Solved PRODUC~1.EXE : What is it and how do I remove it?

malsaurus · Nov 10, 2018

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/11/18
Scan Time: 9:28 AM
Log File: 21881070-e551-11e8-9944-342387de9750.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.7789
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: TomDell\Tom

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 311889
Threats Detected: 133
Threats Quarantined: 133
Time Elapsed: 37 min, 43 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 16
PUP.Optional.Yontoo, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME, Quarantined, [33], [-1],0.0.0
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME, Quarantined, [33], [-1],0.0.0
PUP.Optional.BDYahoo, HKU\S-1-5-21-252852572-1064671646-1800406956-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{295E555F-A5F0-42ED-917A-617F365F50E9}, Quarantined, [6826], [235700],1.0.7789
PUP.Optional.BDYahoo, HKU\S-1-5-21-252852572-1064671646-1800406956-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{295E555F-A5F0-42ED-917A-617F365F50E9}, Quarantined, [6826], [235700],1.0.7789
PUP.Optional.Yontoo, HKU\S-1-5-21-252852572-1064671646-1800406956-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\OldSearch, Quarantined, [33], [246105],1.0.7789
PUP.Optional.Bandoo.AppFlsh, HKU\S-1-5-21-252852572-1064671646-1800406956-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2000}, Quarantined, [3], [253586],1.0.7789
PUP.Optional.Bandoo.AppFlsh, HKU\S-1-5-21-252852572-1064671646-1800406956-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}, Quarantined, [3], [253586],1.0.7789
PUP.Optional.Yontoo, HKU\S-1-5-21-252852572-1064671646-1800406956-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{a62abdee-78a2-4ddb-9355-1c334abd6e43}, Quarantined, [33], [246105],1.0.7789
PUP.Optional.iMeshMusicBoxTB, HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\iMeshIEHelper.DNSGuard.1, Quarantined, [6383], [239379],1.0.7789
PUP.Optional.iMeshMusicBoxTB, HKU\S-1-5-21-252852572-1064671646-1800406956-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{474597C5-AB09-49D6-A4D5-2E8D7341384E}, Quarantined, [6383], [239379],1.0.7789
PUP.Optional.iMeshMusicBoxTB, HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\iMeshIEHelper.DNSGuard, Quarantined, [6383], [239379],1.0.7789
PUP.Optional.ResultsHub, HKLM\SOFTWARE\WOW6432NODE\RESULTSHUB, Quarantined, [6], [242324],1.0.7789
PUP.Optional.RocketFind, HKU\S-1-5-21-252852572-1064671646-1800406956-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}, Quarantined, [323], [242376],1.0.7789
PUP.Optional.RocketFind, HKU\S-1-5-21-252852572-1064671646-1800406956-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [323], [242376],1.0.7789
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, Quarantined, [33], [160141],1.0.7789
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, Quarantined, [33], [160141],1.0.7789

Registry Value: 22
PUP.Optional.Yontoo, HKU\S-1-5-21-252852572-1064671646-1800406956-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DONOTASKAGAIN, Quarantined, [33], [246380],1.0.7789
PUP.Optional.BDYahoo, HKU\S-1-5-21-252852572-1064671646-1800406956-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{295E555F-A5F0-42ED-917A-617F365F50E9}|URL, Quarantined, [6826], [235700],1.0.7789
PUP.Optional.Yontoo, HKU\S-1-5-21-252852572-1064671646-1800406956-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\OldSearch|URL, Quarantined, [33], [246105],1.0.7789
PUP.Optional.Bandoo.AppFlsh, HKU\S-1-5-21-252852572-1064671646-1800406956-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2000}|URL, Quarantined, [3], [253586],1.0.7789
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, [3], [-1],0.0.0
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, [3], [-1],0.0.0
PUP.Optional.ASK, HKU\S-1-5-21-252852572-1064671646-1800406956-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2000}|SUGGESTIONSURL_JSON, Quarantined, [2], [258454],1.0.7789
PUP.Optional.Bandoo.AppFlsh, HKU\S-1-5-21-252852572-1064671646-1800406956-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}|URL, Quarantined, [3], [253586],1.0.7789
PUP.Optional.ASK, HKU\S-1-5-21-252852572-1064671646-1800406956-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}|SUGGESTIONSURL_JSON, Quarantined, [2], [258454],1.0.7789
PUP.Optional.ASK, HKU\S-1-5-21-252852572-1064671646-1800406956-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}|DEFAULTSUGGESTIONURL, Quarantined, [2], [258454],1.0.7789
PUP.Optional.Yontoo, HKU\S-1-5-21-252852572-1064671646-1800406956-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{a62abdee-78a2-4ddb-9355-1c334abd6e43}|URL, Quarantined, [33], [246105],1.0.7789
PUP.Optional.ResultsHub, HKLM\SOFTWARE\WOW6432NODE\RESULTSHUB|CG, Quarantined, [6], [242324],1.0.7789
PUP.Optional.Yontoo, HKU\S-1-5-21-252852572-1064671646-1800406956-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DONOTASKAGAIN, Quarantined, [33], [246380],1.0.7789
PUP.Optional.BDYahoo, HKU\S-1-5-21-252852572-1064671646-1800406956-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{295E555F-A5F0-42ED-917A-617F365F50E9}|URL, Quarantined, [6826], [235700],1.0.7789
PUP.Optional.RocketFind, HKU\S-1-5-21-252852572-1064671646-1800406956-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}|URL, Quarantined, [323], [242376],1.0.7789
PUP.Optional.RocketFind, HKU\S-1-5-21-252852572-1064671646-1800406956-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}|TOPRESULTURLFALLBACK, Quarantined, [323], [242376],1.0.7789
PUP.Optional.RocketFind, HKU\S-1-5-21-252852572-1064671646-1800406956-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|URL, Quarantined, [323], [242376],1.0.7789
PUP.Optional.RocketFind, HKU\S-1-5-21-252852572-1064671646-1800406956-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|TOPRESULTURLFALLBACK, Quarantined, [323], [242376],1.0.7789
PUP.Optional.Bandoo.AppFlsh, HKU\S-1-5-21-252852572-1064671646-1800406956-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2000}|FAVICONPATH, Quarantined, [3], [253584],1.0.7789
PUP.Optional.Bandoo.AppFlsh, HKU\S-1-5-21-252852572-1064671646-1800406956-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}|FAVICONPATH, Quarantined, [3], [253584],1.0.7789
PUP.Optional.NotChromeRun, HKU\S-1-5-21-252852572-1064671646-1800406956-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GOOGLECHROMEAUTOLAUNCH_5189939A0645355218FFECE1F1491836, Quarantined, [6894], [241243],1.0.7789
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DONOTASKAGAIN, Quarantined, [33], [246561],1.0.7789

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 8
PUP.Optional.OpenCandy, C:\Users\jl\AppData\Roaming\OpenCandy\39B986BD64224300A6EFF93BCDD8F515, Quarantined, [1081], [173202],1.0.7789
PUP.Optional.OpenCandy, C:\Users\jl\AppData\Roaming\OpenCandy\426D7886489D440F8CEFD27306A248F6, Quarantined, [1081], [173202],1.0.7789
PUP.Optional.OpenCandy, C:\USERS\JL\APPDATA\ROAMING\OPENCANDY, Quarantined, [1081], [173202],1.0.7789
PUP.Optional.ResultsHub, C:\PROGRAMDATA\3929CB63-CBBD-4B9C-8B92-A50FBD04E656, Quarantined, [6], [179199],1.0.7789
PUP.Optional.WinYahoo.TskLnk, C:\USERS\TOM\APPDATA\ROAMING\{4CE77A5C-69B5-172A-0283-30F8DE51CDC6}, Quarantined, [704], [492406],1.0.7789
PUP.Optional.WinYahoo.TskLnk, C:\USERS\TOM\APPDATA\LOCAL\{357E0322-11D6-6F9A-7C4E-4A725826B6EA}, Quarantined, [704], [484244],1.0.7789
PUP.Optional.WinYahoo.TskLnk, C:\Users\Tom\AppData\Local\{D807EE5B-FCAF-82E3-9137-A70BB55F5B93}\HowToRemove, Quarantined, [704], [484244],1.0.7789
PUP.Optional.WinYahoo.TskLnk, C:\USERS\TOM\APPDATA\LOCAL\{D807EE5B-FCAF-82E3-9137-A70BB55F5B93}, Quarantined, [704], [484244],1.0.7789

File: 87
PUP.Optional.OpenCandy, C:\Users\jl\AppData\Roaming\OpenCandy\426D7886489D440F8CEFD27306A248F6\TUU2014-EN-1day-AID1006154.exe, Quarantined, [1081], [173202],1.0.7789
PUP.Optional.WinYahoo, C:\USERS\TOM\APPDATA\LOCALLOW\MICROSOFT\INTERNET EXPLORER\SERVICES\WINCY.ICO, Quarantined, [233], [246865],1.0.7789
PUP.Optional.Yontoo, C:\USERS\TOM\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\LOCAL STORAGE\https_resultshub-a.akamaihd.net_0.localstorage, Quarantined, [33], [248776],1.0.7789
PUP.Optional.Yontoo, C:\DOCUMENTS AND SETTINGS\ALL USERS\NTUSER.POL, Quarantined, [33], [-1],0.0.0
PUP.Optional.Yontoo, C:\PROGRAMDATA\NTUSER.POL, Quarantined, [33], [-1],0.0.0
PUP.Optional.Yontoo, C:\USERS\JL\NTUSER.POL, Quarantined, [33], [-1],0.0.0
PUP.Optional.Yontoo, C:\USERS\TOM\NTUSER.POL, Quarantined, [33], [-1],0.0.0
PUP.Optional.Yontoo, C:\WINDOWS\SYSTEM32\GROUPPOLICY\USER\REGISTRY.POL, Quarantined, [33], [-1],0.0.0
PUP.Optional.Yontoo, C:\WINDOWS\SYSTEM32\GROUPPOLICY\MACHINE\REGISTRY.POL, Quarantined, [33], [-1],0.0.0
PUP.Optional.Yontoo, C:\USERS\TOM\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\LOCAL STORAGE\https_resultshub-a.akamaihd.net_0.localstorage-journal, Quarantined, [33], [248776],1.0.7789
PUP.Optional.Yontoo, C:\ODS.EXE.CONFIG, Quarantined, [33], [254948],1.0.7789
PUP.Optional.Yontoo, C:\USERS\JL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EN6YIWOB.DEFAULT\SEARCHPLUGINS\SEARCH-SIMPLE.XML, Quarantined, [33], [252656],1.0.7789
PUP.Optional.ResultsHub, C:\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\temp, Quarantined, [6], [179199],1.0.7789
PUP.Optional.WinYahoo.TskLnk, C:\USERS\TOM\APPDATA\ROAMING\{4CE77A5C-69B5-172A-0283-30F8DE51CDC6}\productupdate.exe, Quarantined, [704], [492406],1.0.7789
PUP.Optional.WinYahoo.TskLnk, C:\Users\Tom\AppData\Roaming\{4CE77A5C-69B5-172A-0283-30F8DE51CDC6}\config.dat, Quarantined, [704], [492406],1.0.7789
PUP.Optional.WinYahoo.TskLnk, C:\Users\Tom\AppData\Roaming\{4CE77A5C-69B5-172A-0283-30F8DE51CDC6}\info.dat, Quarantined, [704], [492406],1.0.7789
PUP.Optional.WinYahoo.TskLnk, C:\Users\Tom\AppData\Roaming\{4CE77A5C-69B5-172A-0283-30F8DE51CDC6}\STTL.DAT, Quarantined, [704], [492406],1.0.7789
PUP.Optional.WinYahoo.TskLnk, C:\Users\Tom\AppData\Roaming\{4CE77A5C-69B5-172A-0283-30F8DE51CDC6}\TTL.DAT, Quarantined, [704], [492406],1.0.7789
PUP.Optional.WinYahoo, C:\USERS\TOM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6MNCZRHU.DEFAULT-1509552401858\SEARCHPLUGINS\YHS.XML, Quarantined, [233], [457864],1.0.7789
PUP.Optional.WinYahoo.TskLnk, C:\USERS\TOM\APPDATA\LOCAL\{357E0322-11D6-6F9A-7C4E-4A725826B6EA}\side, Quarantined, [704], [484244],1.0.7789
PUP.Optional.WinYahoo.TskLnk, C:\Users\Tom\AppData\Local\{357E0322-11D6-6F9A-7C4E-4A725826B6EA}\config.dat, Quarantined, [704], [484244],1.0.7789
PUP.Optional.WinYahoo.TskLnk, C:\Users\Tom\AppData\Local\{357E0322-11D6-6F9A-7C4E-4A725826B6EA}\info.dat, Quarantined, [704], [484244],1.0.7789
PUP.Optional.WinYahoo.TskLnk, C:\Users\Tom\AppData\Local\{357E0322-11D6-6F9A-7C4E-4A725826B6EA}\install.log, Quarantined, [704], [484244],1.0.7789
PUP.Optional.WinYahoo.TskLnk, C:\Users\Tom\AppData\Local\{357E0322-11D6-6F9A-7C4E-4A725826B6EA}\Sqlite3.dll, Quarantined, [704], [484244],1.0.7789
PUP.Optional.WinYahoo.TskLnk, C:\Users\Tom\AppData\Local\{357E0322-11D6-6F9A-7C4E-4A725826B6EA}\uninst.dat, Quarantined, [704], [484244],1.0.7789
PUP.Optional.WinYahoo.TskLnk, C:\USERS\TOM\APPDATA\LOCAL\{D807EE5B-FCAF-82E3-9137-A70BB55F5B93}\dasa, Quarantined, [704], [484244],1.0.7789
PUP.Optional.WinYahoo.TskLnk, C:\Users\Tom\AppData\Local\{D807EE5B-FCAF-82E3-9137-A70BB55F5B93}\HowToRemove\chromium-min.jpg, Quarantined, [704], [484244],1.0.7789
PUP.Optional.WinYahoo.TskLnk, C:\Users\Tom\AppData\Local\{D807EE5B-FCAF-82E3-9137-A70BB55F5B93}\HowToRemove\control panel-min-min.JPG, Quarantined, [704], [484244],1.0.7789
PUP.Optional.WinYahoo.TskLnk, C:\Users\Tom\AppData\Local\{D807EE5B-FCAF-82E3-9137-A70BB55F5B93}\HowToRemove\down.png, Quarantined, [704], [484244],1.0.7789
PUP.Optional.WinYahoo.TskLnk, C:\Users\Tom\AppData\Local\{D807EE5B-FCAF-82E3-9137-A70BB55F5B93}\HowToRemove\ff menu.JPG, Quarantined, [704], [484244],1.0.7789
PUP.Optional.WinYahoo.TskLnk, C:\Users\Tom\AppData\Local\{D807EE5B-FCAF-82E3-9137-A70BB55F5B93}\HowToRemove\ff search engine-min.png, Quarantined, [704], [484244],1.0.7789
PUP.Optional.WinYahoo.TskLnk, C:\Users\Tom\AppData\Local\{D807EE5B-FCAF-82E3-9137-A70BB55F5B93}\HowToRemove\HowToRemove.html, Quarantined, [704], [484244],1.0.7789
PUP.Optional.WinYahoo.TskLnk, C:\Users\Tom\AppData\Local\{D807EE5B-FCAF-82E3-9137-A70BB55F5B93}\HowToRemove\hp-min ff.png, Quarantined, [704], [484244],1.0.7789
PUP.Optional.WinYahoo.TskLnk, C:\Users\Tom\AppData\Local\{D807EE5B-FCAF-82E3-9137-A70BB55F5B93}\HowToRemove\hp-min ie.png, Quarantined, [704], [484244],1.0.7789
PUP.Optional.WinYahoo.TskLnk, C:\Users\Tom\AppData\Local\{D807EE5B-FCAF-82E3-9137-A70BB55F5B93}\HowToRemove\search engine.gif, Quarantined, [704], [484244],1.0.7789
PUP.Optional.WinYahoo.TskLnk, C:\Users\Tom\AppData\Local\{D807EE5B-FCAF-82E3-9137-A70BB55F5B93}\HowToRemove\setup pages.gif, Quarantined, [704], [484244],1.0.7789
PUP.Optional.WinYahoo.TskLnk, C:\Users\Tom\AppData\Local\{D807EE5B-FCAF-82E3-9137-A70BB55F5B93}\HowToRemove\sp-min.png, Quarantined, [704], [484244],1.0.7789
PUP.Optional.WinYahoo.TskLnk, C:\Users\Tom\AppData\Local\{D807EE5B-FCAF-82E3-9137-A70BB55F5B93}\HowToRemove\start-min.jpg, Quarantined, [704], [484244],1.0.7789
PUP.Optional.WinYahoo.TskLnk, C:\Users\Tom\AppData\Local\{D807EE5B-FCAF-82E3-9137-A70BB55F5B93}\HowToRemove\up.png, Quarantined, [704], [484244],1.0.7789
PUM.Optional.FireFoxSearchOverride, C:\USERS\JL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EN6YIWOB.DEFAULT\USER.JS, Quarantined, [14236], [302302],1.0.7789
PUP.Optional.WinYahoo, C:\USERS\TOM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6MNCZRHU.DEFAULT-1509552401858\PREFS.JS, Replaced, [233], [342418],1.0.7789
PUP.Optional.Yontoo, C:\USERS\JL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EN6YIWOB.DEFAULT\PREFS.JS, Replaced, [33], [301722],1.0.7789
PUP.Optional.Yontoo, C:\USERS\JL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EN6YIWOB.DEFAULT\PREFS.JS, Replaced, [33], [301727],1.0.7789
PUP.Optional.Yontoo, C:\USERS\JL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EN6YIWOB.DEFAULT\PREFS.JS, Replaced, [33], [302786],1.0.7789
PUP.Optional.Yontoo, C:\USERS\JL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EN6YIWOB.DEFAULT\PREFS.JS, Replaced, [33], [303302],1.0.7789
Generic.Malware/Suspicious, C:\USERS\TOM\APPDATA\LOCAL\DSISETUP3359250182.EXE, Quarantined, [0], [392686],1.0.7789
Generic.Malware/Suspicious, C:\USERS\TOM\APPDATA\LOCAL\DSISETUP1488231282.EXE, Quarantined, [0], [392686],1.0.7789
PUP.Optional.InstallCore, C:\$RECYCLE.BIN\S-1-5-21-252852572-1064671646-1800406956-1001\$R07XVFP.EXE, Quarantined, [405], [76818],1.0.7789
PUP.Optional.InstallCore, C:\$RECYCLE.BIN\S-1-5-21-252852572-1064671646-1800406956-1001\$REBX4FP.EXE, Quarantined, [405], [76735],1.0.7789
PUP.Optional.OpenCandy, C:\$RECYCLE.BIN\S-1-5-21-252852572-1064671646-1800406956-1001\$RN3O35B.EXE, Quarantined, [1081], [70383],1.0.7789
PUP.Optional.InstallCore, C:\$RECYCLE.BIN\S-1-5-21-252852572-1064671646-1800406956-1001\$R5FGV4P.EXE, Quarantined, [405], [78790],1.0.7789
PUP.Optional.InstallCore, C:\$RECYCLE.BIN\S-1-5-21-252852572-1064671646-1800406956-1001\$RWYIBCF.EXE, Quarantined, [405], [78790],1.0.7789
PUP.Optional.BundleInstaller, C:\$RECYCLE.BIN\S-1-5-21-252852572-1064671646-1800406956-1001\$RY60G9C.EXE, Quarantined, [419], [575328],1.0.7789
PUP.Optional.BundleInstaller, C:\$RECYCLE.BIN\S-1-5-21-252852572-1064671646-1800406956-1001\$R7M2S07.EXE, Quarantined, [419], [575328],1.0.7789
PUP.Optional.OpenCandy, C:\$RECYCLE.BIN\S-1-5-21-252852572-1064671646-1800406956-1001\$RKTEGBX.EXE, Quarantined, [1081], [70383],1.0.7789
PUP.Optional.BundleInstaller, C:\$RECYCLE.BIN\S-1-5-21-252852572-1064671646-1800406956-1001\$RPG7HAX.EXE, Quarantined, [419], [575328],1.0.7789
Generic.Malware/Suspicious, C:\USERS\TOM\APPDATA\LOCAL\TEMP\F7397982\PATCH_FF.EXE, Quarantined, [0], [392686],1.0.7789
Generic.Malware/Suspicious, C:\USERS\TOM\APPDATA\LOCAL\TEMP\F1737F9A\PATCH_FF.EXE, Quarantined, [0], [392686],1.0.7789
PUP.Optional.BundleInstaller, C:\USERS\TOM\APPDATA\LOCAL\TEMP\CUP\CHROMIUM_INSTALLER.EXE, Quarantined, [419], [520134],1.0.7789
Generic.Malware/Suspicious, C:\USERS\TOM\APPDATA\LOCAL\TEMP\F81F60F7\PATCH_FF.EXE, Quarantined, [0], [392686],1.0.7789
PUP.Optional.Bandoo, C:\USERS\TOM\APPDATA\LOCAL\TEMP\F9587B44\SETUPDATAMNGR_IMESH.EXE, Quarantined, [452], [299994],1.0.7789
Generic.Malware/Suspicious, C:\USERS\TOM\APPDATA\LOCAL\TEMP\F743487B\PATCH_FF.EXE, Quarantined, [0], [392686],1.0.7789
Generic.Malware/Suspicious, C:\USERS\TOM\APPDATA\LOCAL\TEMP\N8484\S8484.EXE, Quarantined, [0], [392686],1.0.7789
Generic.Malware/Suspicious, C:\USERS\TOM\APPDATA\LOCAL\TEMP\NSBA5D4.TMP\NSG26FB.TMP\NEW_FOLDER\DATAMNGRCOORDINATOR.EXE, Quarantined, [0], [392686],1.0.7789
Generic.Malware/Suspicious, C:\USERS\TOM\APPDATA\LOCAL\TEMP\FC6D247D\SETUPDATAMNGR_IMESH.EXE, Quarantined, [0], [392686],1.0.7789
PUP.Optional.Bandoo, C:\USERS\TOM\APPDATA\LOCAL\TEMP\NSLA28C.TMP\UNINSTALL.EXE, Quarantined, [452], [301304],1.0.7789
Generic.Malware/Suspicious, C:\USERS\TOM\APPDATA\LOCAL\TEMP\NSBA5D4.TMP\NSG26FB.TMP\PACK.EXE, Quarantined, [0], [392686],1.0.7789
PUP.Optional.InstallCore, C:\USERS\TOM\APPDATA\LOCAL\TEMP\11532UNINSTALL.EXE, Quarantined, [405], [82351],1.0.7789
Generic.Malware/Suspicious, C:\USERS\TOM\APPDATA\LOCAL\TEMP\BRS.EXE50833315.DEL, Quarantined, [0], [392686],1.0.7789
PUP.Optional.Bandoo, C:\USERS\TOM\APPDATA\LOCAL\TEMP\~NSU.TMP\AU_.EXE, Quarantined, [452], [112584],1.0.7789
Generic.Malware/Suspicious, C:\USERS\TOM\APPDATA\LOCAL\TEMP\SOFTONIC_EN_1-5-11_EN-PRODUCTION_10_CLEANRELEASE[1].EXE, Quarantined, [0], [392686],1.0.7789
Generic.Malware/Suspicious, C:\USERS\TOM\APPDATA\LOCAL\TEMP\SOFTONIC_EN_1-5-11_EN-PRODUCTION_10_CLEANRELEASE[2].EXE, Quarantined, [0], [392686],1.0.7789
PUP.Optional.4Shared, C:\USERS\TOM\DOWNLOADS\ATTACK ON TITANS .EXE, Quarantined, [10615], [52066],1.0.7789
PUP.Optional.InstallRex, C:\USERS\TOM\DOWNLOADS\ARUAROSE - ARUAONLINE - ROSE ONLINE.EXE, Quarantined, [9877], [76024],1.0.7789
PUP.Optional.BestFreeDownloads, C:\USERS\TOM\DOWNLOADS\DOWNLOADMANAGERSETUP.EXE, Quarantined, [14107], [273325],1.0.7789
Generic.Malware/Suspicious, C:\USERS\TOM\APPDATA\LOCAL\TEMP\SOFTONIC_EN_1-5-11_EN-PRODUCTION_10_CLEANRELEASE.EXE, Quarantined, [0], [392686],1.0.7789
PUP.Optional.InstallCore, C:\USERS\TOM\DOWNLOADS\INSTALLER_MINECRAFT_ENGLISH.EXE, Quarantined, [405], [304611],1.0.7789
PUP.Optional.InstallCore, C:\USERS\TOM\DOWNLOADS\AMNESIA-THE-DARK-DESCENT.EXE, Quarantined, [405], [78790],1.0.7789
PUP.Optional.InstallRex, C:\USERS\TOM\DOWNLOADS\MY NEIGHBOR TOTORO 1988 720P BLURAY X264-AMIABLE [PUBLICHD].EXE, Quarantined, [9877], [76049],1.0.7789
PUP.Optional.4Shared, C:\USERS\TOM\DOWNLOADS\SAVEAS(2).EXE, Quarantined, [10615], [52066],1.0.7789
PUP.Optional.InstallRex, C:\USERS\TOM\DOWNLOADS\HIROYUKI+SAWANO+-+VOGEL+IM+KAFIG - [MP3JUICES.COM].EXE, Quarantined, [9877], [277992],1.0.7789
PUP.Optional.4Shared, C:\USERS\TOM\DOWNLOADS\SAVEAS.EXE, Quarantined, [10615], [52066],1.0.7789
PUP.Optional.SimplyTech, C:\USERS\TOM\DOWNLOADS\ZIP.EXE, Quarantined, [2629], [429806],1.0.7789
PUP.Optional.InstallCore, C:\USERS\TOM\DOWNLOADS\CR_DOWNLOADER_FOR_ZELDA---MAJORA'S-MASK.EXE, Quarantined, [405], [273209],1.0.7789
PUP.Optional.4Shared, C:\USERS\TOM\DOWNLOADS\SAVEAS(1).EXE, Quarantined, [10615], [52066],1.0.7789
Generic.Malware/Suspicious, C:\USERS\TOM\DOWNLOADS\Z_DOWNLOADER.EXE, Quarantined, [0], [392686],1.0.7789
MachineLearning/Anomalous.97%, C:\USERS\TOM\APPDATA\ROAMING\TIMEDAC\SYNCTASK.EXE, Quarantined, [0], [392687],1.0.7789

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

malsaurus · Nov 10, 2018

Problem: For the last program and after completing the 6th bullet point, I can't seem to find the scan tab ...

Broni · Nov 10, 2018

See here for detailed instructions: https://www.malwarebytes.com/pdf/guides/Malwarebytes-AdwCleaner-User-Guide.pdf

malsaurus · Nov 10, 2018

# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-11-05.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-11-2018
# Duration: 00:00:04
# OS: Windows 7 Professional
# Cleaned: 7
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Classes\TypeLib\{A147AA03-820F-4A0F-9F34-D6CB4004A2F9}
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\astromenda.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com
Deleted HKCU\Software\Classes\Softonic

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1948 octets] - [11/11/2018 10:53:01]
AdwCleaner[S01].txt - [2009 octets] - [11/11/2018 11:39:22]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Broni · Nov 10, 2018

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

malsaurus · Nov 10, 2018

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.11.2018
Ran by Tom (administrator) on TOMDELL (11-11-2018 12:45:51)
Running from C:\Users\Tom\Downloads\FRST-OlderVersion
Loaded Profiles: Tom (Available Profiles: jl & Tom)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes) C:\Users\Tom\Downloads\AdwCleaner.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Google) C:\Users\Tom\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-08] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780400 2013-09-14] (Synaptics Incorporated)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [8921600 2013-10-23] (Dell Inc.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5774664 2013-09-11] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-31] (Intel Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-09-05] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [577024 2012-03-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe -autorun
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3785536 2018-11-06] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-252852572-1064671646-1800406956-1001\...\Run: [Google Update] => C:\Users\Tom\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-19] (Google Inc.)
HKU\S-1-5-21-252852572-1064671646-1800406956-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3131680 2018-11-09] (Valve Corporation)
HKU\S-1-5-21-252852572-1064671646-1800406956-1001\...\Run: [World of Tanks] => "C:\Games\World_of_Tanks\WargamingGameUpdater.exe"
HKU\S-1-5-21-252852572-1064671646-1800406956-1001\...\Run: [KakaoTalk] => "C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe" -bystartup
HKU\S-1-5-18\...\RunOnce: [JavaInstallRetry] => RUNONCE=1 SPONSORS=0
HKU\S-1-5-18\...A8F59079A8D5}\localserver32: <==== ATTENTION
Lsa: [Notification Packages] scecli c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-03-14]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
GroupPolicyUsers\S-1-5-21-252852572-1064671646-1800406956-1001\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{D501FE14-C8C6-42EF-90C4-FD36AA6C8729}: [DhcpNameServer] 192.168.8.1 192.168.8.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131130558221447530&GUID=DBCFEA2E-669E-4FEF-ADAA-0257FE0762CC
HKU\S-1-5-21-252852572-1064671646-1800406956-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131802431285607286&GUID=DBCFEA2E-669E-4FEF-ADAA-0257FE0762CC
HKU\S-1-5-21-252852572-1064671646-1800406956-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> DefaultScope {747A2953-1CA8-48AC-B80F-BB0DB9E62138} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {747A2953-1CA8-48AC-B80F-BB0DB9E62138} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-252852572-1064671646-1800406956-1001 -> DefaultScope {747A2953-1CA8-48AC-B80F-BB0DB9E62138} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-252852572-1064671646-1800406956-1001 -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-252852572-1064671646-1800406956-1001 -> {747A2953-1CA8-48AC-B80F-BB0DB9E62138} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-252852572-1064671646-1800406956-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-252852572-1064671646-1800406956-1001 -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-11] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-11] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-252852572-1064671646-1800406956-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File

FireFox:
========
FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\6mnczrhu.default-1509552401858 [2018-11-11]
FF Homepage: Mozilla\Firefox\Profiles\6mnczrhu.default-1509552401858 -> hxxps://www.malwarebytes.org/restorebrowser/s_17_44_orgnl&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Did%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0FyE0B0Bzz0DtB0FzyyByC0C0DtAtN0D0Tzu0StBtCtAyEtN1L2XzutAtFtAtBtFtCtFyCyDtN1L1Czu1M1Q1CtAtBtFtAtFtDtN1L1G1B1V1N2Y1L1Qzu2StB0BtC0EtD0F0EtAtGyB0AtC0CtG0CtAtByEtGyCzy0AtBtGtC0ByCzzyEzyzyyE0A0DtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0D0F0A0FtA0CzytGzy0EyDyCtGyE0CyDyEtGzztCtDtDtGyEzytC0DtCtD0E0FyByBtAyE2QtN0A0LzuyEtN0D0T0S1P1RzutCyDtDzyzzyEtDtBtCyB%26cr%3D1609883092%26a%3Dhdr_s_17_44_orgnl%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-10] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-06-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-06-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-252852572-1064671646-1800406956-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Tom\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-252852572-1064671646-1800406956-1001: @talk.google.com/O1DPlugin -> C:\Users\Tom\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-252852572-1064671646-1800406956-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-252852572-1064671646-1800406956-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Tom\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Tom\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-11-09] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-11-09] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-11-06] (Dropbox, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-31] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-15] ()
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-06-01] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2013-11-22] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-03-14] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6170624 2013-10-23] (Dell Inc.) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-10-18] (Malwarebytes)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-29] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198000 2018-11-11] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [119136 2018-11-11] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [63768 2018-11-11] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260480 2018-11-11] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [101200 2018-11-11] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-14] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-14] (Synaptics Incorporated)
S1 mmaennbv; \??\C:\Windows\system32\drivers\mmaennbv.sys [X]
S1 niatpxbo; \??\C:\Windows\system32\drivers\niatpxbo.sys [X]
S1 spaltjok; \??\C:\Windows\system32\drivers\spaltjok.sys [X]
S1 szftsrbn; \??\C:\Windows\system32\drivers\szftsrbn.sys [X]
U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error(1) reading file: "C:\Users\Tom\Downloads\Titanfall Rap by JT Machinima, THK and Borderline Disaster - "
2018-11-11 11:50 - 2018-11-11 11:50 - 000119136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-11-11 11:50 - 2018-11-11 11:50 - 000101200 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-11-11 11:50 - 2018-11-11 11:50 - 000063768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-11-11 11:46 - 2018-11-11 11:46 - 000260480 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-11-11 10:49 - 2018-11-11 11:44 - 000000000 ____D C:\AdwCleaner
2018-11-11 10:35 - 2018-11-11 11:38 - 007592144 _____ (Malwarebytes) C:\Users\Tom\Downloads\AdwCleaner.exe
2018-11-11 10:27 - 2018-11-11 10:27 - 000020880 _____ C:\Users\Tom\Documents\wwwww.txt
2018-11-11 09:27 - 2018-11-11 09:27 - 000198000 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-11-11 09:27 - 2018-11-11 09:27 - 000000000 ____D C:\Users\Tom\AppData\Local\mbamtray
2018-11-11 09:27 - 2018-11-11 09:27 - 000000000 ____D C:\Users\Tom\AppData\Local\mbam
2018-11-11 09:26 - 2018-11-11 09:26 - 000001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-11-11 09:26 - 2018-11-11 09:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-11-11 09:26 - 2018-11-11 09:26 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-11-11 09:26 - 2018-11-11 09:26 - 000000000 ____D C:\Program Files\Malwarebytes
2018-11-11 09:26 - 2018-10-18 08:44 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-11-11 09:21 - 2018-11-11 09:25 - 079596656 _____ (Malwarebytes ) C:\Users\Tom\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.7783.exe
2018-11-11 06:45 - 2018-11-11 08:54 - 000000000 ____D C:\ProgramData\RogueKiller
2018-11-11 06:45 - 2018-11-11 06:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-11-11 06:45 - 2018-11-11 06:45 - 000000000 ____D C:\Program Files\RogueKiller
2018-11-11 06:35 - 2018-11-11 06:36 - 028936544 _____ (Adlice Software ) C:\Users\Tom\Downloads\RogueKiller_setup_ref3.exe
2018-11-10 13:58 - 2018-11-10 13:58 - 000056573 _____ C:\Users\Tom\Documents\Addition.txt
2018-11-10 13:58 - 2018-11-10 13:58 - 000053663 _____ C:\Users\Tom\Documents\FRST.txt
2018-11-10 13:04 - 2018-11-10 13:05 - 000000000 ___RD C:\Users\Tom\Dropbox
2018-11-10 13:04 - 2018-11-10 13:04 - 000001228 _____ C:\Users\Tom\Desktop\Dropbox.lnk
2018-11-10 11:55 - 2018-11-10 13:20 - 000056570 _____ C:\Users\Tom\Downloads\Addition.txt
2018-11-10 11:51 - 2018-11-10 13:20 - 000053663 _____ C:\Users\Tom\Downloads\FRST.txt
2018-11-10 11:47 - 2018-11-11 12:45 - 000000000 ____D C:\Users\Tom\Downloads\FRST-OlderVersion
2018-11-10 11:46 - 2018-11-11 12:45 - 000000000 ____D C:\FRST
2018-11-10 11:45 - 2018-11-10 13:01 - 002415616 _____ (Farbar) C:\Users\Tom\Downloads\FRST64.exe
2018-11-09 19:08 - 2018-11-09 19:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-11-09 19:05 - 2018-11-09 19:05 - 000000000 ____D C:\Users\jl\AppData\Roaming\Dropbox
2018-11-09 19:03 - 2018-11-11 12:08 - 000000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-11-09 19:03 - 2018-11-11 11:46 - 000000896 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-11-09 19:03 - 2018-11-09 19:03 - 000003896 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2018-11-09 19:03 - 2018-11-09 19:03 - 000003644 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2018-11-09 19:02 - 2018-11-09 19:09 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-11-09 18:44 - 2018-11-10 13:04 - 000000000 ____D C:\Users\Tom\AppData\Local\Dropbox
2018-11-09 18:44 - 2018-11-10 12:52 - 000000000 ____D C:\Users\jl\AppData\Local\Dropbox
2018-11-09 18:44 - 2018-11-09 19:02 - 000696608 _____ (Dropbox, Inc.) C:\Users\Tom\Downloads\DropboxInstaller.exe
2018-11-09 18:44 - 2018-11-09 18:44 - 000000000 ____D C:\ProgramData\Dropbox
2018-11-06 21:06 - 2018-11-06 21:06 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-11-06 21:06 - 2018-11-06 21:06 - 000047768 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-11-06 21:06 - 2018-11-06 21:06 - 000047768 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-11-06 21:06 - 2018-11-06 21:06 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-10-12 12:49 - 2018-10-12 12:49 - 000000020 _____ C:\Users\Tom\Desktop\SOUL.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-11 11:57 - 2009-07-14 12:45 - 000030704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-11-11 11:57 - 2009-07-14 12:45 - 000030704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-11-11 11:55 - 2014-03-14 10:25 - 000000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2018-11-11 11:52 - 2009-07-14 13:13 - 000783606 _____ C:\Windows\system32\PerfStringBackup.INI
2018-11-11 11:52 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\inf
2018-11-11 11:50 - 2017-04-16 13:44 - 000000000 ____D C:\Program Files (x86)\Steam
2018-11-11 11:46 - 2009-07-14 13:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-11-11 10:08 - 2017-11-05 08:05 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Timedac
2018-11-11 10:08 - 2014-04-16 15:17 - 000000000 ____D C:\Users\Tom
2018-11-11 10:08 - 2014-04-16 07:09 - 000000000 ____D C:\Users\jl
2018-11-11 08:06 - 2014-04-16 15:18 - 000001044 _____ C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-11-11 08:06 - 2014-04-16 07:16 - 000001044 _____ C:\Users\jl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-11-11 06:46 - 2016-11-19 06:51 - 000000000 ____D C:\Users\Tom\AppData\LocalLow\Mozilla
2018-11-10 12:54 - 2017-12-04 06:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-11-10 12:54 - 2014-04-16 11:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-10 12:44 - 2014-04-16 07:14 - 000086072 _____ C:\Users\jl\AppData\Local\GDIPFONTCACHEV1.DAT
2018-11-10 08:46 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\system32\NDF
2018-11-10 06:11 - 2018-01-25 07:40 - 000000000 ____D C:\Users\Tom\AppData\Local\Direc
2018-11-09 20:39 - 2014-05-20 18:23 - 000000000 ____D C:\Users\Tom\AppData\Local\Unity
2018-11-09 18:39 - 2017-04-16 17:55 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-10-16 05:48 - 2010-11-21 11:27 - 000559880 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-10-12 17:33 - 2016-11-06 22:35 - 000000000 ____D C:\Users\Tom\AppData\Local\CrossCode

malsaurus · Nov 10, 2018

==================== Files in the root of some directories =======

2015-03-12 20:07 - 2015-01-11 20:07 - 000000032 ____R () C:\ProgramData\hash.dat
2016-10-21 19:39 - 2016-10-21 19:39 - 003187734 _____ () C:\Users\Tom\AppData\Roaming\sb195.dat
2016-12-13 09:55 - 2016-12-13 09:55 - 003634196 _____ () C:\Users\Tom\AppData\Roaming\sb476.dat
2014-07-31 09:47 - 2018-09-09 19:42 - 000000503 _____ () C:\Users\Tom\AppData\Roaming\WB.CFG
2014-12-02 07:39 - 2014-12-18 01:39 - 000000001 _____ () C:\Users\Tom\AppData\Local\DSI.DAT
2018-03-25 22:59 - 2018-03-25 22:59 - 000040960 _____ () C:\Users\Tom\AppData\Local\Web Data
2018-03-25 22:59 - 2018-03-25 22:59 - 000000512 _____ () C:\Users\Tom\AppData\Local\Web Data-journal
2017-12-13 03:46 - 2018-01-09 04:11 - 000000068 _____ () C:\Users\Tom\AppData\Local\xdt9m2fvbr

Some files in TEMP:
====================
2015-06-25 08:53 - 2015-06-25 08:53 - 000026936 _____ (TuneUp Software) C:\Users\jl\AppData\Local\Temp\DseShExt-x64.dll
2015-06-25 08:53 - 2015-06-25 08:53 - 000028984 _____ (TuneUp Software) C:\Users\jl\AppData\Local\Temp\DseShExt-x86.dll
2013-06-19 00:53 - 2013-06-19 00:53 - 000865424 ____N (CANON INC.) C:\Users\jl\AppData\Local\Temp\MSETUP4.EXE
2011-03-14 20:31 - 2011-03-14 20:31 - 000149352 ____R (Microsoft Corporation) C:\Users\jl\AppData\Local\Temp\ose00000.exe
2015-06-25 08:53 - 2015-06-25 08:53 - 000032568 _____ (TuneUp Software) C:\Users\jl\AppData\Local\Temp\SDShelEx-win32.dll
2015-06-25 08:53 - 2015-06-25 08:53 - 000032056 _____ (TuneUp Software) C:\Users\jl\AppData\Local\Temp\SDShelEx-x64.dll
2014-05-22 09:55 - 2014-05-22 09:55 - 002936832 _____ () C:\Users\Tom\AppData\Local\Temp\ffmpeg16.exe
2014-05-29 14:56 - 2014-05-29 14:57 - 017938608 _____ (Adobe Systems Incorporated) C:\Users\Tom\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
2014-05-24 12:53 - 2014-05-24 12:54 - 017938608 _____ (Adobe Systems Incorporated) C:\Users\Tom\AppData\Local\Temp\fp_pl_pfs_installer.exe
2016-05-16 19:00 - 2016-05-16 19:01 - 000000000 _____ () C:\Users\Tom\AppData\Local\Temp\GUR280F.exe
2015-01-23 20:03 - 2015-01-21 07:32 - 002124520 _____ () C:\Users\Tom\AppData\Local\Temp\Helper.DLL
2015-03-12 20:08 - 2015-03-12 20:08 - 000058368 ____N () C:\Users\Tom\AppData\Local\Temp\jshortcut-3012483557483484761.dll
2015-03-12 20:40 - 2015-03-12 20:40 - 000058368 ____N () C:\Users\Tom\AppData\Local\Temp\jshortcut-7151043099465511510.dll
2013-06-19 00:53 - 2013-06-19 00:53 - 000865424 ____N (CANON INC.) C:\Users\Tom\AppData\Local\Temp\MSETUP4.EXE
2015-04-11 20:04 - 2015-03-23 08:33 - 001792744 _____ () C:\Users\Tom\AppData\Local\Temp\MusicAppHelper.DLL
2018-03-10 21:08 - 2018-03-10 21:08 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180310130822301.dll
2018-03-10 21:08 - 2018-03-10 21:08 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180310130823619.dll
2018-03-10 21:08 - 2018-03-10 21:08 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180310130824152.dll
2018-03-10 21:08 - 2018-03-10 21:08 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180310130824917.dll
2018-03-10 21:08 - 2018-03-10 21:08 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180310130832216.dll
2018-03-10 21:08 - 2018-03-10 21:08 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180310130835050.dll
2018-03-10 21:08 - 2018-03-10 21:08 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180310130851423.dll
2018-03-11 21:09 - 2018-03-11 21:09 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180311130926198.dll
2018-03-14 08:14 - 2018-03-14 08:14 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180314001435848.dll
2018-03-15 11:15 - 2018-03-15 11:15 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180315031541953.dll
2018-03-15 14:17 - 2018-03-15 14:17 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180315061702218.dll
2018-03-15 21:32 - 2018-03-15 21:32 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180315133218571.dll
2018-03-16 21:24 - 2018-03-16 21:24 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180316132440582.dll
2018-03-18 08:44 - 2018-03-18 08:44 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180318004447094.dll
2018-03-18 21:09 - 2018-03-18 21:09 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180318130924025.dll
2018-03-21 08:16 - 2018-03-21 08:16 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180321001604795.dll
2018-03-21 21:09 - 2018-03-21 21:09 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180321130925214.dll
2018-03-22 21:09 - 2018-03-22 21:09 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180322130924714.dll
2018-03-23 21:09 - 2018-03-23 21:09 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180323130924452.dll
2018-03-24 07:42 - 2018-03-24 07:42 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180323234211738.dll
2018-03-24 21:09 - 2018-03-24 21:09 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180324130923461.dll
2018-03-25 11:03 - 2018-03-25 11:03 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180325030314080.dll
2018-03-25 11:53 - 2018-03-25 11:53 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180325035300424.dll
2018-03-25 13:03 - 2018-03-25 13:03 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180325050354224.dll
2018-03-25 21:09 - 2018-03-25 21:09 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180325130923968.dll
2018-03-26 21:09 - 2018-03-26 21:09 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180326130924703.dll
2018-03-27 21:09 - 2018-03-27 21:09 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180327130924106.dll
2018-03-28 21:27 - 2018-03-28 21:27 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180328132717552.dll
2018-03-30 11:42 - 2018-03-30 11:42 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180330034228662.dll
2018-04-01 14:44 - 2018-04-01 14:44 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180401064436791.dll
2018-04-01 16:08 - 2018-04-01 16:08 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180401080822166.dll
2018-04-01 21:09 - 2018-04-01 21:09 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180401130923017.dll
2018-04-01 21:17 - 2018-04-01 21:17 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180401131740502.dll
2018-04-01 21:17 - 2018-04-01 21:17 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180401131740656.dll
2018-04-01 21:17 - 2018-04-01 21:17 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180401131740791.dll
2018-04-01 21:17 - 2018-04-01 21:17 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180401131740894.dll
2018-04-01 21:17 - 2018-04-01 21:17 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180401131743947.dll
2018-04-01 21:17 - 2018-04-01 21:17 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180401131744097.dll
2018-04-01 21:17 - 2018-04-01 21:17 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180401131746304.dll
2018-04-02 09:27 - 2018-04-02 09:27 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180402012709675.dll
2018-04-02 21:17 - 2018-04-02 21:17 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180402131757707.dll
2018-04-03 08:25 - 2018-04-03 08:25 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180403002518959.dll
2018-04-03 11:09 - 2018-04-03 11:09 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180403030929327.dll
2018-04-03 21:18 - 2018-04-03 21:18 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180403131800132.dll
2018-04-03 21:34 - 2018-04-03 21:34 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180403133404920.dll
2018-04-03 21:43 - 2018-04-03 21:43 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180403134330427.dll
2018-04-03 21:57 - 2018-04-03 21:57 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180403135749671.dll
2018-04-04 10:52 - 2018-04-04 10:52 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180404025254232.dll
2018-04-04 13:57 - 2018-04-04 13:57 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180404055706841.dll
2018-04-04 14:26 - 2018-04-04 14:26 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180404062609230.dll
2018-04-04 15:22 - 2018-04-04 15:22 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180404072202784.dll
2018-04-04 16:27 - 2018-04-04 16:27 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180404082704587.dll
2018-04-04 21:17 - 2018-04-04 21:17 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180404131758871.dll
2018-04-05 21:17 - 2018-04-05 21:17 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180405131757452.dll
2018-04-06 09:32 - 2018-04-06 09:32 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180406013230995.dll
2018-04-06 09:41 - 2018-04-06 09:41 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180406014114698.dll
2018-04-06 10:49 - 2018-04-06 10:49 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180406024955766.dll
2018-04-06 11:24 - 2018-04-06 11:24 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180406032408588.dll
2018-04-06 13:55 - 2018-04-06 13:55 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180406055544648.dll
2018-04-06 17:12 - 2018-04-06 17:12 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180406091226749.dll
2018-04-06 21:18 - 2018-04-06 21:18 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180406131817058.dll
2018-04-08 11:18 - 2018-04-08 11:18 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180408031842534.dll
2018-04-08 14:00 - 2018-04-08 14:00 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180408060008326.dll
2018-04-08 22:48 - 2018-04-08 22:48 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180408144823767.dll
2018-04-09 21:17 - 2018-04-09 21:17 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180409131757781.dll
2018-04-10 21:07 - 2018-04-10 21:07 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180410130749447.dll
2018-04-10 21:17 - 2018-04-10 21:17 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180410131756831.dll
2018-04-11 21:17 - 2018-04-11 21:17 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180411131757785.dll
2018-04-12 21:18 - 2018-04-12 21:18 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180412131800701.dll
2018-04-13 10:35 - 2018-04-13 10:35 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180413023510806.dll
2018-04-13 21:17 - 2018-04-13 21:17 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180413131758814.dll
2018-04-14 14:33 - 2018-04-14 14:33 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180414063341001.dll
2018-04-14 21:17 - 2018-04-14 21:17 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180414131757035.dll
2018-04-15 11:40 - 2018-04-15 11:40 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180415034011422.dll
2018-04-16 12:28 - 2018-04-16 12:28 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180416042840055.dll
2018-04-16 12:30 - 2018-04-16 12:30 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180416043027562.dll
2018-04-16 12:30 - 2018-04-16 12:30 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180416043027760.dll
2018-04-16 12:30 - 2018-04-16 12:30 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180416043028264.dll
2018-04-16 12:30 - 2018-04-16 12:30 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180416043028576.dll
2018-04-16 12:30 - 2018-04-16 12:30 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180416043030541.dll
2018-04-16 12:30 - 2018-04-16 12:30 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180416043030662.dll
2018-04-16 12:30 - 2018-04-16 12:30 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180416043033561.dll
2018-04-16 22:56 - 2018-04-16 22:56 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180416145651595.dll
2018-04-17 12:30 - 2018-04-17 12:30 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180417043044605.dll
2018-04-19 20:17 - 2018-04-19 20:17 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180419121751055.dll
2018-04-21 23:06 - 2018-04-21 23:06 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180421150601262.dll
2018-04-21 23:10 - 2018-04-21 23:10 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180421151056879.dll
2018-04-22 12:35 - 2018-04-22 12:36 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180422043556502.dll
2018-04-24 19:52 - 2018-04-24 19:52 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180424115249153.dll
2018-04-25 12:30 - 2018-04-25 12:30 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180425043044222.dll
2018-04-27 07:28 - 2018-04-27 07:28 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180426232851539.dll
2018-04-27 17:35 - 2018-04-27 17:35 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180427093543465.dll
2018-04-29 14:45 - 2018-04-29 14:45 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180429064526831.dll
2018-04-30 20:56 - 2018-04-30 20:56 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180430125656533.dll
2018-04-30 21:34 - 2018-04-30 21:34 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180430133452682.dll
2018-05-01 12:30 - 2018-05-01 12:30 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180501043043811.dll
2018-05-02 12:30 - 2018-05-02 12:30 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180502043044900.dll
2018-05-03 20:13 - 2018-05-03 20:13 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180503121347084.dll
2018-05-04 15:06 - 2018-05-04 15:06 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180504070639579.dll
2018-05-06 12:30 - 2018-05-06 12:30 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180506043043856.dll
2018-05-06 12:31 - 2018-05-06 12:31 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180506043144039.dll
2018-05-06 12:31 - 2018-05-06 12:31 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180506043144356.dll
2018-05-06 12:31 - 2018-05-06 12:31 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180506043144547.dll
2018-05-06 12:31 - 2018-05-06 12:31 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180506043144637.dll
2018-05-06 12:31 - 2018-05-06 12:31 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180506043146347.dll
2018-05-06 12:31 - 2018-05-06 12:31 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180506043146786.dll
2018-05-06 12:31 - 2018-05-06 12:31 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180506043150052.dll
2018-05-07 12:32 - 2018-05-07 12:32 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180507043205156.dll
2018-05-08 20:29 - 2018-05-08 20:29 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180508122912386.dll
2018-05-09 23:52 - 2018-05-09 23:52 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180509155237351.dll
2018-05-10 13:26 - 2018-05-10 13:26 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180510052642465.dll
2018-05-12 01:06 - 2018-05-12 01:06 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180511170608518.dll
2018-05-12 15:19 - 2018-05-12 15:19 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180512071903492.dll
2018-05-13 10:04 - 2018-05-13 10:04 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180513020441684.dll
2018-05-13 13:44 - 2018-05-13 13:44 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180513054444780.dll
2018-05-15 16:50 - 2018-05-15 16:50 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180515085051153.dll
2018-05-16 19:11 - 2018-05-16 19:11 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180516111113256.dll
2018-05-17 14:30 - 2018-05-17 14:30 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180517063048169.dll
2018-05-18 07:04 - 2018-05-18 07:04 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180517230403367.dll
2018-05-19 21:11 - 2018-05-19 21:11 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180519131135448.dll
2018-05-21 17:26 - 2018-05-21 17:26 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180521092620739.dll
2018-05-24 21:04 - 2018-05-24 21:04 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180524130434676.dll
2018-05-24 21:07 - 2018-05-24 21:07 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180524130758830.dll
2018-05-25 19:49 - 2018-05-25 19:49 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180525114936143.dll
2018-05-27 12:29 - 2018-05-27 12:29 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180527042936482.dll
2018-05-27 12:32 - 2018-05-27 12:32 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180527043203417.dll
2018-05-29 13:41 - 2018-05-29 13:41 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180529054151671.dll
2018-03-10 21:05 - 2018-03-10 21:05 - 001853440 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_201831057556.dll
2018-03-04 18:07 - 2018-03-04 18:07 - 001853440 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_201834729734.dll
2018-03-04 18:07 - 2018-03-04 18:07 - 001853440 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_201834729926.dll
2018-03-04 18:07 - 2018-03-04 18:07 - 001853440 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_201834730165.dll
2018-03-04 18:07 - 2018-03-04 18:07 - 001853440 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_201834730337.dll
2018-03-04 18:07 - 2018-03-04 18:07 - 001853440 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_201834732431.dll
2018-03-04 18:07 - 2018-03-04 18:07 - 001853440 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_201834732978.dll
2018-03-04 18:07 - 2018-03-04 18:07 - 001853440 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_201834737307.dll
2018-03-05 18:23 - 2018-03-05 18:23 - 001853440 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_2018352315820.dll
2018-03-06 18:07 - 2018-03-06 18:07 - 001853440 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_201836753120.dll
2018-03-07 18:07 - 2018-03-07 18:07 - 001853440 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_201837752761.dll
2018-03-09 18:07 - 2018-03-09 18:07 - 001853440 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_201839754241.dll
2015-04-09 19:08 - 2017-10-25 18:05 - 058881488 _____ (Skype Technologies S.A.) C:\Users\Tom\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-11-09 18:00

==================== End of FRST.txt ============================

malsaurus · Nov 10, 2018

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.11.2018
Ran by Tom (11-11-2018 12:49:41)
Running from C:\Users\Tom\Downloads\FRST-OlderVersion
Windows 7 Professional Service Pack 1 (X64) (2014-04-15 23:08:59)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-252852572-1064671646-1800406956-500 - Administrator - Disabled)
Guest (S-1-5-21-252852572-1064671646-1800406956-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-252852572-1064671646-1800406956-1003 - Limited - Enabled)
jl (S-1-5-21-252852572-1064671646-1800406956-1000 - Administrator - Enabled) => C:\Users\jl
Tom (S-1-5-21-252852572-1064671646-1800406956-1001 - Administrator - Enabled) => C:\Users\Tom

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 31 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Reader XI MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Bing Bar (HKLM-x32\...\{16793295-2366-40F7-A045-A3E42A81365E}) (Version: 7.1.362.0 - Microsoft Corporation)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MX390 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX390_series) (Version: 1.00 - Canon Inc.)
Canon MX390 series On-screen Manual (HKLM-x32\...\Canon MX390 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
Chromium (HKU\S-1-5-21-252852572-1064671646-1800406956-1001\...\Chromium) (Version: 45.0.2444.0 - Chromium)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.14.0 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.01.15 - Creative Technology Ltd)
Dropbox (HKLM-x32\...\Dropbox) (Version: 61.4.95 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
DSC/AA Factory Installer (HKLM\...\{F7A70D00-F283-45C8-B163-49EC365D7E27}) (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.30.223.99 - Dell Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 63.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.1 (x64 en-US)) (Version: 63.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 63.0.1.6877 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6299.48 - PC-Doctor, Inc.)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.002 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
RogueKiller version 13.0.8.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.0.8.0 - Adlice Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4700 - Broadcom Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-10-29] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E6B3003-951A-435A-A939-BCDEF564D473} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
Task: {17886A65-77F3-4EEC-BD1A-87D3D3458CA0} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-08-22] (PC-Doctor, Inc.)
Task: {2D486324-0478-4AE1-9F79-D2A0BFCF14C7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {3D8376FB-8793-4225-8A71-BC9FC779BF7E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-11-09] (Dropbox, Inc.)
Task: {4B68C9F8-FDBE-4BE7-80CF-9FDB716CF3AE} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe [2018-10-10] (Adobe Systems Incorporated)
Task: {5CF5DDD9-228D-470E-AED6-7AB4E149A93E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-252852572-1064671646-1800406956-1001UA => C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {75C5217E-5C4A-4046-8DD6-04415D196FA5} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-11-09] (Dropbox, Inc.)
Task: {7EDADB3B-6ABD-4C79-8031-64F8032981B1} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {92FF0488-6419-4AAA-97B0-0440FE25C508} - \TomBuckeroosCoprologyV2 -> No File <==== ATTENTION
Task: {A0F206CD-B876-4358-9974-9D1045714D22} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-10-10] (Adobe Systems Incorporated)
Task: {BFECFC0B-D18C-4346-B46C-B5A5B9552C03} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-08-22] (PC-Doctor, Inc.)
Task: {CBEA37B9-4385-4C67-B5F2-F0A64C154691} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {FC301D41-C78C-4BF2-BF31-7F60DCFE22DE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-252852572-1064671646-1800406956-1001Core => C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-08-14 20:38 - 2013-05-15 02:50 - 000140936 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2018-11-11 09:26 - 2018-10-18 08:44 - 002821952 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-11-11 09:26 - 2018-10-18 08:44 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-09-01 10:09 - 2018-10-31 02:06 - 001057056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\SDL2.dll
2018-09-01 10:09 - 2018-09-23 08:00 - 102804768 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll
2018-09-01 10:09 - 2018-09-23 08:00 - 004866336 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll
2018-09-01 10:09 - 2018-09-23 08:00 - 000116000 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll
2014-03-14 10:25 - 2013-11-22 06:22 - 000484880 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2017-04-16 14:14 - 2018-10-31 02:06 - 000879904 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-04-16 14:14 - 2016-09-01 09:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-04-16 14:14 - 2016-09-01 09:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-04-16 14:14 - 2016-09-01 09:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-04-16 14:14 - 2018-11-09 03:02 - 002649376 _____ () C:\Program Files (x86)\Steam\video.dll
2017-12-15 10:45 - 2017-12-20 09:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2017-12-15 10:45 - 2017-12-20 09:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-15 10:45 - 2017-12-20 09:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-15 10:45 - 2017-12-20 09:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-15 10:45 - 2017-12-20 09:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2017-04-16 14:14 - 2018-11-09 03:02 - 001028384 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-04-16 14:14 - 2016-07-05 06:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2018-11-09 19:07 - 2018-11-06 21:06 - 001141064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-11-09 19:07 - 2018-11-06 21:06 - 002103112 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2018-11-09 19:07 - 2018-11-06 21:09 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:08 - 000025456 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:06 - 000142312 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:08 - 001953640 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:08 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:06 - 000118232 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes35.dll
2018-11-09 19:07 - 2018-11-06 21:06 - 000109024 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:08 - 000083784 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:06 - 000418776 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom35.dll
2018-11-09 19:07 - 2018-11-06 21:08 - 000074072 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:06 - 000027616 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:06 - 000049128 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:06 - 000026600 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:06 - 000131552 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:06 - 000182752 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:06 - 000027616 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:06 - 000119272 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:09 - 000401752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:06 - 000028640 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:09 - 000034664 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:09 - 000061792 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:06 - 000023520 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:06 - 000053736 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:06 - 000065504 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:08 - 000025944 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:09 - 000068968 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:09 - 000028520 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:08 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:06 - 000032224 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:08 - 000156504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:09 - 000092488 _____ () C:\Program Files (x86)\Dropbox\Client\sip.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:08 - 001778000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:08 - 000518992 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:08 - 000052056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:08 - 001929552 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:08 - 003821392 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.cp35-win32.pyd
2018-11-09 19:07 - 2018-11-06 21:08 - 000044888 _____ ()

malsaurus · Nov 11, 2018

Difficulty in posting the last half of Addition . . .

Broni · Nov 11, 2018

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

malsaurus · Nov 11, 2018

Fix result of Farbar Recovery Scan Tool (x64) Version: 11.11.2018
Ran by Tom (12-11-2018 06:23:41) Run:1
Running from C:\Users\Tom\Downloads
Loaded Profiles: Tom & (Available Profiles: jl & Tom)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-18\...A8F59079A8D5}\localserver32: <==== ATTENTION
GroupPolicyUsers\S-1-5-21-252852572-1064671646-1800406956-1001\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
S1 mmaennbv; \??\C:\Windows\system32\drivers\mmaennbv.sys [X]
S1 niatpxbo; \??\C:\Windows\system32\drivers\niatpxbo.sys [X]
S1 spaltjok; \??\C:\Windows\system32\drivers\spaltjok.sys [X]
S1 szftsrbn; \??\C:\Windows\system32\drivers\szftsrbn.sys [X]
U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]
2015-03-12 20:07 - 2015-01-11 20:07 - 000000032 ____R () C:\ProgramData\hash.dat
2016-10-21 19:39 - 2016-10-21 19:39 - 003187734 _____ () C:\Users\Tom\AppData\Roaming\sb195.dat
2016-12-13 09:55 - 2016-12-13 09:55 - 003634196 _____ () C:\Users\Tom\AppData\Roaming\sb476.dat
2014-07-31 09:47 - 2018-09-09 19:42 - 000000503 _____ () C:\Users\Tom\AppData\Roaming\WB.CFG
2014-12-02 07:39 - 2014-12-18 01:39 - 000000001 _____ () C:\Users\Tom\AppData\Local\DSI.DAT
2018-03-25 22:59 - 2018-03-25 22:59 - 000040960 _____ () C:\Users\Tom\AppData\Local\Web Data
2018-03-25 22:59 - 2018-03-25 22:59 - 000000512 _____ () C:\Users\Tom\AppData\Local\Web Data-journal
2017-12-13 03:46 - 2018-01-09 04:11 - 000000068 _____ () C:\Users\Tom\AppData\Local\xdt9m2fvbr
2015-06-25 08:53 - 2015-06-25 08:53 - 000026936 _____ (TuneUp Software) C:\Users\jl\AppData\Local\Temp\DseShExt-x64.dll
2015-06-25 08:53 - 2015-06-25 08:53 - 000028984 _____ (TuneUp Software) C:\Users\jl\AppData\Local\Temp\DseShExt-x86.dll
2013-06-19 00:53 - 2013-06-19 00:53 - 000865424 ____N (CANON INC.) C:\Users\jl\AppData\Local\Temp\MSETUP4.EXE
2011-03-14 20:31 - 2011-03-14 20:31 - 000149352 ____R (Microsoft Corporation) C:\Users\jl\AppData\Local\Temp\ose00000.exe
2015-06-25 08:53 - 2015-06-25 08:53 - 000032568 _____ (TuneUp Software) C:\Users\jl\AppData\Local\Temp\SDShelEx-win32.dll
2015-06-25 08:53 - 2015-06-25 08:53 - 000032056 _____ (TuneUp Software) C:\Users\jl\AppData\Local\Temp\SDShelEx-x64.dll
2014-05-22 09:55 - 2014-05-22 09:55 - 002936832 _____ () C:\Users\Tom\AppData\Local\Temp\ffmpeg16.exe
2014-05-29 14:56 - 2014-05-29 14:57 - 017938608 _____ (Adobe Systems Incorporated) C:\Users\Tom\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
2014-05-24 12:53 - 2014-05-24 12:54 - 017938608 _____ (Adobe Systems Incorporated) C:\Users\Tom\AppData\Local\Temp\fp_pl_pfs_installer.exe
2016-05-16 19:00 - 2016-05-16 19:01 - 000000000 _____ () C:\Users\Tom\AppData\Local\Temp\GUR280F.exe
2015-01-23 20:03 - 2015-01-21 07:32 - 002124520 _____ () C:\Users\Tom\AppData\Local\Temp\Helper.DLL
2015-03-12 20:08 - 2015-03-12 20:08 - 000058368 ____N () C:\Users\Tom\AppData\Local\Temp\jshortcut-3012483557483484761.dll
2015-03-12 20:40 - 2015-03-12 20:40 - 000058368 ____N () C:\Users\Tom\AppData\Local\Temp\jshortcut-7151043099465511510.dll
2013-06-19 00:53 - 2013-06-19 00:53 - 000865424 ____N (CANON INC.) C:\Users\Tom\AppData\Local\Temp\MSETUP4.EXE
2015-04-11 20:04 - 2015-03-23 08:33 - 001792744 _____ () C:\Users\Tom\AppData\Local\Temp\MusicAppHelper.DLL
2018-03-10 21:08 - 2018-03-10 21:08 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180310130822301.dll
2018-03-10 21:08 - 2018-03-10 21:08 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180310130823619.dll
2018-03-10 21:08 - 2018-03-10 21:08 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180310130824152.dll
2018-03-10 21:08 - 2018-03-10 21:08 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180310130824917.dll
2018-03-10 21:08 - 2018-03-10 21:08 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180310130832216.dll
2018-03-10 21:08 - 2018-03-10 21:08 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180310130835050.dll
2018-03-10 21:08 - 2018-03-10 21:08 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180310130851423.dll
2018-03-11 21:09 - 2018-03-11 21:09 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180311130926198.dll
2018-03-14 08:14 - 2018-03-14 08:14 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180314001435848.dll
2018-03-15 11:15 - 2018-03-15 11:15 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180315031541953.dll
2018-03-15 14:17 - 2018-03-15 14:17 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180315061702218.dll
2018-03-15 21:32 - 2018-03-15 21:32 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180315133218571.dll
2018-03-16 21:24 - 2018-03-16 21:24 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180316132440582.dll
2018-03-18 08:44 - 2018-03-18 08:44 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180318004447094.dll
2018-03-18 21:09 - 2018-03-18 21:09 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180318130924025.dll
2018-03-21 08:16 - 2018-03-21 08:16 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180321001604795.dll
2018-03-21 21:09 - 2018-03-21 21:09 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180321130925214.dll
2018-03-22 21:09 - 2018-03-22 21:09 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180322130924714.dll
2018-03-23 21:09 - 2018-03-23 21:09 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180323130924452.dll
2018-03-24 07:42 - 2018-03-24 07:42 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180323234211738.dll
2018-03-24 21:09 - 2018-03-24 21:09 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180324130923461.dll
2018-03-25 11:03 - 2018-03-25 11:03 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180325030314080.dll
2018-03-25 11:53 - 2018-03-25 11:53 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180325035300424.dll
2018-03-25 13:03 - 2018-03-25 13:03 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180325050354224.dll
2018-03-25 21:09 - 2018-03-25 21:09 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180325130923968.dll
2018-03-26 21:09 - 2018-03-26 21:09 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180326130924703.dll
2018-03-27 21:09 - 2018-03-27 21:09 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180327130924106.dll
2018-03-28 21:27 - 2018-03-28 21:27 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180328132717552.dll
2018-03-30 11:42 - 2018-03-30 11:42 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180330034228662.dll
2018-04-01 14:44 - 2018-04-01 14:44 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180401064436791.dll
2018-04-01 16:08 - 2018-04-01 16:08 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180401080822166.dll
2018-04-01 21:09 - 2018-04-01 21:09 - 001857024 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180401130923017.dll
2018-04-01 21:17 - 2018-04-01 21:17 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180401131740502.dll
2018-04-01 21:17 - 2018-04-01 21:17 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180401131740656.dll
2018-04-01 21:17 - 2018-04-01 21:17 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180401131740791.dll
2018-04-01 21:17 - 2018-04-01 21:17 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180401131740894.dll
2018-04-01 21:17 - 2018-04-01 21:17 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180401131743947.dll
2018-04-01 21:17 - 2018-04-01 21:17 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180401131744097.dll
2018-04-01 21:17 - 2018-04-01 21:17 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180401131746304.dll
2018-04-02 09:27 - 2018-04-02 09:27 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180402012709675.dll
2018-04-02 21:17 - 2018-04-02 21:17 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180402131757707.dll
2018-04-03 08:25 - 2018-04-03 08:25 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180403002518959.dll
2018-04-03 11:09 - 2018-04-03 11:09 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180403030929327.dll
2018-04-03 21:18 - 2018-04-03 21:18 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180403131800132.dll
2018-04-03 21:34 - 2018-04-03 21:34 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180403133404920.dll
2018-04-03 21:43 - 2018-04-03 21:43 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180403134330427.dll
2018-04-03 21:57 - 2018-04-03 21:57 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180403135749671.dll
2018-04-04 10:52 - 2018-04-04 10:52 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180404025254232.dll
2018-04-04 13:57 - 2018-04-04 13:57 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180404055706841.dll
2018-04-04 14:26 - 2018-04-04 14:26 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180404062609230.dll
2018-04-04 15:22 - 2018-04-04 15:22 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180404072202784.dll
2018-04-04 16:27 - 2018-04-04 16:27 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180404082704587.dll
2018-04-04 21:17 - 2018-04-04 21:17 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180404131758871.dll
2018-04-05 21:17 - 2018-04-05 21:17 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180405131757452.dll
2018-04-06 09:32 - 2018-04-06 09:32 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180406013230995.dll
2018-04-06 09:41 - 2018-04-06 09:41 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180406014114698.dll
2018-04-06 10:49 - 2018-04-06 10:49 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180406024955766.dll
2018-04-06 11:24 - 2018-04-06 11:24 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180406032408588.dll
2018-04-06 13:55 - 2018-04-06 13:55 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180406055544648.dll
2018-04-06 17:12 - 2018-04-06 17:12 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180406091226749.dll
2018-04-06 21:18 - 2018-04-06 21:18 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180406131817058.dll
2018-04-08 11:18 - 2018-04-08 11:18 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180408031842534.dll
2018-04-08 14:00 - 2018-04-08 14:00 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180408060008326.dll
2018-04-08 22:48 - 2018-04-08 22:48 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180408144823767.dll
2018-04-09 21:17 - 2018-04-09 21:17 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180409131757781.dll
2018-04-10 21:07 - 2018-04-10 21:07 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180410130749447.dll
2018-04-10 21:17 - 2018-04-10 21:17 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180410131756831.dll
2018-04-11 21:17 - 2018-04-11 21:17 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180411131757785.dll
2018-04-12 21:18 - 2018-04-12 21:18 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180412131800701.dll
2018-04-13 10:35 - 2018-04-13 10:35 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180413023510806.dll
2018-04-13 21:17 - 2018-04-13 21:17 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180413131758814.dll
2018-04-14 14:33 - 2018-04-14 14:33 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180414063341001.dll
2018-04-14 21:17 - 2018-04-14 21:17 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180414131757035.dll
2018-04-15 11:40 - 2018-04-15 11:40 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180415034011422.dll
2018-04-16 12:28 - 2018-04-16 12:28 - 001876992 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180416042840055.dll
2018-04-16 12:30 - 2018-04-16 12:30 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180416043027562.dll
2018-04-16 12:30 - 2018-04-16 12:30 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180416043027760.dll
2018-04-16 12:30 - 2018-04-16 12:30 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180416043028264.dll
2018-04-16 12:30 - 2018-04-16 12:30 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180416043028576.dll
2018-04-16 12:30 - 2018-04-16 12:30 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180416043030541.dll
2018-04-16 12:30 - 2018-04-16 12:30 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180416043030662.dll
2018-04-16 12:30 - 2018-04-16 12:30 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180416043033561.dll
2018-04-16 22:56 - 2018-04-16 22:56 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180416145651595.dll
2018-04-17 12:30 - 2018-04-17 12:30 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180417043044605.dll
2018-04-19 20:17 - 2018-04-19 20:17 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180419121751055.dll
2018-04-21 23:06 - 2018-04-21 23:06 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180421150601262.dll
2018-04-21 23:10 - 2018-04-21 23:10 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180421151056879.dll
2018-04-22 12:35 - 2018-04-22 12:36 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180422043556502.dll
2018-04-24 19:52 - 2018-04-24 19:52 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180424115249153.dll
2018-04-25 12:30 - 2018-04-25 12:30 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180425043044222.dll
2018-04-27 07:28 - 2018-04-27 07:28 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180426232851539.dll
2018-04-27 17:35 - 2018-04-27 17:35 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180427093543465.dll
2018-04-29 14:45 - 2018-04-29 14:45 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180429064526831.dll
2018-04-30 20:56 - 2018-04-30 20:56 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180430125656533.dll
2018-04-30 21:34 - 2018-04-30 21:34 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180430133452682.dll
2018-05-01 12:30 - 2018-05-01 12:30 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180501043043811.dll
2018-05-02 12:30 - 2018-05-02 12:30 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180502043044900.dll
2018-05-03 20:13 - 2018-05-03 20:13 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180503121347084.dll
2018-05-04 15:06 - 2018-05-04 15:06 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180504070639579.dll
2018-05-06 12:30 - 2018-05-06 12:30 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180506043043856.dll
2018-05-06 12:31 - 2018-05-06 12:31 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180506043144039.dll
2018-05-06 12:31 - 2018-05-06 12:31 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180506043144356.dll
2018-05-06 12:31 - 2018-05-06 12:31 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180506043144547.dll
2018-05-06 12:31 - 2018-05-06 12:31 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180506043144637.dll
2018-05-06 12:31 - 2018-05-06 12:31 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180506043146347.dll
2018-05-06 12:31 - 2018-05-06 12:31 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180506043146786.dll
2018-05-06 12:31 - 2018-05-06 12:31 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180506043150052.dll
2018-05-07 12:32 - 2018-05-07 12:32 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180507043205156.dll
2018-05-08 20:29 - 2018-05-08 20:29 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180508122912386.dll
2018-05-09 23:52 - 2018-05-09 23:52 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180509155237351.dll
2018-05-10 13:26 - 2018-05-10 13:26 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180510052642465.dll
2018-05-12 01:06 - 2018-05-12 01:06 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180511170608518.dll
2018-05-12 15:19 - 2018-05-12 15:19 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180512071903492.dll

malsaurus · Nov 11, 2018

2018-05-13 10:04 - 2018-05-13 10:04 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180513020441684.dll
2018-05-13 13:44 - 2018-05-13 13:44 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180513054444780.dll
2018-05-15 16:50 - 2018-05-15 16:50 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180515085051153.dll
2018-05-16 19:11 - 2018-05-16 19:11 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180516111113256.dll
2018-05-17 14:30 - 2018-05-17 14:30 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180517063048169.dll
2018-05-18 07:04 - 2018-05-18 07:04 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180517230403367.dll
2018-05-19 21:11 - 2018-05-19 21:11 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180519131135448.dll
2018-05-21 17:26 - 2018-05-21 17:26 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180521092620739.dll
2018-05-24 21:04 - 2018-05-24 21:04 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180524130434676.dll
2018-05-24 21:07 - 2018-05-24 21:07 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180524130758830.dll
2018-05-25 19:49 - 2018-05-25 19:49 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180525114936143.dll
2018-05-27 12:29 - 2018-05-27 12:29 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180527042936482.dll
2018-05-27 12:32 - 2018-05-27 12:32 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180527043203417.dll
2018-05-29 13:41 - 2018-05-29 13:41 - 001876480 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_180529054151671.dll
2018-03-10 21:05 - 2018-03-10 21:05 - 001853440 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_201831057556.dll
2018-03-04 18:07 - 2018-03-04 18:07 - 001853440 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_201834729734.dll
2018-03-04 18:07 - 2018-03-04 18:07 - 001853440 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_201834729926.dll
2018-03-04 18:07 - 2018-03-04 18:07 - 001853440 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_201834730165.dll
2018-03-04 18:07 - 2018-03-04 18:07 - 001853440 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_201834730337.dll
2018-03-04 18:07 - 2018-03-04 18:07 - 001853440 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_201834732431.dll
2018-03-04 18:07 - 2018-03-04 18:07 - 001853440 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_201834732978.dll
2018-03-04 18:07 - 2018-03-04 18:07 - 001853440 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_201834737307.dll
2018-03-05 18:23 - 2018-03-05 18:23 - 001853440 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_2018352315820.dll
2018-03-06 18:07 - 2018-03-06 18:07 - 001853440 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_201836753120.dll
2018-03-07 18:07 - 2018-03-07 18:07 - 001853440 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_201837752761.dll
2018-03-09 18:07 - 2018-03-09 18:07 - 001853440 _____ (Opera Software) C:\Users\Tom\AppData\Local\Temp\Opera_installer_201839754241.dll
2015-04-09 19:08 - 2017-10-25 18:05 - 058881488 _____ (Skype Technologies S.A.) C:\Users\Tom\AppData\Local\Temp\SkypeSetup.exe
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {92FF0488-6419-4AAA-97B0-0440FE25C508} - \TomBuckeroosCoprologyV2 -> No File <==== ATTENTION

*****************

HKU\S-1-5-18\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 => not found
HKU\S-1-5-18\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => removed successfully
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-252852572-1064671646-1800406956-1001\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\skype4com => removed successfully
HKLM\Software\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => not found
HKLM\System\CurrentControlSet\Services\mmaennbv => removed successfully
mmaennbv => service removed successfully
HKLM\System\CurrentControlSet\Services\niatpxbo => removed successfully
niatpxbo => service removed successfully
HKLM\System\CurrentControlSet\Services\spaltjok => removed successfully
spaltjok => service removed successfully
HKLM\System\CurrentControlSet\Services\szftsrbn => removed successfully
szftsrbn => service removed successfully
HKLM\System\CurrentControlSet\Services\TrueSight => removed successfully
TrueSight => service removed successfully
C:\ProgramData\hash.dat => moved successfully
C:\Users\Tom\AppData\Roaming\sb195.dat => moved successfully
C:\Users\Tom\AppData\Roaming\sb476.dat => moved successfully
C:\Users\Tom\AppData\Roaming\WB.CFG => moved successfully
C:\Users\Tom\AppData\Local\DSI.DAT => moved successfully
C:\Users\Tom\AppData\Local\Web Data => moved successfully
C:\Users\Tom\AppData\Local\Web Data-journal => moved successfully
C:\Users\Tom\AppData\Local\xdt9m2fvbr => moved successfully
C:\Users\jl\AppData\Local\Temp\DseShExt-x64.dll => moved successfully
C:\Users\jl\AppData\Local\Temp\DseShExt-x86.dll => moved successfully
C:\Users\jl\AppData\Local\Temp\MSETUP4.EXE => moved successfully
C:\Users\jl\AppData\Local\Temp\ose00000.exe => moved successfully
C:\Users\jl\AppData\Local\Temp\SDShelEx-win32.dll => moved successfully
C:\Users\jl\AppData\Local\Temp\SDShelEx-x64.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\ffmpeg16.exe => moved successfully
C:\Users\Tom\AppData\Local\Temp\fp_pl_pfs_installer-1.exe => moved successfully
C:\Users\Tom\AppData\Local\Temp\fp_pl_pfs_installer.exe => moved successfully
C:\Users\Tom\AppData\Local\Temp\GUR280F.exe => moved successfully
C:\Users\Tom\AppData\Local\Temp\Helper.DLL => moved successfully
C:\Users\Tom\AppData\Local\Temp\jshortcut-3012483557483484761.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\jshortcut-7151043099465511510.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\MSETUP4.EXE => moved successfully
C:\Users\Tom\AppData\Local\Temp\MusicAppHelper.DLL => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180310130822301.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180310130823619.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180310130824152.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180310130824917.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180310130832216.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180310130835050.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180310130851423.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180311130926198.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180314001435848.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180315031541953.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180315061702218.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180315133218571.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180316132440582.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180318004447094.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180318130924025.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180321001604795.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180321130925214.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180322130924714.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180323130924452.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180323234211738.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180324130923461.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180325030314080.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180325035300424.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180325050354224.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180325130923968.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180326130924703.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180327130924106.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180328132717552.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180330034228662.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180401064436791.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180401080822166.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180401130923017.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180401131740502.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180401131740656.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180401131740791.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180401131740894.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180401131743947.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180401131744097.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180401131746304.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180402012709675.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180402131757707.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180403002518959.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180403030929327.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180403131800132.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180403133404920.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180403134330427.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180403135749671.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180404025254232.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180404055706841.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180404062609230.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180404072202784.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180404082704587.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180404131758871.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180405131757452.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180406013230995.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180406014114698.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180406024955766.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180406032408588.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180406055544648.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180406091226749.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180406131817058.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180408031842534.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180408060008326.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180408144823767.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180409131757781.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180410130749447.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180410131756831.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180411131757785.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180412131800701.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180413023510806.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180413131758814.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180414063341001.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180414131757035.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180415034011422.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180416042840055.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180416043027562.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180416043027760.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180416043028264.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180416043028576.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180416043030541.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180416043030662.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180416043033561.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180416145651595.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180417043044605.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180419121751055.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180421150601262.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180421151056879.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180422043556502.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180424115249153.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180425043044222.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180426232851539.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180427093543465.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180429064526831.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180430125656533.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180430133452682.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180501043043811.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180502043044900.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180503121347084.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180504070639579.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180506043043856.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180506043144039.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180506043144356.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180506043144547.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180506043144637.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180506043146347.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180506043146786.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180506043150052.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180507043205156.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180508122912386.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180509155237351.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180510052642465.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180511170608518.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180512071903492.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180513020441684.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180513054444780.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180515085051153.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180516111113256.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180517063048169.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180517230403367.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180519131135448.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180521092620739.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180524130434676.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180524130758830.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180525114936143.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180527042936482.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180527043203417.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_180529054151671.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_201831057556.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_201834729734.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_201834729926.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_201834730165.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_201834730337.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_201834732431.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_201834732978.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_201834737307.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_2018352315820.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_201836753120.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_201837752761.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\Opera_installer_201839754241.dll => moved successfully
C:\Users\Tom\AppData\Local\Temp\SkypeSetup.exe => moved successfully
HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208} => removed successfully
HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => removed successfully
HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4} => removed successfully
HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => removed successfully
HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => removed successfully
HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => removed successfully
HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => removed successfully
HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => removed successfully
HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04} => removed successfully
HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8} => removed successfully
HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8} => removed successfully
HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => removed successfully
HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => removed successfully
HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => removed successfully
HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9} => removed successfully
HKU\S-1-5-21-252852572-1064671646-1800406956-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{92FF0488-6419-4AAA-97B0-0440FE25C508}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92FF0488-6419-4AAA-97B0-0440FE25C508}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TomBuckeroosCoprologyV2" => removed successfully

The system needed a reboot.

==== End of Fixlog 06:23:56 ====

Broni · Nov 11, 2018

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

malsaurus · Nov 11, 2018

Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 67
Java version 32-bit out of Date!
Adobe Flash Player 31.0.0.122
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

malsaurus · Nov 11, 2018

Farbar Service Scanner Version: 27-01-2016
Ran by Tom (administrator) on 12-11-2018 at 07:13:26
Running from "C:\Users\Tom\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

malsaurus · Nov 11, 2018

Problem: Can't seem to download Temp File Cleaner using either links . . .

Broni · Nov 11, 2018

Attached, zipped.

malsaurus · Nov 11, 2018

Sophos Virus Removal Tool has not found any threats, so there seems to be no log .

Broni · Nov 11, 2018

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.

malsaurus · Nov 12, 2018

My computer is working beautifully, it hasn't worked this well since I first got it! I haven't had a single alert, it's like heaven on earth. So I have to say I cannot thank you enough, especially in time where I have to look for a job soon. So yeah, from what I can see it's working great.

Broni · Nov 12, 2018

Great news!
Good luck and stay safe

malsaurus · Nov 12, 2018

Thanks again, sir!

Broni · Nov 12, 2018

You're very welcome

Solved PRODUC~1.EXE : What is it and how do I remove it?

Posts: 35 +0

Posts: 35 +0

Posts: 56,041 +516

Posts: 35 +0

Posts: 56,041 +516

Posts: 35 +0

Posts: 35 +0

Posts: 35 +0

Posts: 35 +0

Attachments

Posts: 56,041 +516

Attachments

Posts: 35 +0

Posts: 35 +0

Posts: 56,041 +516

Posts: 35 +0

Posts: 35 +0

Posts: 35 +0

Posts: 56,041 +516

Attachments

Posts: 35 +0

Posts: 56,041 +516

Posts: 35 +0

Posts: 56,041 +516

Posts: 35 +0

Posts: 56,041 +516

Similar threads