 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-19 19:42 - 2017-04-21 08:34 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-05-19 19:42 - 2017-04-21 08:15 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-05-19 19:42 - 2017-04-19 17:00 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-19 19:42 - 2017-04-19 16:16 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-19 19:42 - 2017-04-17 08:37 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-19 19:42 - 2017-04-17 08:37 - 00876544 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-19 19:42 - 2017-04-17 08:37 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-19 19:42 - 2017-04-17 08:37 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-05-19 19:42 - 2017-04-17 08:37 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-05-19 19:42 - 2017-04-17 08:12 - 01417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-19 19:42 - 2017-04-17 08:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-19 19:42 - 2017-04-17 08:12 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-05-19 19:42 - 2017-04-17 07:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-05-19 19:42 - 2017-04-16 02:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-05-19 19:42 - 2017-04-16 02:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-05-19 19:42 - 2017-04-16 01:57 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-05-19 19:42 - 2017-04-16 01:55 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-05-19 19:42 - 2017-04-16 01:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-05-19 19:42 - 2017-04-16 01:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-19 19:42 - 2017-04-16 01:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-19 19:42 - 2017-04-16 01:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-19 19:42 - 2017-04-16 01:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-05-19 19:42 - 2017-04-16 01:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-05-19 19:42 - 2017-04-16 01:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-05-19 19:42 - 2017-04-16 01:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-05-19 19:42 - 2017-04-16 01:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-19 19:42 - 2017-04-16 01:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-19 19:42 - 2017-04-16 01:36 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-05-19 19:42 - 2017-04-16 01:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-05-19 19:42 - 2017-04-16 01:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-05-19 19:42 - 2017-04-16 01:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-05-19 19:42 - 2017-04-16 01:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-19 19:42 - 2017-04-16 01:11 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-05-19 19:42 - 2017-04-16 01:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-19 19:42 - 2017-04-16 01:09 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-05-19 19:42 - 2017-04-16 01:04 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-05-19 19:42 - 2017-04-16 01:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-19 19:42 - 2017-04-16 01:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-05-19 19:42 - 2017-04-16 01:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-19 19:42 - 2017-04-16 01:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-05-19 19:42 - 2017-04-16 01:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-05-19 19:42 - 2017-04-16 01:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-19 19:42 - 2017-04-16 01:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-19 19:42 - 2017-04-16 00:57 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-05-19 19:42 - 2017-04-16 00:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-19 19:42 - 2017-04-16 00:52 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-05-19 19:42 - 2017-04-16 00:52 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-05-19 19:42 - 2017-04-16 00:48 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-05-19 19:42 - 2017-04-16 00:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-19 19:42 - 2017-04-16 00:47 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-05-19 19:42 - 2017-04-16 00:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-05-19 19:42 - 2017-04-16 00:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-19 19:42 - 2017-04-16 00:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-19 19:42 - 2017-04-16 00:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-19 19:42 - 2017-04-16 00:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-19 19:42 - 2017-04-16 00:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-05-19 19:42 - 2017-04-16 00:35 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-05-19 19:42 - 2017-04-16 00:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-05-19 19:42 - 2017-04-16 00:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-19 19:42 - 2017-04-16 00:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-05-19 19:42 - 2017-04-16 00:25 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-05-19 19:42 - 2017-04-16 00:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-19 19:42 - 2017-04-16 00:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-19 19:42 - 2017-04-16 00:20 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-05-19 19:42 - 2017-04-16 00:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-19 19:42 - 2017-04-16 00:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-19 19:42 - 2017-04-16 00:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-19 19:42 - 2017-04-16 00:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-19 19:42 - 2017-04-16 00:08 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-05-19 19:42 - 2017-04-16 00:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-19 19:42 - 2017-04-15 23:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-19 19:42 - 2017-04-15 23:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-19 19:42 - 2017-04-15 23:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-19 19:42 - 2017-04-15 23:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-19 19:42 - 2017-04-15 23:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-19 19:42 - 2017-04-12 08:32 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-19 19:42 - 2017-04-12 08:32 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-05-19 19:42 - 2017-04-12 08:32 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-05-19 19:42 - 2017-04-12 08:32 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-05-19 19:42 - 2017-04-12 08:26 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-05-19 19:42 - 2017-04-12 08:25 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-19 19:42 - 2017-04-12 08:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-05-19 19:42 - 2017-04-12 08:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-05-19 19:42 - 2017-04-07 08:34 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-19 19:42 - 2017-04-07 08:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-19 19:42 - 2017-04-07 08:30 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-19 19:42 - 2017-04-07 08:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-05-19 19:42 - 2017-04-07 08:22 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-19 19:42 - 2017-04-05 07:55 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-19 19:42 - 2017-04-05 07:55 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-19 19:42 - 2017-04-05 07:55 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-05-19 19:42 - 2017-04-04 08:34 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-05-19 19:42 - 2017-04-04 08:34 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-05-19 19:42 - 2017-04-04 08:34 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-05-19 19:42 - 2017-04-04 07:53 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-05-19 19:42 - 2017-04-04 07:53 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-05-19 19:42 - 2017-03-10 09:32 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2017-05-19 19:42 - 2017-03-10 09:32 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2017-05-19 19:42 - 2017-03-10 09:20 - 01508352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2017-05-19 19:42 - 2017-03-10 09:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2017-05-19 19:42 - 2017-03-10 08:57 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
2017-05-19 19:42 - 2017-03-10 08:55 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2017-05-19 19:42 - 2017-03-10 08:55 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2017-05-19 19:42 - 2017-03-09 09:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-05-19 19:42 - 2017-03-09 09:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-05-19 19:41 - 2015-05-25 11:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2017-05-19 19:41 - 2015-05-25 11:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2017-05-19 19:41 - 2015-05-25 11:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2017-05-19 19:41 - 2015-05-25 11:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2017-05-19 19:41 - 2015-05-25 11:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2017-05-19 19:41 - 2015-05-25 11:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2017-05-19 19:41 - 2015-05-25 11:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2017-05-19 19:41 - 2015-05-25 11:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2017-05-19 19:41 - 2015-05-25 11:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2017-05-19 19:41 - 2015-05-25 11:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2017-05-19 19:41 - 2015-05-25 11:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2017-05-19 19:41 - 2015-05-25 11:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2017-05-19 19:41 - 2015-01-08 20:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2017-05-19 19:41 - 2015-01-08 20:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2017-05-19 19:41 - 2015-01-08 20:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2017-05-19 19:41 - 2015-01-08 19:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2017-05-19 18:25 - 2015-07-22 17:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2017-05-19 18:25 - 2015-07-22 10:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2017-05-19 18:01 - 2017-05-19 18:01 - 00400456 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-05-19 14:33 - 2017-05-22 20:45 - 00000000 ____D C:\Users\Dennis\Desktop\Broni TechSpot May-19-2017
2017-05-19 13:00 - 2017-05-19 13:00 - 00000000 ____D C:\Users\Dennis\AppData\Local\{A60B9ED0-0279-40B2-94FC-FB7C6438D6DE}
2017-05-17 15:08 - 2017-05-17 15:08 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Google
2017-05-16 09:36 - 2017-05-16 17:04 - 00000253 _____ C:\Users\Dennis\Desktop\iihf worlds 2017.url
2017-05-14 23:01 - 2017-05-14 23:01 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2017-05-14 19:55 - 2017-05-20 19:58 - 00007617 _____ C:\Users\Dennis\Desktop\Computer Problems May 2017.txt
2017-05-09 04:36 - 2017-05-18 23:04 - 00000000 ____D C:\Windows\system32\DBBK
2017-05-08 21:24 - 2015-09-14 14:03 - 00039672 _____ C:\Windows\system32\Drivers\rvecschg.sys
2017-04-29 20:10 - 2017-04-29 20:11 - 00076726 _____ C:\Users\Dennis\Downloads\cc_20170429_201055.reg
2017-04-29 12:47 - 2017-05-22 21:16 - 00000000 _____ C:\Windows\SysWOW64\last.dump
2017-04-26 12:38 - 2017-04-26 12:38 - 00000021 _____ C:\Users\Dennis\Desktop\Vanessa.txt
2017-04-25 20:44 - 2017-04-25 20:44 - 09390672 _____ (Piriform Ltd) C:\Users\Dennis\Downloads\ccsetup529.exe
2017-04-25 20:05 - 2017-04-25 20:07 - 183722868 _____ (Stellarium team ) C:\Users\Dennis\Downloads\stellarium-0.15.2-win64.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

 

[The Viking]

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)


2017-05-22 21:52 - 2013-06-15 15:35 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\NetSpeedMonitor
2017-05-22 21:49 - 2016-11-07 00:28 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2017-05-22 21:49 - 2014-01-22 15:27 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2017-05-22 21:47 - 2017-04-03 12:35 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-22 21:45 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-22 19:57 - 2009-07-13 22:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-22 19:57 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2017-05-22 19:06 - 2009-07-13 21:45 - 00033024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-22 19:06 - 2009-07-13 21:45 - 00033024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-22 18:58 - 2017-02-14 14:50 - 00000000 ____D C:\ProgramData\panda_url_filtering
2017-05-22 18:27 - 2015-11-25 12:52 - 00000000 ____D C:\Users\Dennis\Downloads\Java Dec-12-2015
2017-05-22 17:57 - 2017-04-15 00:52 - 00003316 _____ C:\Windows\System32\Tasks\GlaryInitialize 5
2017-05-22 17:57 - 2017-04-15 00:52 - 00002976 _____ C:\Windows\System32\Tasks\GU5SkipUAC
2017-05-22 17:57 - 2017-03-29 21:40 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2017-05-22 17:57 - 2016-11-07 00:29 - 00001096 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2017-05-22 16:34 - 2015-07-07 02:40 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2017-05-22 13:34 - 2016-03-27 13:36 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-22 11:45 - 2015-05-13 12:42 - 00000000 ____D C:\ProgramData\AVAST Software
2017-05-20 16:59 - 2017-04-03 12:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-20 16:56 - 2014-05-30 15:57 - 00000000 ____D C:\Users\Dennis\AppData\Local\CrashDumps
2017-05-20 10:47 - 2015-07-16 02:11 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-05-20 10:32 - 2017-03-17 20:11 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-05-20 01:42 - 2015-07-10 01:44 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-05-19 23:26 - 2016-02-22 13:07 - 00002199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-19 23:26 - 2016-02-22 13:07 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-19 20:45 - 2016-11-21 13:11 - 00000000 ____D C:\Users\Dennis\AppData\LocalLow\Mozilla
2017-05-19 20:16 - 2016-01-31 23:10 - 00434120 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-19 20:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-19 20:06 - 2014-08-10 02:50 - 00758176 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-05-19 20:00 - 2013-08-22 14:26 - 00000000 ____D C:\Windows\system32\MRT
2017-05-19 19:56 - 2014-08-27 15:42 - 156335152 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-19 18:03 - 2017-04-08 10:54 - 00003894 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1472757305
2017-05-19 18:02 - 2016-07-30 06:31 - 00158880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2017-05-19 18:01 - 2016-07-30 06:31 - 00569192 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-05-19 18:01 - 2016-07-30 06:31 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-05-19 18:01 - 2016-07-30 06:31 - 00158368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys.149524213361902
2017-05-19 18:01 - 2016-07-30 06:31 - 00128648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-05-19 18:01 - 2016-07-30 06:31 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-05-19 18:01 - 2016-07-30 06:31 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-05-19 18:01 - 2016-07-30 06:31 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-05-19 18:00 - 2017-03-17 20:11 - 00334576 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-05-19 18:00 - 2017-03-17 20:11 - 00311808 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-05-19 18:00 - 2017-03-17 20:11 - 00190256 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-05-19 18:00 - 2017-03-17 20:11 - 00049016 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-05-19 18:00 - 2016-07-30 06:31 - 01007160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-05-19 18:00 - 2016-07-30 06:31 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-05-19 17:46 - 2013-01-24 10:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-19 17:45 - 2014-08-09 23:26 - 00000000 ____D C:\Users\Dennis
2017-05-19 17:43 - 2016-10-27 01:49 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3
2017-05-19 17:43 - 2016-09-02 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-05-19 17:43 - 2016-05-02 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellarium
2017-05-19 17:38 - 2015-07-20 01:56 - 00000000 ____D C:\Users\July14-2014
2017-05-19 17:38 - 2014-12-14 15:52 - 00000000 ____D C:\Users\test
2017-05-19 17:37 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-05-19 17:37 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\Offline Web Pages
2017-05-19 17:37 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2017-05-19 17:37 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2017-05-19 17:37 - 2009-07-13 20:20 - 00000000 __RSD C:\Windows\Media
2017-05-19 17:37 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\TAPI
2017-05-19 17:37 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Msdtc
2017-05-19 17:37 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\ias
2017-05-19 17:37 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2017-05-19 17:33 - 2015-12-03 14:11 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-05-19 17:33 - 2011-03-23 02:00 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-19 17:33 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-05-19 17:33 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\oobe
2017-05-19 17:33 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2017-05-19 17:32 - 2009-07-13 21:45 - 00000000 ____D C:\Windows\Setup
2017-05-19 17:32 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\servicing
2017-05-19 17:31 - 2013-05-16 09:38 - 00000000 ____D C:\Windows\pss
2017-05-19 17:31 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\security
2017-05-19 17:31 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PLA
2017-05-19 17:29 - 2016-12-28 14:57 - 00000000 ___RD C:\Users\Dennis\Desktop\WD Elements 1TB Hard-Drive
2017-05-19 17:29 - 2016-11-24 15:49 - 00000000 ____D C:\Users\Dennis\Documents\atlant22
2017-05-19 17:29 - 2016-09-27 20:22 - 00000000 ___RD C:\Users\Dennis\Desktop\Thunder Pics for Teela Painting Sept27-2016
2017-05-19 17:29 - 2016-07-21 19:25 - 00000000 ___RD C:\Users\Dennis\Desktop\Space Stuff
2017-05-19 17:29 - 2016-07-16 00:34 - 00000000 ____D C:\Users\Dennis\NASA's Eyes
2017-05-19 17:29 - 2016-07-10 11:43 - 00000000 ___RD C:\Users\Dennis\Desktop\Haircut Pics
2017-05-19 17:29 - 2016-07-10 11:12 - 00000000 ___RD C:\Users\Dennis\Desktop\Debut Video Capture
2017-05-19 17:29 - 2016-05-23 19:03 - 00000000 ___RD C:\Users\Dennis\Desktop\Weyerhaeuser
2017-05-19 17:29 - 2016-01-25 17:28 - 00000000 ___RD C:\Users\Dennis\Desktop\Desktop Cats
2017-05-19 17:29 - 2016-01-25 17:26 - 00000000 ___RD C:\Users\Dennis\Desktop\Work from Home - Ways to Make Money
2017-05-19 17:29 - 2016-01-19 18:32 - 00000000 ____D C:\Users\Dennis\Downloads\sigcheck
2017-05-19 17:29 - 2016-01-04 13:03 - 00000000 ___RD C:\Users\Dennis\Desktop\How to Use G-Mail Jan-4-2016
2017-05-19 17:29 - 2015-12-10 01:25 - 00000000 ___RD C:\Users\Dennis\Desktop\DO THIS Jan-25-2016
2017-05-19 17:29 - 2015-10-20 22:46 - 00000000 ___RD C:\Users\Dennis\Desktop\My 2016 on Christmas Wish List
2017-05-19 17:29 - 2015-09-06 11:55 - 00000000 ___RD C:\Users\Dennis\Desktop\Train
2017-05-19 17:29 - 2015-08-15 20:16 - 00000000 ___RD C:\Users\Dennis\Desktop\PRESSING ITEMS Aug15-2015
2017-05-19 17:29 - 2015-07-04 22:47 - 00000000 ____D C:\Users\Dennis\Downloads\ProcessExplorer
2017-05-19 17:29 - 2015-06-07 17:16 - 00000000 ____D C:\Users\Dennis\Downloads\Autoruns
2017-05-19 17:29 - 2015-04-22 19:43 - 00000000 ___RD C:\Users\Dennis\Desktop\Cars of Mine
2017-05-19 17:29 - 2015-02-14 12:28 - 00000000 ____D C:\Users\Dennis\Desktop\How to Geek Important Article Links
2017-05-19 17:29 - 2015-01-06 01:40 - 00000000 ___RD C:\Users\Dennis\Desktop\Standard Word Docs & Others
2017-05-19 17:29 - 2014-09-25 23:40 - 00000000 ___RD C:\Users\Dennis\Documents\Notes
2017-05-19 17:29 - 2014-08-23 10:21 - 00000000 ___RD C:\Users\Dennis\Desktop\Desktop Shortcuts Aug23-2014
2017-05-19 17:29 - 2014-05-24 09:28 - 00000000 ___RD C:\Users\Dennis\Documents\Moody Knot
2017-05-19 17:29 - 2014-03-22 14:48 - 00000000 ___RD C:\Users\Dennis\Documents\Standard Word Docs & Others
2017-05-19 17:29 - 2013-11-03 22:12 - 00000000 ___SD C:\Users\Dennis\Documents\My Data Sources
2017-05-19 17:29 - 2013-09-29 18:59 - 00000000 ___RD C:\Users\Dennis\Documents\Red Cross
2017-05-19 17:29 - 2013-06-12 12:16 - 00000000 ___RD C:\Users\Dennis\Documents\My Kitty Cats - June12-13
2017-05-19 17:29 - 2013-02-08 10:33 - 00000000 ____D C:\Users\Dennis\Downloads\atlant22
2017-05-19 17:29 - 2012-11-17 17:10 - 00000000 ___RD C:\Users\Dennis\Documents\Recipes July28-2015
2017-05-19 17:29 - 2012-07-28 10:42 - 00000000 ___RD C:\Users\Dennis\Documents\FUNNY **** July28-12
2017-05-19 17:29 - 2012-07-28 10:42 - 00000000 ___RD C:\Users\Dennis\Documents\Funny Pics & Jokes July1-10
2017-05-19 17:29 - 2012-06-28 23:53 - 00000000 ___RD C:\Users\Dennis\Documents\Intrepid July20-2010
2017-05-19 17:29 - 2012-06-28 23:53 - 00000000 ___RD C:\Users\Dennis\Documents\Hotmail Stuff
2017-05-19 17:29 - 2012-06-28 23:53 - 00000000 ___RD C:\Users\Dennis\Documents\CRC
2017-05-19 17:29 - 2012-06-28 23:53 - 00000000 ___RD C:\Users\Dennis\Documents\Cops Speeding
2017-05-19 17:29 - 2012-06-28 23:53 - 00000000 ___RD C:\Users\Dennis\Documents\ALL JOE
2017-05-19 17:29 - 2012-06-28 23:53 - 00000000 ____D C:\Users\Dennis\Documents\OpenOffice.org 3.3 (en-GB) Installation Files
2017-05-19 17:29 - 2012-06-28 23:53 - 00000000 ____D C:\Users\Dennis\Documents\Icons
2017-05-19 17:29 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\AppCompat
2017-05-19 17:27 - 2014-12-16 18:34 - 00000000 ___RD C:\Users\Dennis\Desktop\ALL Photos on Acer as of Dec16-2014 Add any after
2017-05-19 17:27 - 2014-08-23 13:37 - 00000000 ___RD C:\Users\Dennis\Desktop\All files from My Docs - Aug23-2014
2017-05-19 17:26 - 2017-04-17 00:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2017-05-19 17:26 - 2017-04-04 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\partypoker
2017-05-19 17:26 - 2017-02-01 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-05-19 17:26 - 2016-11-11 23:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-19 17:26 - 2016-11-07 00:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2017-05-19 17:26 - 2016-07-30 06:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-05-19 17:26 - 2016-07-10 11:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
2017-05-19 17:26 - 2016-07-10 11:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2017-05-19 17:26 - 2016-06-11 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-05-19 17:26 - 2016-05-27 12:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-05-19 17:26 - 2016-05-11 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-05-19 17:26 - 2016-05-01 16:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GWX Control Panel
2017-05-19 17:26 - 2016-03-27 15:23 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-05-19 17:26 - 2016-03-27 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-05-19 17:26 - 2016-03-23 04:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2017-05-19 17:26 - 2016-01-29 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-05-19 17:26 - 2016-01-22 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2017-05-19 17:26 - 2016-01-19 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EULAlyzer
2017-05-19 17:26 - 2016-01-13 01:01 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Quick Cribbage 3.2
2017-05-19 17:26 - 2015-12-13 16:10 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\BlueLabsSoftware
2017-05-19 17:26 - 2015-12-12 19:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python Tools for Visual Studio 2015
2017-05-19 17:26 - 2015-12-12 19:10 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js
2017-05-19 17:26 - 2015-12-12 18:48 - 00000000 ____D C:\Users\Dennis\.swt
2017-05-19 17:26 - 2015-12-12 18:25 - 00000000 ____D C:\Users\Dennis\.android
2017-05-19 17:26 - 2015-12-12 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
2017-05-19 17:26 - 2015-12-12 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-05-19 17:26 - 2015-12-12 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK
2017-05-19 17:26 - 2015-12-12 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2017-05-19 17:26 - 2015-12-12 16:52 - 00000000 ____D C:\ProgramData\NuGet
2017-05-19 17:26 - 2015-12-12 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2017-05-19 17:26 - 2015-12-12 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
2017-05-19 17:26 - 2015-07-04 03:40 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\qBittorrent
2017-05-19 17:26 - 2014-12-14 15:09 - 00000000 ____D C:\ProgramData\VS Revo Group
2017-05-19 17:26 - 2014-08-10 01:40 - 00000000 ____D C:\Users\Default\AppData\Local\Downloaded Installations
2017-05-19 17:26 - 2014-08-10 01:40 - 00000000 ____D C:\Users\Default User\AppData\Local\Downloaded Installations
2017-05-19 17:26 - 2014-08-09 18:45 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2017-05-19 17:26 - 2014-08-09 18:45 - 00000000 ____D C:\Users\Dennis\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2017-05-19 17:26 - 2014-08-09 09:41 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\vlc
2017-05-19 17:26 - 2014-08-08 14:32 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Skype
2017-05-19 17:26 - 2014-08-08 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2017-05-19 17:26 - 2014-08-02 13:44 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\TP-LINK
2017-05-19 17:26 - 2014-05-17 17:29 - 00000000 ____D C:\Users\Dennis\AppData\Local\Microsoft_Research
2017-05-19 17:26 - 2013-05-02 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-05-19 17:26 - 2012-11-04 16:58 - 00000000 ____D C:\Users\Dennis\AppData\Local\Cyberlink
2017-05-19 17:26 - 2012-02-11 22:10 - 00000000 ____D C:\Users\Dennis\AppData\Local\Microsoft Help
2017-05-19 17:25 - 2017-04-03 12:34 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-19 17:25 - 2016-10-21 10:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-19 17:25 - 2016-10-15 13:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-19 17:25 - 2016-07-30 00:04 - 00000000 ____D C:\ProgramData\Avg
2017-05-19 17:25 - 2016-02-12 02:42 - 00000000 ____D C:\Program Files\CCleaner
2017-05-19 17:25 - 2014-12-16 19:48 - 00000000 ____D C:\Program Files (x86)\Windows Installer Clean Up
2017-05-19 17:25 - 2013-06-15 15:29 - 00000000 ____D C:\Program Files\NetSpeedMonitor
2017-05-19 17:25 - 2013-05-02 14:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-05-19 17:25 - 2013-05-02 14:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-05-19 17:25 - 2012-10-27 09:31 - 00000000 ____D C:\ProgramData\504462DE1EDFE46200005044129FEA40
2017-05-19 17:25 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Microsoft Games
2017-05-19 17:25 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-05-19 17:24 - 2017-02-14 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2017-05-19 17:14 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2017-05-19 16:51 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Vss
2017-05-19 16:50 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\spool
2017-05-19 16:49 - 2012-12-11 11:04 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-19 16:38 - 2009-07-13 21:45 - 00000000 ____D C:\Windows\ServiceProfiles
2017-05-19 16:33 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Help
2017-05-19 16:25 - 2015-06-01 10:16 - 00000000 ____D C:\Users\Dennis\Downloads\WinX DVD Ripper Platinum
2017-05-19 16:24 - 2015-07-05 04:40 - 00000000 ____D C:\Users\Dennis\Downloads\asms
2017-05-19 16:24 - 2012-06-28 23:53 - 00000000 ____D C:\Users\Dennis\Documents\Where I've Lived
2017-05-19 16:24 - 2012-06-28 23:53 - 00000000 ____D C:\Users\Dennis\Documents\IQ ****
2017-05-19 16:18 - 2015-06-16 13:47 - 00000000 ____D C:\Users\Dennis\Desktop\Holder Folder 4 Recent Desktop Charla Stuff June27-2015
2017-05-19 16:09 - 2014-12-16 15:50 - 00000000 ____D C:\Users\Dennis\Desktop\ALL Program Files
2017-05-19 16:03 - 2016-10-15 14:00 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Mozilla
2017-05-19 16:03 - 2016-07-30 00:09 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\AVG
2017-05-19 16:03 - 2016-07-16 00:34 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\JPL-NASA-Caltech
2017-05-19 16:03 - 2015-06-01 10:18 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Digiarty
2017-05-19 16:03 - 2015-03-15 15:51 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\GlarySoft
2017-05-19 16:03 - 2014-12-13 22:50 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\OpenOffice
2017-05-19 16:03 - 2014-08-02 15:06 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Adobe
2017-05-19 16:03 - 2012-06-29 09:37 - 00000000 ____D C:\Users\Dennis\AppData\LocalLow\Sun
2017-05-19 16:02 - 2017-04-08 12:43 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-05-19 16:02 - 2016-03-27 13:41 - 00000000 ____D C:\Users\Dennis\AppData\Local\Steam
2017-05-19 16:02 - 2015-12-12 21:14 - 00000000 ____D C:\Users\Dennis\.dnx
2017-05-19 16:02 - 2015-12-12 18:46 - 00000000 ____D C:\Users\Dennis\.eclipse
2017-05-19 16:02 - 2015-12-12 17:16 - 00000000 ____D C:\ProgramData\PreEmptive Solutions
2017-05-19 16:02 - 2015-11-04 21:15 - 00000000 ____D C:\Users\Dennis\AppData\Local\CEF
2017-05-19 16:02 - 2014-12-14 15:09 - 00000000 ____D C:\Users\Dennis\AppData\Local\VS Revo Group
2017-05-19 16:02 - 2012-06-29 09:39 - 00000000 ____D C:\Users\Dennis\AppData\LocalLow\Oracle
2017-05-19 16:02 - 2012-01-26 21:23 - 00000000 ____D C:\Users\Dennis\AppData\Local\Microsoft Games
2017-05-19 16:02 - 2012-01-26 13:12 - 00000000 ____D C:\Users\Dennis\AppData\Local\VirtualStore
2017-05-19 16:01 - 2015-06-01 10:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
2017-05-19 16:01 - 2015-05-13 15:07 - 00000000 ____D C:\ProgramData\Panda Security
2017-05-19 15:55 - 2014-08-03 20:11 - 00000000 ____D C:\ProgramData\Auslogics
2017-05-19 15:55 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\MSBuild
2017-05-19 15:50 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-05-19 15:49 - 2016-07-30 00:04 - 00000000 ____D C:\Program Files (x86)\AVG
2017-05-15 21:03 - 2015-01-04 13:33 - 00067985 _____ C:\Users\Dennis\Desktop\E-S-I April-12-2016.txt
2017-05-10 09:02 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\tracing
2017-05-10 05:07 - 2016-01-30 22:10 - 00114432 _____ C:\Users\Dennis\AppData\Local\GDIPFONTCACHEV1.DAT
2017-05-09 21:05 - 2016-03-27 15:06 - 00000000 ____D C:\Windows\Minidump
2017-05-09 16:37 - 2017-04-03 12:34 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-05-03 12:38 - 2016-07-30 00:04 - 00000000 ____D C:\Users\Dennis\AppData\Local\AvgSetupLog
2017-04-28 08:58 - 2015-08-26 12:33 - 00000434 _____ C:\Users\Dennis\Desktop\Connecting all The Connections Aug26-2015.txt
2017-04-28 08:19 - 2017-04-06 14:46 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-28 08:19 - 2017-04-06 14:46 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-27 14:38 - 2015-05-13 23:25 - 00000794 _____ C:\Windows\SysWOW64\BroomData.bit
2017-04-25 20:09 - 2016-05-02 17:41 - 00000000 ____D C:\Program Files\Stellarium
2017-04-25 20:09 - 2015-03-15 19:14 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Stellarium
2017-04-25 19:47 - 2013-01-19 01:26 - 00000000 ____D C:\Program Files\Java
2017-04-25 19:44 - 2016-11-22 21:16 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-04-25 19:43 - 2014-08-08 07:52 - 00000000 ____D C:\Program Files (x86)\Java
2017-04-25 19:38 - 2017-01-22 23:14 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

==================== Files in the root of some directories =======

 

[The Viking]

==================== Files in the root of some directories =======



2016-02-29 18:04 - 2001-09-29 22:31 - 0314931 ____R () C:\Program Files\binkw32.dll
2016-02-29 18:05 - 2001-09-29 22:31 - 0314931 ____R () C:\Program Files (x86)\binkw32.dll
2015-04-19 05:20 - 2015-05-16 23:33 - 0000626 _____ () C:\Users\Dennis\AppData\Roaming\UAAiRCB
2015-09-19 16:03 - 2015-09-19 16:03 - 0000000 ____H () C:\Users\Dennis\AppData\Local\BITF1DC.tmp
2015-05-23 23:30 - 2016-05-10 17:30 - 0007609 _____ () C:\Users\Dennis\AppData\Local\Resmon.ResmonCfg
2015-05-11 16:11 - 2015-05-11 16:11 - 0000000 _____ () C:\Users\Dennis\AppData\Local\Temp.dat
2015-09-19 16:02 - 2015-09-19 16:02 - 0000000 _____ () C:\Users\Dennis\AppData\Local\{0147C1A4-0867-4628-965A-2458D52B04FF}
2015-09-13 20:10 - 2015-09-13 20:10 - 0000000 _____ () C:\Users\Dennis\AppData\Local\{29F61D3B-734C-4494-88B0-8B2CECF5C349}

Some files in TEMP:
====================
2017-05-22 21:38 - 2017-05-22 21:38 - 0000000 _____ () C:\Users\Dennis\AppData\Local\Temp\4vch0uvt.dll
2017-05-22 11:53 - 2017-05-22 21:49 - 0192512 _____ () C:\Users\Dennis\AppData\Local\Temp\sfamcc00001.dll
2017-05-22 11:53 - 2017-05-22 21:49 - 0158720 _____ () C:\Users\Dennis\AppData\Local\Temp\sfareca00001.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-13 23:15

==================== End of FRST.txt ============================

 

[The Viking]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2017
Ran by Dennis (22-05-2017 21:53:09)
Running from C:\Users\Dennis\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-08-10 09:26:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-911639588-1509253152-2454761001-500 - Administrator - Disabled)
Dennis (S-1-5-21-911639588-1509253152-2454761001-1000 - Administrator - Enabled) => C:\Users\Dennis
Guest (S-1-5-21-911639588-1509253152-2454761001-501 - Limited - Disabled)
July14-2014 (S-1-5-21-911639588-1509253152-2454761001-1166 - Limited - Enabled) => C:\Users\July14-2014

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3 castles (HKLM-x32\...\3 castles) (Version: - )
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1510 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1510 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3009 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3016 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.4 - WildTangent)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.8.198 - Adobe Systems, Inc.)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{AFADB5DC-3ABC-421F-9DAD-BDABE511258B}) (Version: 4.0.51117.1 - Microsoft Corporation)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.51210.80 - Microsoft Corporation) Hidden
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Blast Thru Special Edition (HKLM-x32\...\Blast Thru Special Edition) (Version: - )
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Build Tools for Windows 10 - ENU (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Build Tools for Windows 10 (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
Celestia 1.6.1 (HKLM-x32\...\Celestia_is1) (Version: - Shatters Software)
Clang with Microsoft CodeGen (HKLM-x32\...\{f744d40c-987a-4ffe-bdbd-f17779e8b336}) (Version: 14.0.24717.0 - Microsoft Corporation)
Clang with Microsoft CodeGen (x32 Version: 14.0.24717 - Microsoft Corporation) Hidden
CodedUITestUAP (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Colors of War Special Edition (HKLM-x32\...\Colors of War Special Edition) (Version: - )
Cribbage (HKLM-x32\...\Cribbage) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dart Mania (HKLM-x32\...\Dart Mania) (Version: - )
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 3.07 - NCH Software)
Dotfuscator and Analytics Community Edition 5.19.0 (x32 Version: 5.19.0.2930 - PreEmptive Solutions) Hidden
Drop (HKLM-x32\...\Drop) (Version: - )
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
eGames Master's Edition 151 (HKLM-x32\...\eGames Master's Edition 151) (Version: - )
Entity Framework 6.1.3 Tools for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
EULAlyzer 2.2 (HKLM-x32\...\EULAlyzer_is1) (Version: 2.2.0 - BrightFort LLC)
Fishing Special Edition (HKLM-x32\...\Fishing Special Edition) (Version: - )
Galaxy Explorer (HKLM-x32\...\Galaxy Explorer) (Version: - )
Galaxy of Games 201 (HKLM-x32\...\Galaxy of Games 201) (Version: - )
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Git version 1.9.5-preview20141217 (HKLM-x32\...\Git_is1) (Version: 1.9.5-preview20141217 - The Git Development Community)
Glary Utilities 5.76 (HKLM-x32\...\Glary Utilities 5) (Version: 5.76.0.97 - Glarysoft Ltd)
Gonzo Heads (HKLM-x32\...\Gonzo Heads) (Version: - )
Google Chrome (HKLM-x32\...\{16C1182D-6E13-3989-A4BC-360B106D5C4E}) (Version: 58.0.3029.110 - Google, Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version: - UltimateOutsider)
IDE Tools for Windows 10 - ENU (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
IDE Tools for Windows 10 (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)
IIS 10.0 Express (HKLM\...\{7A28A2B0-458B-4A58-84AC-C90D2D4B79FB}) (Version: 10.0.1735 - Microsoft Corporation)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Intellisense Lang Pack Mobile Extension SDK 10.0.10586.0 (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java SE Development Kit 7 Update 55 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170550}) (Version: 1.7.0.550 - Oracle)
Java SE Development Kit 8 Update 111 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180111}) (Version: 8.0.1110.14 - Oracle Corporation)
Java SE Development Kit 8 Update 92 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180920}) (Version: 8.0.920.14 - Oracle Corporation)
Jigsaw USA Special Edition (HKLM-x32\...\Jigsaw USA Special Edition) (Version: - )
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Just Aces (HKLM-x32\...\Just Aces) (Version: - )
Kits Configuration Installer (x32 Version: 10.0.26624 - Microsoft) Hidden
Krazy 8's (HKLM-x32\...\Krazy 8's) (Version: - )
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes Anti-Exploit version 1.9.1.1403 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.9.1.1403 - Malwarebytes)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Max Mix Foto (HKLM-x32\...\Max Mix Foto) (Version: - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.24720 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Update 1 (HKLM-x32\...\{5642384f-2a89-46d3-acd5-bfe8bf6e8b2f}) (Version: 14.0.24720.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Apache Cordova (HKLM-x32\...\{f1f9315b-9cfe-418e-9b77-f09b865eb91c}) (Version: 14.0.51016.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Microsoft WorldWide Telescope (HKLM-x32\...\{02E7492D-C46F-4A34-A197-D1C3F19A1F4A}) (Version: 5.0.3 - Microsoft Research)
Milton Bradley Classic Board Games (HKLM-x32\...\ClassicBoard) (Version: - )
Mozilla Firefox 52.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
MVP Word Search (HKLM-x32\...\MVP Word Search) (Version: - )
MyWinLocker (Version: 4.0.14.29 - Egis Technology Inc.) Hidden
NASA World Wind 1.4 (HKLM-x32\...\NASA World Wind 1.4) (Version: - )
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
Night Sky Explorer (HKLM-x32\...\Night Sky Explorer) (Version: - )
Node.js (HKLM-x32\...\{69735668-F8BC-4E9A-839A-4006FDFDD5AC}) (Version: 0.12.2 - Joyent, Inc. and other Node contributors)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.10 - Panda Security)
Panda Security URL Filtering (HKLM-x32\...\Panda Security URL Filtering) (Version: 2.0.3.4 - Panda Security)
partypoker (HKLM-x32\...\PartyPoker) (Version: - PartyGaming)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Project and Item Templates for Visual Studio Express 2015 for Windows 10 - ENU (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Project and Item Templates for Visual Studio Professionald 2015 - ENU (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Puzzle Master 2 Special Edition (HKLM-x32\...\Puzzle Master 2 Special Edition) (Version: - )
Python Tools 2.2.1 for Visual Studio 2015 (HKLM-x32\...\{2E8FE507-8C06-44D0-932C-829DDB9A1A88}) (Version: 2.2.31105.00 - Microsoft Corporation)
qBittorrent 3.3.12 (HKLM-x32\...\qBittorrent) (Version: 3.3.12 - The qBittorrent project)
QSS Installation Program (HKLM-x32\...\{153898EE-EECA-471E-8E33-C8485EA84C07}) (Version: 7.0 - TP-LINK)
Quick Cribbage 3.2 (remove only) (HKLM-x32\...\Quick Cribbage 3.2) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Rings of the Magi (HKLM-x32\...\Rings of the Magi) (Version: - )
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
Should I Remove It (HKU\S-1-5-21-911639588-1509253152-2454761001-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Sid Meier's Civilization III: Complete (HKLM\...\Steam App 3910) (Version: - Firaxis Games)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stellarium 0.15.2 (HKLM\...\Stellarium_is1) (Version: 0.15.2 - Stellarium team)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1240 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.24712 - Microsoft Corporation) Hidden
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
TP-LINK TL-WN721N/TL-WN722N Driver (HKLM-x32\...\{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}) (Version: 1.0.0 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.0.0 - TP-LINK)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.3 - Tweaking.com)
TypeScript Power Tool (x32 Version: 1.7.4.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.7.4.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.7.4.0 (HKLM-x32\...\{33e2204a-4ec6-4458-895a-47e2a404d990}) (Version: 1.7.24720.0 - Microsoft Corporation)
Unchecky v1.0.2 (HKLM-x32\...\Unchecky) (Version: 1.0.2 - RaMMicHaeL)
Universal CRT Extension SDK (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Universal CRT Redistributable (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual C++ for Mobile Development (Android support) (HKLM-x32\...\{b94f21f2-787e-4df5-9c33-44e904e6133f}) (Version: 14.0.24706.0 - Microsoft Corporation)
Visual C++ for Mobile Development (iOS support) (HKLM-x32\...\{c4289f41-e61c-48ad-b3c0-8882b79858a6}) (Version: 14.0.24706.0 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio 2015 Update 1 (KB3022398) (HKLM-x32\...\{fcaa9dba-9438-48b6-ad91-4e9b4cc7084a}) (Version: 14.0.24720 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VS Update core components (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3102 - Acer Incorporated)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WinAppDeploy (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{E65EDBCC-C437-45DF-96BE-46B672317F41}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.10586.15 (HKLM-x32\...\{28a123e5-1799-4f20-9bd8-7c46f30eb7bf}) (Version: 10.1.10586.15 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.26624 (HKLM-x32\...\{e7a0c8b6-b0e9-41e2-8a0a-a6784f88d1d4}) (Version: 10.0.26624 - Microsoft Corporation)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinRT Intellisense Desktop - en-us (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - en-us (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - Other Languages (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinX DVD Ripper Platinum 7.5.11 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
WorldWide Telescope Add-in for Excel (HKLM-x32\...\{8AC4CA26-65CF-49CF-8E6E-7F2ABFDB48C2}) (Version: 1.0.8.0 - Microsoft Research)

==================== Custom CLSID (Whitelisted): ==========================

 

[The Viking]

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-911639588-1509253152-2454761001-1000\...\ChromeHTML: -> <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01B5731B-81F2-4EC3-93F7-E6A78CEC5FDE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {01FD9E88-1D5C-4D5C-B027-44905D56CFBE} - \{A4D119AD-C096-4B5C-931B-D49EA0BC455B} -> No File <==== ATTENTION
Task: {06657702-D07E-493E-AFA3-9CDCF65D59E5} - \{A9BECC6A-075D-47CB-BE45-EFC3FC5BDD57} -> No File <==== ATTENTION
Task: {0C259E26-C39D-4CDC-8DDA-39A2FCED1360} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {1332D201-8C0F-445C-AD3A-84FC417DC0EF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {17566480-963B-4FF1-83AC-2C5EF3263EB0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {17E4C680-79FE-4A71-A2B1-D2049CF693E0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {1AAEDCEB-A832-41CD-A5CD-0A20395CF4AC} - \{DAD12C1E-8A7C-4FA6-8EAF-69E7515BB526} -> No File <==== ATTENTION
Task: {1E6BD08A-4B2A-4DC1-815E-B7B9E66835D0} - \{0A240DE6-D580-4708-A8E4-E8BBB89F2C47} -> No File <==== ATTENTION
Task: {2CF02A3D-00E0-473E-8E3B-A26DF27D4EB0} - \{4730C46C-F492-4AFA-B322-837D4F66EB9E} -> No File <==== ATTENTION
Task: {352B5983-711D-4F58-B7DE-5388A371962A} - System32\Tasks\Games\UpdateCheck_S-1-5-21-911639588-1509253152-2454761001-1000
Task: {44CC5E7E-5404-4F4B-AF2F-9F38EE9812E7} - \Tweaking.com - Windows Repair Tray Icon -> No File <==== ATTENTION
Task: {46AF8A30-039E-4E75-A44E-1F026E6A4B78} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {46E2D7E0-38B0-42D4-816D-29C79304D317} - \{292BFEB6-69DB-483D-936A-73DD0D85715A} -> No File <==== ATTENTION
Task: {4799E38C-0CBA-42B1-BD0C-CEB562F4F3F9} - \{5F0DB654-2FA3-4B39-B7FD-14A89C09BF74} -> No File <==== ATTENTION
Task: {4B5E6163-AA9F-439D-970E-58D1AC753CB1} - System32\Tasks\SafeZone scheduled Autoupdate 1472757305 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {4E99EFE3-AFCE-470B-8B51-67FB942BE95A} - \{B00EBB49-21A5-462E-9C75-4374A97D70B1} -> No File <==== ATTENTION
Task: {63B00F20-B0C2-4CDD-B30A-57120609B1CA} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [2017-03-27] (Adobe Systems Incorporated)
Task: {68613A73-BBF6-4974-BFAC-AC4727EB37DC} - \{11107795-E43B-41AA-B8EC-614D14DD6588} -> No File <==== ATTENTION
Task: {7533C6E1-4933-4622-82C1-F2995DAA4981} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8D198FFE-E042-4251-8D3F-540ACD30C1CB} - \{7B42FC4E-C0C5-4507-9FA1-BAE85C59409E} -> No File <==== ATTENTION
Task: {8D21ACD0-1266-4C04-BE8F-AC7979E3B953} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8DC102BD-1A91-4275-90F6-D056AA1D7711} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-05] (Piriform Ltd)
Task: {95C13CF1-2A48-41EF-BB7F-80D93E761AC2} - \{B52B9A4B-0AD2-4CA8-9017-0CA55492C0ED} -> No File <==== ATTENTION
Task: {96B8877E-F8E7-4F81-8B74-62E95DED744A} - \{64B1B802-3E47-4877-9C9C-D765CD0DCAC1} -> No File <==== ATTENTION
Task: {98C5E5CA-DCEF-42E7-84F8-8543FAABB0A8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9FFA7276-06D0-4CFC-BE07-65078AF944F9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {A720DE7C-D3B9-475C-BCDB-D19707A52E63} - \{A41C09DE-E5AB-4B28-B663-46265207EBB8} -> No File <==== ATTENTION
Task: {B1FE28B2-846C-45DC-ABDF-2C83A873DD81} - \{A75D8957-83E2-4797-ABBC-2330F3818F93} -> No File <==== ATTENTION
Task: {BA2CDA69-079D-4CDA-8A07-3A1208F3B4A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {BB7CD59C-422A-4405-A828-8661DE9354A5} - \{B83B3AA3-A9F4-47A0-B291-202D1AF24BBE} -> No File <==== ATTENTION
Task: {BE2F70BB-A188-4DD2-9C73-A123BD7EF0D7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C3B8BF92-B474-468F-8D92-80AA3CC78604} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-17] (Adobe Systems Incorporated)
Task: {CE4C2578-7525-4D94-84EC-C5DCADB20E36} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2017-05-19] (Glarysoft Ltd)
Task: {D0CD5625-4204-4BE1-B0F8-6ACB09EDD8FF} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-19] (AVAST Software)
Task: {D6F8A9CB-FC7A-49F7-A62B-37281AFBC635} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2017-05-19] (Glarysoft Ltd)
Task: {D7E267E2-BEB9-4EF1-A0A5-B4B971FBACEF} - \{AD2FCC52-0255-46F7-8A1F-838844B0E33B} -> No File <==== ATTENTION
Task: {E0725081-AB62-4F39-B957-09E292CEABC2} - \{F6AEAF93-E6EB-4E8A-9670-3EBC2DF41FF3} -> No File <==== ATTENTION
Task: {EA6B60EB-4401-4675-B1B2-A28DF5182DCB} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {FB686C50-12FD-4204-986C-29E127B8EC1C} - \{677388A6-0D23-4C3E-8A8B-1621C1D85333} -> No File <==== ATTENTION
Task: {FDD5E831-838D-4227-AE25-22911E0A9267} - \Alarm Reminder TV -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js command prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\nodejs\nodevars.bat"
ShortcutWithArgument: C:\Users\Dennis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-05-19 18:00 - 2017-05-19 18:00 - 00162024 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-05-19 18:01 - 2017-05-19 18:01 - 00825960 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-05-19 18:01 - 2017-05-19 18:01 - 00275776 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2016-06-29 11:01 - 2016-06-29 11:01 - 08166536 _____ () C:\Program Files (x86)\SpeedFan\speedfan.exe
2017-05-19 18:00 - 2017-05-19 18:00 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-19 18:01 - 2017-05-19 18:01 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-19 18:01 - 2017-05-19 18:01 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-22 11:20 - 2017-05-22 11:20 - 05980160 _____ () C:\Program Files\AVAST Software\Avast\defs\17052202\algo.dll
2017-05-19 18:01 - 2017-05-19 18:01 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-05-19 18:00 - 2017-05-19 18:00 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2010-06-28 15:20 - 2010-06-28 15:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 15:12 - 2010-06-28 15:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2017-05-10 05:16 - 2017-05-10 05:16 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-19 18:01 - 2017-05-19 18:01 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-19 18:00 - 2017-05-19 18:00 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2011-03-23 01:51 - 2009-05-19 23:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2017-05-19 00:52 - 2017-05-19 00:52 - 00086992 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
2017-05-22 11:53 - 2017-05-22 21:49 - 00158720 _____ () C:\Users\Dennis\AppData\Local\Temp\sfareca00001.dll
2017-05-22 11:53 - 2017-05-22 21:49 - 00192512 _____ () C:\Users\Dennis\AppData\Local\Temp\sfamcc00001.dll
2017-05-20 11:59 - 2017-05-20 11:59 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\40a6f3329f8f77c7304e6692d16bac04\IsdiInterop.ni.dll
2011-03-23 01:07 - 2010-04-13 09:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:84098FD3 [133]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2017-04-29 19:30 - 00002053 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-911639588-1509253152-2454761001-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 64.59.144.19 - 64.59.150.135
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Software Updater Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk => C:\Windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: jswtrayutil => "C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{4D3EBBE5-3610-4E43-88EF-409A43945EE2}C:\program files (x86)\hasbro interactive\classic games\classicboard.exe] => (Block) C:\program files (x86)\hasbro interactive\classic games\classicboard.exe
FirewallRules: [TCP Query User{1E6D625F-E8ED-4220-A623-D9BADFFCDF7D}C:\program files (x86)\hasbro interactive\classic games\classicboard.exe] => (Block) C:\program files (x86)\hasbro interactive\classic games\classicboard.exe
FirewallRules: [UDP Query User{1491BCB4-C7BC-41F1-9784-11B1604D7B7C}C:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe] => (Allow) C:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe
FirewallRules: [TCP Query User{B348E1F6-6219-403E-9666-22DEB29D5331}C:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe] => (Allow) C:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe
FirewallRules: [UDP Query User{FAC282EB-063B-401B-A740-312349B86B51}C:\program files (x86)\hasbro interactive\classic games\classicboard.exe] => (Allow) C:\program files (x86)\hasbro interactive\classic games\classicboard.exe
FirewallRules: [TCP Query User{A91C7BD5-DAE2-4072-A679-F6AD6582BCB9}C:\program files (x86)\hasbro interactive\classic games\classicboard.exe] => (Allow) C:\program files (x86)\hasbro interactive\classic games\classicboard.exe
FirewallRules: [{E2D946DC-EBCB-4BE3-9EFF-1D40D727BCD6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B4FE153E-7A7C-40A6-A16C-5400386CB1E5}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{DE6055F8-5575-48E2-89E5-E13D2A7E8EC9}] => (Allow) LPort=1900
FirewallRules: [{72416202-0E26-4FF5-A9A0-22BBA3623CD4}] => (Allow) LPort=2869
FirewallRules: [{BF151FD1-3E4E-421E-8FA7-489D9B03DA94}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EFB5AA90-533B-4873-98D4-1FC47DE3ECFB}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{259D2015-59C5-45AE-AC07-A3F121771CE8}C:\program files (x86)\java\jdk1.7.0_55\bin\javaw.exe] => (Block) C:\program files (x86)\java\jdk1.7.0_55\bin\javaw.exe
FirewallRules: [UDP Query User{7FF34ADC-32C2-4E15-9AE2-6A5E821FD5C3}C:\program files (x86)\java\jdk1.7.0_55\bin\javaw.exe] => (Block) C:\program files (x86)\java\jdk1.7.0_55\bin\javaw.exe
FirewallRules: [TCP Query User{7BBB4D5F-7195-47DE-A636-8DC5CA957C2D}D:\inf1.exe] => (Allow) D:\inf1.exe
FirewallRules: [UDP Query User{ACE4C587-CDB8-48AD-81A7-1D550B21F998}D:\inf1.exe] => (Allow) D:\inf1.exe
FirewallRules: [{FA820720-4BCA-4E91-982F-7AA11F958463}] => (Block) D:\inf1.exe
FirewallRules: [{4D696EBE-1DE3-472F-89B3-86351DD90570}] => (Block) D:\inf1.exe
FirewallRules: [{82B99E6B-2015-48C6-A05B-8BA8B5FD773C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1E1B07E6-EA48-42E6-816F-49FEFCCA1A44}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5A60B1A3-412A-4654-BAA4-46EB565D87AC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{79D7B01C-23FD-429A-9CE0-FD19DB39ADB5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7AD62B3B-B4F1-4A59-9AC0-C8AABAA6B48E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe
FirewallRules: [{7A99A633-1A09-42F4-8D3C-AE98A01323C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe
FirewallRules: [{89AA8E89-B577-4406-A18A-A84E6D14655D}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{B6F894FE-9D56-4CBF-B3FF-5434886353D8}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{12612AE4-3893-44EF-9D32-8738FFE0F80F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A6562F5B-241E-43AC-800C-CAA524627AD4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{079685F3-2728-4CC6-A4E3-D9BA520B5451}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4FBA4A13-7B1D-4134-8AD4-8515060D0CD0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{29CA0291-94D3-422B-9268-CE9241734627}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe
FirewallRules: [{AE697682-62FD-44B4-B41A-63E7B92C710A}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{04C392A7-A27A-42D2-AEEC-7A9F22EBD381}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{1EF8D77D-46D1-4A72-9B93-572292AEB8DB}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{6D99A4CF-501F-4860-90CF-FC4C9D01FBD8}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_3\SZBrowser.exe
FirewallRules: [{B1A96C6B-CA6E-46D9-B2FA-B8B79AABC318}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_2\SZBrowser.exe
FirewallRules: [{75D6C0E6-58C5-4060-B61F-A200C29114E1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

10-05-2017 00:33:20 Restore Operation
10-05-2017 05:47:11 Windows Update
13-05-2017 13:00:17 Windows Update
16-05-2017 19:08:40 Windows Update
19-05-2017 15:37:50 Restore Operation
19-05-2017 19:50:36 Windows Update

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: JumpStart Wireless Filter Driver
Description: JumpStart Wireless Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: JSWPSLWF
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/22/2017 09:43:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (05/22/2017 05:56:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Dennis\Downloads\vcredist_arm.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/22/2017 11:39:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\makecat.exe.Manifest".
Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/22/2017 11:39:31 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x64\makecat.exe.Manifest".
Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/22/2017 11:37:51 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\redist\1033\vcredist_arm.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/22/2017 11:35:25 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\arm\signtool.exe.Manifest".
Dependent Assembly Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/22/2017 11:35:24 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\arm64\inspect.exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Kits\10\bin\arm64\inspect.exe" on line 8.
The value "arm64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.

Error: (05/22/2017 11:35:24 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\arm64\accevent.exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Kits\10\bin\arm64\accevent.exe" on line 8.
The value "arm64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.

Error: (05/22/2017 11:35:24 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\arm64\AccScope\accscope.exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Kits\10\bin\arm64\AccScope\accscope.exe" on line 8.
The value "arm64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.

Error: (05/22/2017 11:35:23 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\arm64\AppPerfAnalyzer\appperfanalyzer_js.exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Kits\10\bin\arm64\AppPerfAnalyzer\appperfanalyzer_js.exe" on line 8.
The value "arm64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (05/22/2017 09:48:07 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (05/22/2017 09:47:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
JSWPSLWF

Error: (05/22/2017 09:45:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/22/2017 09:45:55 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.

Error: (05/22/2017 09:45:55 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.

Error: (05/22/2017 09:41:58 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (05/22/2017 09:41:58 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/22/2017 09:41:46 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (05/22/2017 09:41:36 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/22/2017 09:41:14 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswbidsdriver
aswbidsh
aswblog
aswbuniv
aswRvrt
aswSnx
aswSP
aswVmm
discache
ESProtectionDriver
GUBootStartup
JSWPSLWF
SASDIFSV
SASKUTIL
spldr
Wanarpv6


CodeIntegrity:
===================================
Date: 2016-07-28 00:28:49.030
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-28 00:28:48.749
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-28 00:24:12.140
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-28 00:24:11.828
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-25 12:00:37.127
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PSKMAD.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-25 12:00:35.146
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kvbirssu.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-22 00:39:51.440
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-22 00:39:51.112
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-21 19:40:11.321
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PSKMAD.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-21 19:40:09.465
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\bvdyxblz.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz
Percentage of memory in use: 46%
Total physical RAM: 5814.71 MB
Available physical RAM: 3126.71 MB
Total Virtual: 11627.6 MB
Available Virtual: 9312.16 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:581.07 GB) (Free:19.57 GB) NTFS
Drive d: (MBCLASSIC) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 0C5461D0)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=581.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[The Viking]

Hi Broni,
I'm just checking to see if you've received the Fubar logs I sent Monday.
The Viking

 

[Broni]

I still have JRT and TFC on my desktop. Do you want me to uninstall them and then reinstall them when the time comes?

No.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[The Viking]

Hi Broni,
I downloaded RK from Link 1. It seemed to install correctly.
I ran it, clicked Scan Now twice, it ran for 9.5 minutes, then became unresponsive.
I had to close the program. I haven't uninstalled RK yet.

When I closed it, my desktop appeared with no icons, taskbar, or Start Menu ...
I had to pull the power connection and restart in Safe Mode to send this message.

Dennis (The Viking)

 

[The Viking]

I ran it again ... hope I'm posting the right stuff.
RK never showed Scan Finished, and I didn't see any delete button.

RogueKiller V12.10.10.0 (x64) [May 22 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dennis [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 05/24/2017 00:55:23 (Duration : 00:41:24)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 9 ¤¤¤
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4} -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-911639588-1509253152-2454761001-1000\Software\Software Updater -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-911639588-1509253152-2454761001-1000\Software\Software Updater -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 64.59.144.19 64.59.150.135 ([Canada][Canada]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 64.59.144.19 64.59.150.135 ([Canada][Canada]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 64.59.144.19 64.59.150.135 ([Canada][Canada]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3F03EB82-C645-4B1F-953B-0034968DACA2} | DhcpNameServer : 64.59.144.19 64.59.150.135 ([Canada][Canada]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3F03EB82-C645-4B1F-953B-0034968DACA2} | DhcpNameServer : 64.59.144.19 64.59.150.135 ([Canada][Canada]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{3F03EB82-C645-4B1F-953B-0034968DACA2} | DhcpNameServer : 64.59.144.19 64.59.150.135 ([Canada][Canada]) -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[PUP.Gen1][Folder] C:\Users\Dennis\AppData\Local\Maxiget Download Manager -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK6465GSX +++++
--- User ---
[MBR] 1270e99397505f6a29bb28d6fba6b77b
[BSP] 6405f3d78146af69af854483140bc135 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31459328 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 31664128 | Size: 595018 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

 

[The Viking]

Report Details
Program RogueKiller V12.10.10.0 (x64) [May 22 2017] (Free) by Adlice Software
Operating System Windows 7 (6.1.7601 Service Pack 1) 64 bits version
User Dennis [Administrator]
Started in Normal mode
Started from Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode Date : 05/24/2017 00:55:23 (Duration : 00:41:24)

Registry
Detection Name Path Key/Value Data Status
PUP.Gen0 CLSID (X64) HKEY_CLASSES_ROOT\CLSID {9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4} Found
PUP.Gen1 SOFTWARE (X64) HKEY_USERS\S-1-5-21-911639588-1509253152-2454761001-1000\Software Software Updater Found
PUP.Gen1 SOFTWARE (X86) HKEY_USERS\S-1-5-21-911639588-1509253152-2454761001-1000\Software Software Updater Found
PUM.Dns DNS (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters DhcpNameServer 64.59.144.19 64.59.150.135 ([Canada][Canada]) Found
PUM.Dns DNS (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters DhcpNameServer 64.59.144.19 64.59.150.135 ([Canada][Canada]) Found
PUM.Dns DNS (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters DhcpNameServer 64.59.144.19 64.59.150.135 ([Canada][Canada]) Found
PUM.Dns DNS (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3F03EB82-C645-4B1F-953B-0034968DACA2} DhcpNameServer 64.59.144.19 64.59.150.135 ([Canada][Canada]) Found
PUM.Dns DNS (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3F03EB82-C645-4B1F-953B-0034968DACA2} DhcpNameServer 64.59.144.19 64.59.150.135 ([Canada][Canada]) Found
PUM.Dns DNS (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{3F03EB82-C645-4B1F-953B-0034968DACA2} DhcpNameServer 64.59.144.19 64.59.150.135 ([Canada][Canada]) Found

 

[Broni]

Go on..

 

[The Viking]

Hi Broni,
Did RogueKiller run to your satisfaction?
I'm posting the Malwarebytes log below, but I have to go out and do some business for a few hours ... I complete the other steps when I get back, if that's okay.

Dennis

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/24/17
Scan Time: 11:56 AM
Log File: Malawarebytes.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.2013
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dennis-PC\Dennis

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 480749
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 10 min, 36 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

 

[The Viking]

# AdwCleaner v6.047 - Logfile created 24/05/2017 at 12:35:02
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-23.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Dennis - DENNIS-PC
# Running from : C:\Users\Dennis\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

Service Found: panda_url_filtering


***** [ Folders ] *****

Folder Found: C:\Users\Dennis\AppData\Local\MaxiGet Download Manager
Folder Found: C:\Program Files\Panda Security URL Filtering
Folder Found: C:\ProgramData\Auslogics
Folder Found: C:\ProgramData\Application Data\Auslogics
Folder Found: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\pandasecuritytb
Folder Found: C:\quardata


***** [ Files ] *****

File Found: C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxps_mysearch.avg.com_0.localstorage
File Found: C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_surveymyopinion.researchnow.com_0.localstorage
File Found: C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.metrolyrics.com_0.localstorage


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Software Updater Service
Key Found: HKU\S-1-5-21-911639588-1509253152-2454761001-1000\Software\Classes\bndle
Key Found: HKU\S-1-5-21-911639588-1509253152-2454761001-1000\Software\Classes\Exent.GameTreatWidget
Key Found: HKU\S-1-5-21-911639588-1509253152-2454761001-1000\Software\Classes\Exent.GameTreatWidget.1
Key Found: HKCU\Software\Classes\bndle
Key Found: HKCU\Software\Classes\Exent.GameTreatWidget
Key Found: HKCU\Software\Classes\Exent.GameTreatWidget.1
Key Found: HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget.1
Key Found: [x64] HKCU\Software\Classes\bndle
Key Found: [x64] HKCU\Software\Classes\Exent.GameTreatWidget
Key Found: [x64] HKCU\Software\Classes\Exent.GameTreatWidget.1
Key Found: [x64] HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget.1
Key Found: HKCU\Software\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found: HKU\S-1-5-21-911639588-1509253152-2454761001-1000\Software\Software Updater
Key Found: HKCU\Software\Software Updater
Key Found: HKLM\SOFTWARE\Auslogics
Key Found: [x64] HKCU\Software\Software Updater
Key Found: HKCU\SOFTWARE\Classes\ChromeHTML


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found: [C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] - ask.com
Chrome pref Found: [C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] - search.conduit.com

[!] You may need to disable the Chrome synchronization from your Google account in order to fully remove the malicious preferences. Please consult this Google help: https://support.google.com/chrome/answer/3097271?hl=en [!]


*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [3463 Bytes] - [24/05/2017 12:35:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3536 Bytes] ##########

 

[The Viking]

Here is the AdwCleaner CX log ...

# AdwCleaner v6.047 - Logfile created 24/05/2017 at 12:49:17
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-23.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Dennis - DENNIS-PC
# Running from : C:\Users\Dennis\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: panda_url_filtering


***** [ Folders ] *****

[-] Folder deleted: C:\Users\Dennis\AppData\Local\MaxiGet Download Manager
[-] Folder deleted: C:\Program Files\Panda Security URL Filtering
[-] Folder deleted: C:\ProgramData\Auslogics
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Auslogics
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\pandasecuritytb
[-] Folder deleted: C:\quardata


***** [ Files ] *****

[-] File deleted: C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxps_mysearch.avg.com_0.localstorage
[-] File deleted: C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_surveymyopinion.researchnow.com_0.localstorage
[-] File deleted: C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.metrolyrics.com_0.localstorage


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Software Updater Service
[-] Key deleted: HKU\S-1-5-21-911639588-1509253152-2454761001-1000\Software\Classes\bndle
[-] Key deleted: HKU\S-1-5-21-911639588-1509253152-2454761001-1000\Software\Classes\Exent.GameTreatWidget
[-] Key deleted: HKU\S-1-5-21-911639588-1509253152-2454761001-1000\Software\Classes\Exent.GameTreatWidget.1
[#] Key deleted on reboot: HKCU\Software\Classes\bndle
[#] Key deleted on reboot: HKCU\Software\Classes\Exent.GameTreatWidget
[#] Key deleted on reboot: HKCU\Software\Classes\Exent.GameTreatWidget.1
[-] Key deleted: HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget.1
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\bndle
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Exent.GameTreatWidget
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Exent.GameTreatWidget.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget.1
[-] Key deleted: HKCU\Software\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKU\S-1-5-21-911639588-1509253152-2454761001-1000\Software\Software Updater
[#] Key deleted on reboot: HKCU\Software\Software Updater
[-] Key deleted: HKLM\SOFTWARE\Auslogics
[#] Key deleted on reboot: [x64] HKCU\Software\Software Updater
[-] Key deleted: HKCU\SOFTWARE\Classes\ChromeHTML


***** [ Web browsers ] *****

[-] [C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: search.conduit.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3436 Bytes] - [24/05/2017 12:49:17]
C:\AdwCleaner\AdwCleaner[S0].txt - [3639 Bytes] - [24/05/2017 12:35:02]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3582 Bytes] ##########

 

[The Viking]

Here's JRT ... going out for those couple of hours now.
Dennis (The Viking)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Home Premium x64
Ran by Dennis (Administrator) on 05/24/17 at 13:16:38.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 16

Successfully deleted: C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JPINDJUD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M275YMHQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MUQZKZGU (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PM3P9P1S (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUU7QPI7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5L6VQAA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y2YASMIH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z1D1MU6B (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JPINDJUD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M275YMHQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MUQZKZGU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PM3P9P1S (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUU7QPI7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5L6VQAA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y2YASMIH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z1D1MU6B (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/24/17 at 13:33:08.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[The Viking]

Hi Broni,

I disabled Avast Free before running ComboFix.
Internet did NOT disconnect once ComboFix started, so after about 1-2 minutes, I manually disconnected.

Once ComboFix completed, I checked my Desktop and there was no .txt file, so I manually "Saved as" Dennis ComboFix Desktop May-24-2017

Here is the log ...

ComboFix 17-05-16.01 - Dennis 05/24/17 17:47:22.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5815.4027 [GMT -7:00]
Running from: c:\users\Dennis\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dennis\AppData\Roaming\Microsoft\Windows\Recent\Best Way to Back Up your Computer.url
c:\users\Dennis\AppData\Roaming\Microsoft\Windows\Recent\Best way to give Feedback to Win product team July15-2016.url
.
.
((((((((((((((((((((((((( Files Created from 2017-04-25 to 2017-05-25 )))))))))))))))))))))))))))))))
.
.
2017-05-25 01:03 . 2017-05-25 01:03 -------- d-----w- c:\users\test\AppData\Local\temp
2017-05-25 01:03 . 2017-05-25 01:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2017-05-25 01:03 . 2017-05-25 01:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-05-24 19:56 . 2017-05-24 19:56 -------- d-----w- c:\programdata\SWCUTemp
2017-05-24 19:20 . 2017-05-24 19:49 -------- d-----w- C:\AdwCleaner
2017-05-24 02:55 . 2017-05-24 09:02 -------- d-----w- c:\programdata\RogueKiller
2017-05-24 02:55 . 2017-05-24 02:55 -------- d-----w- c:\program files\RogueKiller
2017-05-23 04:30 . 2017-05-23 05:05 -------- d-----w- C:\FRST
2017-05-20 02:43 . 2017-04-16 08:35 25741312 ----a-w- c:\windows\system32\mshtml.dll
2017-05-20 02:43 . 2017-04-16 07:10 15250944 ----a-w- c:\windows\system32\ieframe.dll
2017-05-20 02:41 . 2015-05-25 18:19 113664 ----a-w- c:\windows\system32\sechost.dll
2017-05-20 01:25 . 2015-07-23 00:02 879104 ----a-w- c:\windows\system32\tdh.dll
2017-05-20 01:25 . 2015-07-22 17:53 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2017-05-20 01:01 . 2017-05-20 01:01 400456 ----a-w- c:\windows\system32\aswBoot.exe
2017-05-15 06:01 . 2017-05-15 06:01 -------- d-----w- c:\windows\SysWow64\Adobe
2017-05-09 11:36 . 2017-05-19 06:04 -------- d-----w- c:\windows\system32\DBBK
2017-05-09 04:24 . 2015-09-14 21:03 39672 ----a-w- c:\windows\system32\drivers\rvecschg.sys
2017-04-26 02:41 . 2017-04-26 02:41 -------- d-----w- c:\program files (x86)\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-05-25 00:32 . 2017-04-03 19:35 251832 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-05-24 07:55 . 2014-12-16 10:52 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-05-20 02:56 . 2014-08-27 22:42 156335152 -c--a-w- c:\windows\system32\MRT.exe
2017-05-20 01:02 . 2016-07-30 13:31 158880 ----a-w- c:\windows\system32\drivers\aswstm.sys
2017-05-20 01:01 . 2016-07-30 13:31 75704 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-05-20 01:01 . 2016-07-30 13:31 569192 ----a-w- c:\windows\system32\drivers\aswSP.sys
2017-05-20 01:01 . 2016-07-30 13:31 38296 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-05-20 01:01 . 2016-07-30 13:31 339696 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2017-05-20 01:01 . 2016-07-30 13:31 128648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2017-05-20 01:01 . 2016-07-30 13:31 101152 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2017-05-20 01:00 . 2016-07-30 13:31 32600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2017-05-20 01:00 . 2016-07-30 13:31 1007160 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2017-05-20 01:00 . 2017-03-18 03:11 49016 ----a-w- c:\windows\system32\drivers\aswbuniva.sys
2017-05-20 01:00 . 2017-03-18 03:11 334576 ----a-w- c:\windows\system32\drivers\aswbloga.sys
2017-05-20 01:00 . 2017-03-18 03:11 190256 ----a-w- c:\windows\system32\drivers\aswbidsha.sys
2017-05-20 01:00 . 2017-03-18 03:11 311808 ----a-w- c:\windows\system32\drivers\aswbidsdrivera.sys
2017-05-09 23:37 . 2017-04-03 19:34 77440 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-04-28 00:32 . 2017-05-20 02:42 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2017-04-26 02:44 . 2016-11-23 04:16 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2017-04-26 02:38 . 2017-01-23 06:14 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2017-04-17 17:45 . 2014-09-30 01:19 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-04-17 17:45 . 2014-09-30 01:19 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-04-03 19:35 . 2017-04-03 19:35 186304 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-04-03 19:35 . 2017-04-03 19:35 111544 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-04-03 19:35 . 2017-04-03 19:35 82720 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-04-03 19:35 . 2017-04-03 19:35 43968 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-03-27 03:33 . 2017-03-27 03:33 28344 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
2017-03-27 03:33 . 2017-03-27 03:33 19104 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll
2017-03-27 03:33 . 2017-03-27 03:33 19104 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll
2017-03-27 03:33 . 2017-03-27 03:33 19104 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll
2017-03-27 03:29 . 2017-03-27 03:29 30400 ----a-w- c:\windows\system32\aspnet_counters.dll
2017-03-27 03:29 . 2017-03-27 03:29 19112 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2017-03-27 03:29 . 2017-03-27 03:29 19112 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2017-03-27 03:29 . 2017-03-27 03:29 19112 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2017-03-22 15:32 . 2017-04-16 06:17 3165184 ----a-w- c:\windows\system32\wucltux.dll
2017-03-22 15:32 . 2017-04-16 06:16 98816 ----a-w- c:\windows\system32\wudriver.dll
2017-03-22 15:32 . 2017-04-16 06:16 192512 ----a-w- c:\windows\system32\wuwebv.dll
2017-03-22 15:30 . 2017-04-16 06:16 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2017-03-22 15:24 . 2017-04-16 06:16 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2017-03-22 15:17 . 2017-04-16 06:17 2651136 ----a-w- c:\windows\system32\wuaueng.dll
2017-03-22 15:15 . 2017-04-16 06:17 709120 ----a-w- c:\windows\system32\wuapi.dll
2017-03-22 15:15 . 2017-04-16 06:16 37888 ----a-w- c:\windows\system32\wuapp.exe
2017-03-22 15:15 . 2017-04-16 06:16 140288 ----a-w- c:\windows\system32\wuauclt.exe
2017-03-22 15:15 . 2017-04-16 06:16 36864 ----a-w- c:\windows\system32\wups.dll
2017-03-22 15:15 . 2017-04-16 06:16 37888 ----a-w- c:\windows\system32\wups2.dll
2017-03-22 15:15 . 2017-04-16 06:16 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2017-03-22 15:05 . 2017-04-16 06:17 573440 ----a-w- c:\windows\SysWow64\wuapi.dll
2017-03-22 15:05 . 2017-04-16 06:16 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2017-03-22 15:05 . 2017-04-16 06:16 30208 ----a-w- c:\windows\SysWow64\wups.dll
2017-03-22 15:05 . 2017-04-16 06:16 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2017-03-10 16:35 . 2017-04-16 06:17 382696 ----a-w- c:\windows\system32\atmfd.dll
2017-03-10 16:31 . 2017-04-16 06:16 41472 ----a-w- c:\windows\system32\lpk.dll
2017-03-10 16:31 . 2017-04-16 06:16 100864 ----a-w- c:\windows\system32\fontsub.dll
2017-03-10 16:31 . 2017-04-16 06:16 14336 ----a-w- c:\windows\system32\dciman32.dll
2017-03-10 16:31 . 2017-04-16 06:16 46080 ----a-w- c:\windows\system32\atmlib.dll
2017-03-10 16:27 . 2017-04-16 06:17 308456 ----a-w- c:\windows\SysWow64\atmfd.dll
2017-03-10 16:20 . 2017-04-16 06:16 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2017-03-10 16:19 . 2017-04-16 06:16 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2017-03-10 16:19 . 2017-04-16 06:16 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2017-03-10 15:53 . 2017-04-16 06:16 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2017-03-07 16:30 . 2017-04-16 06:16 85504 ----a-w- c:\windows\system32\asycfilt.dll
2017-03-07 16:17 . 2017-04-16 06:16 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll
2017-03-07 14:05 . 2017-04-16 06:16 243200 ----a-w- c:\windows\system32\rdpudd.dll
2017-03-04 01:27 . 2017-04-16 06:17 1574912 ----a-w- c:\windows\system32\quartz.dll
2017-03-04 01:27 . 2017-04-16 06:16 93696 ----a-w- c:\windows\system32\mfmjpegdec.dll
2017-03-04 01:14 . 2017-04-16 06:17 1329664 ----a-w- c:\windows\SysWow64\quartz.dll
2017-03-04 01:14 . 2017-04-16 06:16 77312 ----a-w- c:\windows\SysWow64\mfmjpegdec.dll
2001-09-30 05:31 . 2016-03-01 01:05 314931 ----a-r- c:\program files (x86)\binkw32.dll
2001-09-30 05:31 . 2016-03-01 01:04 314931 ----a-r- c:\program files\binkw32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2017-05-05 9772248]
"GUDelayStartup"="c:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2017-05-19 43984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2017-03-15 587288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda"="reg.exe delete HKCU\Software\AppDataLow\Software\panda" [X]
"panda_XP"="reg.exe delete HKCU\Software\panda" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
"MaxGPOScriptWait"= 600 (0x258)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk * \0PCloudBroom64.exe \systemroot\system32\BroomData.bit\0PCloudBroom64.exe \systemroot\system32\BroomData.bit\0PCloudBroom64.exe \systemroot\system32\BroomData.bit
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe"
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys;c:\windows\SYSNATIVE\DRIVERS\jswpslwfx.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe [x]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
R3 panda_url_filteringd;panda_url_filteringd driver;c:\program files\Panda Security URL Filtering\panda_url_filteringd.sys;c:\program files\Panda Security URL Filtering\panda_url_filteringd.sys [x]
R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 Unchecky;Unchecky;c:\program files (x86)\Unchecky\bin\unchecky_svc.exe;c:\program files (x86)\Unchecky\bin\unchecky_svc.exe [x]
R3 VSStandardCollectorService140;Visual Studio Standard Collector Service;c:\program files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe;c:\program files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [x]
S0 aswbidsh;aswbidsh;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys [x]
S0 aswblog;aswblog;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IpOverUsbSvc;Windows Phone IP over USB Transport (IpOverUsbSvc);c:\program files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe;c:\program files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys;c:\windows\SYSNATIVE\DRIVERS\rdpdispm.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - mwlPSDFilter
*Deregistered* - mwlPSDNServ
*Deregistered* - mwlPSDVDisk
*Deregistered* - X5XSEx_Pr143
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-05-20 01:01 1505952 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-05-20 01:01 1505952 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2016-10-14 1841496]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-01-05 860040]
"OOTag"="c:\program files (x86)\Acer\OOBEOffer\ootag.exe" [2010-02-23 13856]
"GwxControlPanelMonitor"="c:\program files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe" [2016-04-02 4596296]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-05-10 3146704]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-05-20 213824]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 64.59.144.19 64.59.150.135
FF - ProfilePath - c:\users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\ktc8jgaw.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-AppXSvc
SafeBoot-ClipSvc
SafeBoot-TweakingRemoveSafeBoot
SafeBoot-WSService
AddRemove-Panda Security URL Filtering - c:\program files\Panda Security URL Filtering\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_25_0_0_148_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_25_0_0_148_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_25_0_0_148_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_25_0_0_148_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_148.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.25"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_148.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_148.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_148.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-05-24 18:07:58
ComboFix-quarantined-files.txt 2017-05-25 01:07
.
Pre-Run: 30,078,840,832 bytes free
Post-Run: 29,701,898,240 bytes free
.
- - End Of File - - 5243F885C77CD7B21B53FB01FE5ED39F

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[The Viking]

I'll rerun Farbar as instructed but ...
I've moved all our recovery/scan tools from the Desktop to a new folder on the Desktop. Will that make any difference?

 

[Broni]

Well, at the end we'll run cleaning program which removes all tools we've been using so far.
If those tools are in some folder the program won't see them and you'll have to remove all tools manually.

 

[The Viking]

That's okay, I'll just move them back to the desktop before the final clean.
I was more concerned about your instructions so far to leave all cleaning tools on the desktop ... I just didn't want Farbar to behave differently because I had moved it.

I'll move it back to the desktop now, run it now and post once it's completed.
Thanks for all your hard work and dedication, Broni.

 

[The Viking]

I moved Farbar back to the desktop and opened it.
There was an error message "".
I clicked on "Scan" and got the following report:
(NOTE: It was too long so the post will be on 2 or more posts)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2017
Ran by Dennis (administrator) on DENNIS-PC (24-05-2017 20:48:38)
Running from C:\Users\Dennis\Desktop
Loaded Profiles: Dennis (Available Profiles: Dennis & July14-2014)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2011-01-05] (Acer Incorporated)
HKLM\...\Run: [OOTag] => C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-22] (Microsoft)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-01] (UltimateOutsider)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-19] (AVAST Software)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-911639588-1509253152-2454761001-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9772248 2017-05-05] (Piriform Ltd)
HKU\S-1-5-21-911639588-1509253152-2454761001-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [43984 2017-05-19] (Glarysoft Ltd)
HKU\S-1-5-21-911639588-1509253152-2454761001-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-19] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-19] (AVAST Software)
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bitPCloudBroom64.exe \systemroot\system32\BroomData.bitPCloudBroom64.exe \systemroot\system32\BroomData.bit
GroupPolicyScripts-x32: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 64.59.144.19 64.59.150.135
Tcpip\..\Interfaces\{3F03EB82-C645-4B1F-953B-0034968DACA2}: [DhcpNameServer] 64.59.144.19 64.59.150.135

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-911639588-1509253152-2454761001-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-911639588-1509253152-2454761001-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-25] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-05] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-05] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-25] (Oracle Corporation)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxps://files.pcpitstop.com/cab/pcmatic.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)

FireFox:
========
FF DefaultProfile: ktc8jgaw.default
FF ProfilePath: C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\ktc8jgaw.default [2017-05-24]
FF Extension: (Avast SafePrice) - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\ktc8jgaw.default\Extensions\sp@avast.com.xpi [2017-05-08]
FF Extension: (Avast Online Security) - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\ktc8jgaw.default\Extensions\wrc@avast.com.xpi [2017-05-08]
FF Extension: (QuickJava) - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\ktc8jgaw.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2016-11-23]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-11-14] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-17] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-25] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-911639588-1509253152-2454761001-1000: jpl.nasa.gov/NASAEyes -> C:\Users\Dennis\NASA's Eyes\npNASAEyes.dll [2016-07-13] (Jet Propulsion Laboratory)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxp://www.google.com/
CHR Profile: C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default [2016-11-21]
CHR Extension: (Google Slides) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-18]
CHR Extension: (Google Docs) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-18]
CHR Extension: (Google Drive) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-18]
CHR Extension: (YouTube) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-18]
CHR Extension: (Avast Online Security) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2016-11-18]
CHR Extension: (Avast SafePrice) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-18]
CHR Extension: (Avast SafePrice) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcoadmpfijfcmokecmkgolhbaeclfage [2016-11-18]
CHR Extension: (Google Sheets) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-18]
CHR Extension: (Google Docs Offline) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-18]
CHR Extension: (Avast Online Security) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-18]
CHR Extension: (Gmail) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-18]
CHR Extension: (Chrome Media Router) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-18]
CHR Profile: C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-05-24]
CHR Extension: (Google Docs) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Drive) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (YouTube) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-21]
CHR Extension: (Google Search) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Docs Offline) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Avast Online Security) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-05-20]
CHR Extension: (Google Wallet) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-19]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fcoadmpfijfcmokecmkgolhbaeclfage] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [okmhneofinpilciglijihehjpaegledb] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-19] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-19] (AVAST Software)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2015-11-20] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [137216 2015-11-19] (Microsoft Corporation) [File not signed]
S3 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [304408 2017-02-01] (RaMMicHaeL)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-05-19] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-05-19] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-05-19] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-05-19] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-19] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-05-19] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-19] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-19] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-05-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-05-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-05-19] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-19] (AVAST Software)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2016-11-07] (Glarysoft Ltd)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-05-24] (Malwarebytes)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [28624 2016-07-13] () [File not signed]
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 panda_url_filteringd; \??\C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [X]

==================== NetSvcs (Whitelisted) ===================