Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

ClipConverter Malware

This is a discussion on ClipConverter Malware within the Resolved HJT Threads forums, part of the Tech Support Forum category. ClipConverter Malware: Ads appear at bottom right when I bring up Chrome. (Not other browsers) I Tried Malwarebytes, Super antispyware,


 
 
Thread Tools Search this Thread
Old 04-18-2018, 01:28 PM   #1
Registered Member
 
Join Date: Apr 2008
Posts: 15
OS: windows xp



ClipConverter Malware:

Ads appear at bottom right when I bring up Chrome. (Not other browsers) I Tried Malwarebytes, Super antispyware, and Spybot to get rid of it. These failed so I was hoping you folks could help.


PS: If it matters I picked this up when I was trying to find a new site for downloading Youtube vids. Clicked on the wrong link. (Yeah, Stupid) It was from one of the sites recommended by these links:

hXXXs://itube.aimersoft.com/download-youtube/top-website-to-download-youtube-videos.html

OR

hXXXs://www.stacktunnel.com/13-best-websites-to-download-youtube-videos-for-free.html




DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18978
Run by owner at 12:33:39 on 2018-04-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.4122 [GMT -7:00]
.
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: AVG Antivirus *Enabled/Updated* {C50510DE-367A-330C-FD5C-556ACFB11243}
SP: AVG Antivirus *Enabled/Updated* {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Wacom\WacomHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
C:\Users\owner\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Tablet\Wacom\32\WacomDesktopCenter.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: AVG Web TuneUp: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: McAfee WebAdvisor: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [AdobeBridge] <no file>
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
mRun: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {48A61126-9A19-4C50-A214-FF08CB94995C} - {29B24532-6CE1-41BA-8BF0-F580EA174AF1} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Windows\System32\LavasoftTcpService.dll
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{D5965D2A-D30A-484C-8A7C-609CCC538EAA} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{FE117B29-E2E1-442F-A42E-AB351B172553} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -
x64-BHO: McAfee WebAdvisor: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [AVGUI.exe] "C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe" /gui
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {48A61126-9A19-4C50-A214-FF08CB94995C} - {29B24532-6CE1-41BA-8BF0-F580EA174AF1} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\2g4bv4ef.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com
FF - plugin: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\Users\owner\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll
FF - plugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npo1d.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avgbidsh;avgbidsh;C:\Windows\System32\drivers\avgbidsha.sys [2017-4-5 192536]
R0 avgblog;avgblog;C:\Windows\System32\drivers\avgbloga.sys [2017-4-5 336848]
R0 avgbuniv;avgbuniv;C:\Windows\System32\drivers\avgbuniva.sys [2017-4-5 50776]
R0 avgRvrt;avgRvrt;C:\Windows\System32\drivers\avgRvrt.sys [2017-4-5 76760]
R0 avgVmm;avgVmm;C:\Windows\System32\drivers\avgVmm.sys [2017-4-5 372920]
R0 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\mbamswissarmy.sys [2018-4-15 253664]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2016-2-12 56208]
R1 avgArPot;avgArPot;C:\Windows\System32\drivers\avgArPot.sys [2017-11-27 189032]
R1 avgbdisk;avgbdisk;C:\Windows\System32\drivers\avgbdiska.sys [2017-4-5 166064]
R1 avgbidsdriver;avgbidsdriver;C:\Windows\System32\drivers\avgbidsdrivera.sys [2017-4-5 220600]
R1 avgRdr;avgRdr;C:\Windows\System32\drivers\avgRdr2.sys [2017-4-5 103744]
R1 avgSnx;avgSnx;C:\Windows\System32\drivers\avgSnx.sys [2017-4-5 1019088]
R1 avgSP;avgSP;C:\Windows\System32\drivers\avgSP.sys [2017-4-5 452904]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Windows\System32\drivers\mbae64.sys [2018-4-15 76192]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPAntiSpyware\SASCORE64.EXE [2014-7-22 173472]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-3-2 83768]
R2 AVG Antivirus;AVG Antivirus;C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [2018-4-13 314688]
R2 avgMonFlt;avgMonFlt;C:\Windows\System32\drivers\avgMonFlt.sys [2017-4-5 139608]
R2 avgStm;avgStm;C:\Windows\System32\drivers\avgStm.sys [2017-4-5 198368]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-2-16 1148560]
R2 LavasoftTcpService;LavasoftTcpService;C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2016-2-12 2751760]
R2 MBAMChameleon;MBAMChameleon;C:\Windows\System32\drivers\MbamChameleon.sys [2018-4-15 193768]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2018-4-15 6479136]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2018-4-6 604312]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-2-16 1706128]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2016-2-16 21833360]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-2-16 416432]
R2 WTabletServicePro;Wacom Professional Service;C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2017-12-9 778696]
R2 WtuSystemSupport;WtuSystemSupport;C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [2016-11-8 980552]
R3 avgbIDSAgent;avgbIDSAgent;C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [2018-4-13 7653992]
R3 MBAMFarflt;MBAMFarflt;C:\Windows\System32\drivers\farflt.sys [2018-4-15 112864]
R3 MBAMProtection;MBAMProtection;C:\Windows\System32\drivers\mbam.sys [2018-4-15 44768]
R3 MBAMWebProtection;MBAMWebProtection;C:\Windows\System32\drivers\mwac.sys [2018-4-15 93816]
R3 mfesapsn;McAfee Process Start Notification Service;C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [2018-4-6 111608]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-2-16 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2016-2-16 38032]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2016-1-27 980224]
R3 WacHidRouterPro;Wacom Hid Router Pro;C:\Windows\System32\drivers\wachidrouter.sys [2017-12-9 115192]
R3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2017-12-9 17912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-10-4 107624]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-10-3 128608]
S3 avgHwid;avgHwid;C:\Windows\System32\drivers\avgHwid.sys [2017-4-5 39352]
S3 AX88178;ASIX AX88178 USB2.0 to Gigabit Ethernet Adapter;C:\Windows\System32\drivers\ax88178.sys [2009-10-1 56320]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2018-4-10 116224]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2015-11-5 23040]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-11-5 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2016-1-23 1255736]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
ShellExec: opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2018-04-15 23:12:19 44768 ----a-w- C:\Windows\System32\drivers\mbam.sys
2018-04-15 23:12:16 93816 ----a-w- C:\Windows\System32\drivers\mwac.sys
2018-04-15 23:12:15 193768 ----a-w- C:\Windows\System32\drivers\MbamChameleon.sys
2018-04-15 23:12:15 112864 ----a-w- C:\Windows\System32\drivers\farflt.sys
2018-04-15 23:12:08 253664 ----a-w- C:\Windows\System32\drivers\mbamswissarmy.sys
2018-04-15 23:11:56 76192 ----a-w- C:\Windows\System32\drivers\mbae64.sys
2018-04-15 23:11:50 -------- d-----w- C:\ProgramData\Malwarebytes
2018-04-15 23:11:50 -------- d-----w- C:\Program Files\Malwarebytes
2018-04-14 21:31:17 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2018-04-14 21:31:12 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-04-13 09:29:17 377584 ----a-w- C:\Windows\System32\avgBoot.exe
2018-04-07 04:59:57 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2018-04-07 04:59:47 -------- d-----w- C:\Program Files (x86)\McAfee
2018-04-07 04:59:39 -------- d-----w- C:\Program Files (x86)\i-Funbox DevTeam
2018-04-07 04:46:23 -------- d-----w- C:\Users\owner\AppData\Roaming\iFunbox_UserCache
.
==================== Find3M ====================
.
2018-04-13 09:29:47 139608 ----a-w- C:\Windows\System32\drivers\avgMonFlt.sys
2018-04-13 02:53:48 136971704 -c--a-w- C:\Windows\System32\MRT-KB890830.exe
2018-03-31 02:09:32 708288 ----a-w- C:\Windows\System32\winload.efi
2018-03-31 02:09:32 5583040 ----a-w- C:\Windows\System32\ntoskrnl.exe
2018-03-31 02:09:31 95424 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2018-03-31 02:09:31 154816 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2018-03-31 01:45:09 631640 ----a-w- C:\Windows\System32\winresume.efi
2018-03-31 01:39:49 3958464 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2018-03-31 01:39:48 4046528 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2018-03-31 01:38:02 1665336 ----a-w- C:\Windows\System32\ntdll.dll
2018-03-31 01:12:37 1314064 ----a-w- C:\Windows\SysWow64\ntdll.dll
2018-03-31 0157 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2018-03-31 0153 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2018-03-31 0153 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2018-03-31 0111 64512 ----a-w- C:\Windows\System32\auditpol.exe
2018-03-31 01:03:08 338432 ----a-w- C:\Windows\System32\conhost.exe
2018-03-31 01:02:38 129536 ----a-w- C:\Windows\System32\drivers\videoprt.sys
2018-03-31 01:02:17 296960 ----a-w- C:\Windows\System32\rstrui.exe
2018-03-31 00:59:32 160256 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2018-03-31 00:58:57 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2018-03-31 00:58:56 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2018-03-31 00:58:09 30720 ----a-w- C:\Windows\System32\lsass.exe
2018-03-31 00:58:06 112640 ----a-w- C:\Windows\System32\smss.exe
2018-03-31 00:51:23 50688 ----a-w- C:\Windows\SysWow64\auditpol.exe
2018-03-31 00:47:56 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2018-03-31 00:47:54 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2018-03-31 00:47:54 2048 ----a-w- C:\Windows\SysWow64\user.exe
2018-03-31 00:47:54 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2018-03-31 00:47:08 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2018-03-31 00:47:02 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2018-03-31 00:47:02 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2018-03-31 00:47:02 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2018-03-31 00:47:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2018-03-28 07:30:01 3225600 ----a-w- C:\Windows\System32\win32k.sys
2018-03-22 21:32:26 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2018-03-22 21:32:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2018-03-22 21:18:29 66560 ----a-w- C:\Windows\System32\iesetup.dll
2018-03-22 21:17:45 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2018-03-22 21:17:42 578048 ----a-w- C:\Windows\System32\vbscript.dll
2018-03-22 21:17:40 417280 ----a-w- C:\Windows\System32\html.iec
2018-03-22 21:17:14 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2018-03-22 21:15:46 5780480 ----a-w- C:\Windows\System32\jscript9.dll
2018-03-22 2118 116224 ----a-w- C:\Windows\System32\ieetwcollector.exe
2018-03-22 2116 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2018-03-22 21:05:56 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2018-03-22 21:04:41 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2018-03-22 20:58:51 969216 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2018-03-22 20:52:24 499712 ----a-w- C:\Windows\SysWow64\vbscript.dll
2018-03-22 20:52:19 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2018-03-22 20:51:37 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2018-03-22 20:51:25 341504 ----a-w- C:\Windows\SysWow64\html.iec
2018-03-22 20:50:34 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2018-03-22 20:49:09 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2018-03-22 20:48:50 87552 ----a-w- C:\Windows\System32\tdc.ocx
2018-03-22 20:42:11 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2018-03-22 20:41:48 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2018-03-22 20:29:07 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2018-03-22 20:28:43 73216 ----a-w- C:\Windows\SysWow64\tdc.ocx
2018-03-22 20:27:47 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2018-03-22 20:27:21 2135552 ----a-w- C:\Windows\System32\inetcpl.cpl
2018-03-22 20:21:34 4496896 ----a-w- C:\Windows\SysWow64\jscript9.dll
2018-03-22 20:15:42 3241472 ----a-w- C:\Windows\System32\wininet.dll
2018-03-22 20:14:47 2059776 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2018-03-22 20:14:07 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2018-03-22 19:55:02 2767872 ----a-w- C:\Windows\SysWow64\wininet.dll
2018-03-14 17:14:44 135360 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2018-03-14 17:09:56 656384 ----a-w- C:\Windows\System32\aeinv.dll
2018-03-14 13:05:15 739840 ----a-w- C:\Windows\System32\generaltel.dll
2018-03-14 13:05:15 599552 ----a-w- C:\Windows\System32\devinv.dll
2018-03-14 13:05:15 450048 ----a-w- C:\Windows\System32\centel.dll
2018-03-14 13:05:15 414720 ----a-w- C:\Windows\System32\invagent.dll
2018-03-14 13:05:15 1559552 ----a-w- C:\Windows\System32\appraiser.dll
2018-03-14 13:05:14 291840 ----a-w- C:\Windows\System32\acmigration.dll
2018-03-14 13:05:14 237056 ----a-w- C:\Windows\System32\aepic.dll
2018-03-14 13:05:14 1993728 ----a-w- C:\Windows\System32\aitstatic.exe
2018-03-10 17:11:45 340480 ----a-w- C:\Windows\SysWow64\msexcl40.dll
2018-03-09 18:18:00 309440 ----a-w- C:\Windows\SysWow64\atmfd.dll
2018-03-09 18:12:56 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2018-03-09 18:12:47 111616 ----a-w- C:\Windows\SysWow64\t2embed.dll
2018-03-09 18:12:12 383680 ----a-w- C:\Windows\System32\atmfd.dll
2018-03-09 18:12:07 71680 ----a-w- C:\Windows\SysWow64\fontsub.dll
2018-03-09 18:11:42 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2018-03-09 18:07:45 152064 ----a-w- C:\Windows\System32\t2embed.dll
2018-03-09 18:07:21 41472 ----a-w- C:\Windows\System32\lpk.dll
2018-03-09 18:07:10 100864 ----a-w- C:\Windows\System32\fontsub.dll
2018-03-09 1841 14336 ----a-w- C:\Windows\System32\dciman32.dll
2018-03-09 1803 46080 ----a-w- C:\Windows\System32\atmlib.dll
2018-03-09 17:31:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2018-03-06 18:13:57 148160 ----a-w- C:\Windows\SysWow64\basecsp.dll
2018-03-06 18:11:54 52224 ----a-w- C:\Windows\SysWow64\wsnmp32.dll
2018-03-06 18:11:35 184320 ----a-w- C:\Windows\SysWow64\scksp.dll
2018-03-06 18:10:17 170176 ----a-w- C:\Windows\System32\basecsp.dll
2018-03-06 18:07:32 67072 ----a-w- C:\Windows\System32\wsnmp32.dll
2018-03-06 18:07:19 229376 ----a-w- C:\Windows\System32\scksp.dll
2018-02-22 03:28:38 217600 ----a-w- C:\Windows\System32\WinSCard.dll
2018-02-22 0340 134656 ----a-w- C:\Windows\SysWow64\WinSCard.dll
2018-02-18 21:34:05 634272 ----a-w- C:\Windows\System32\winload.exe
2018-02-13 23:58:26 803328 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2018-02-13 23:58:26 144896 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2018-02-10 18:23:59 330240 ----a-w- C:\Windows\SysWow64\zipfldr.dll
.
============= FINISH: 12:34:17.17 ===============
Attached Files
File Type: txt dds.txt (24.8 KB, 13 views)
File Type: txt attach.txt (6.1 KB, 11 views)
jawilsondesign is offline  
Sponsored Links
Advertisement
 
Old 04-21-2018, 07:58 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

It appears that you have two antivirus programs installed, AVG and MBAM. While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs.

Please choose one to keep and uninstall the other via Programs and Features in your Control Panel.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-21-2018, 08:23 PM   #3
Registered Member
 
Join Date: Apr 2008
Posts: 15
OS: windows xp



I took MBAM off, like you messaged, and ran the software here are the results:

# -------------------------------
# Malwarebytes AdwCleaner 7.1.0.0
# -------------------------------
# Build: 04-12-2018
# Database: 2018-04-19.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-21-2018
# Duration: 00:00:00
# OS: Windows 7 Home Premium
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************


########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
jawilsondesign is offline  
Sponsored Links
Advertisement
 
Old 04-21-2018, 08:31 PM   #4
Registered Member
 
Join Date: Apr 2008
Posts: 15
OS: windows xp



Here are those two attachments.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2018
Ran by owner (administrator) on OWNER-PC (21-04-2018 20:27:06)
Running from C:\Users\owner\Downloads
Loaded Profiles: owner (Available Profiles: owner & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPAntiSpyware\SASCORE64.EXE
(f.lux Software LLC) C:\Users\owner\AppData\Local\FluxSoftware\Flux\flux.exe
(i-Funbox.com) C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\32\WacomDesktopCenter.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-10-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [291056 2018-04-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2192500448-3463796087-2821819380-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2192500448-3463796087-2821819380-1000\...\Run: [cdloader] => C:\Users\owner\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-2192500448-3463796087-2821819380-1000\...\Run: [Google Update] => C:\Users\owner\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-15] (Google Inc.)
HKU\S-1-5-21-2192500448-3463796087-2821819380-1000\...\Run: [f.lux] => C:\Users\owner\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
HKU\S-1-5-21-2192500448-3463796087-2821819380-1000\...\Run: [iFunBox] => C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe [2992248 2016-09-21] (i-Funbox.com)
HKU\S-1-5-21-2192500448-3463796087-2821819380-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [718208 2010-03-16] (Microsoft Corporation)
HKU\S-1-5-21-2192500448-3463796087-2821819380-1000\...\MountPoints2: {5a2ebfd9-4305-11e7-86db-1cc1de619e18} - D:\LaunchU3.exe -a
HKU\S-1-5-21-2192500448-3463796087-2821819380-1000\...\MountPoints2: {709f341d-3113-11e6-934c-1cc1de619e18} - D:\VZW_Software_upgrade_assistant.exe
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{D5965D2A-D30A-484C-8A7C-609CCC538EAA}: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
Tcpip\..\Interfaces\{FE117B29-E2E1-442F-A42E-AB351B172553}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-2192500448-3463796087-2821819380-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2192500448-3463796087-2821819380-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2192500448-3463796087-2821819380-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={75BCA02B-1C3A-4B3E-BF7B-9AAE05FA6608}&mid=c654a12f9bf647cfbf96cd88988577eb-fc325179a99bf9898042f1dae95127bcbde7ed9b&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-11-08 19:50:15&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll => No File
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-03-19] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: 2g4bv4ef.default
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\2g4bv4ef.default [2018-04-21]
FF Homepage: Mozilla\Firefox\Profiles\2g4bv4ef.default -> hxxps://www.google.com
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-04-19]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-02-12] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.6\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @Nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @Nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @Videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2192500448-3463796087-2821819380-1000: @Talk.google.com/GoogleTalkPlugin -> C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2192500448-3463796087-2821819380-1000: @Talk.google.com/O1DPlugin -> C:\Users\owner\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2192500448-3463796087-2821819380-1000: @tools.google.com/Google Update;version=3 -> C:\Users\owner\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2192500448-3463796087-2821819380-1000: @tools.google.com/Google Update;version=9 -> C:\Users\owner\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\owner\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default [2018-04-21]
CHR Extension: (Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-12]
CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-12]
CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-12]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-04-06]
CHR Extension: (Google Docs Offline) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-12]
CHR Extension: (Chrome Media Router) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-20]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPAntiSpyware\SASCORE64.EXE [173472 2017-02-13] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [314688 2018-04-13] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7653992 2018-04-13] (AVG Technologies CZ, s.r.o.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-10-13] (NVIDIA Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2018-03-19] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-10-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-10-13] (NVIDIA Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [778696 2017-10-09] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [189032 2018-04-13] (AVG Technologies CZ, s.r.o.)
R1 avgbdisk; C:\Windows\System32\drivers\avgbdiska.sys [166064 2018-04-13] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdrivera.sys [220600 2018-04-13] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsha.sys [192536 2018-04-13] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgbloga.sys [336848 2018-04-13] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniva.sys [50776 2018-04-13] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [39352 2018-04-13] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [139608 2018-04-13] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [103744 2018-04-13] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [76760 2018-04-13] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1019088 2018-04-13] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [452904 2018-04-13] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [198368 2018-04-13] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [372920 2018-04-13] (AVG Technologies CZ, s.r.o.)
S3 AX88178; C:\Windows\System32\DRIVERS\ax88178.sys [56320 2009-10-01] (ASIX Electronics Corp.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-10-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-10-13] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 WacHidRouterPro; C:\Windows\System32\DRIVERS\wachidrouter.sys [115192 2017-10-08] (Wacom Technology, Corp.)
U0 aswVmm; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error(1) reading file: "C:\Users\owner\Downloads\MathFoundations186_ The curious role of "
2018-04-21 20:27 - 2018-04-21 20:28 - 000019806 _____ C:\Users\owner\Downloads\FRST.txt
2018-04-21 20:26 - 2018-04-21 20:27 - 000000000 ____D C:\FRST
2018-04-21 20:26 - 2018-04-21 20:26 - 002404352 _____ (Farbar) C:\Users\owner\Downloads\FRST64.exe
2018-04-21 20:05 - 2018-04-21 20:07 - 000000000 ____D C:\AdwCleaner
2018-04-21 20:05 - 2018-04-21 20:05 - 007256272 _____ (Malwarebytes) C:\Users\owner\Downloads\AdwCleaner.exe
2018-04-18 12:34 - 2018-04-18 12:34 - 000025375 _____ C:\Users\owner\Desktop\dds.txt
2018-04-18 12:34 - 2018-04-18 12:34 - 000006257 _____ C:\Users\owner\Desktop\attach.txt
2018-04-18 12:27 - 2018-04-18 12:27 - 000688992 ____R (Swearware) C:\Users\owner\Desktop\dds.scr
2018-04-18 11:44 - 2018-04-18 11:45 - 005810408 _____ C:\Users\owner\Downloads\WWW.DOWNVIDS.NET-The Easiest Way to Calculate Pi.mp4
2018-04-17 17:36 - 2018-04-17 17:36 - 000000000 ____D C:\Users\owner\AppData\LocalLow\uTorrent
2018-04-17 17:16 - 2018-04-17 17:18 - 000000000 ____D C:\Users\owner\Downloads\Monk(2002–2009)(Seasons 01-08)[S01-S08-Complete TV Series][720p WEB-DL-DD5.1-H.264]
2018-04-15 15:08 - 2018-04-15 15:08 - 000000000 ____D C:\Users\owner\Desktop\LABEL
2018-04-14 20:15 - 2018-04-14 20:15 - 000000085 _____ C:\Windows\wininit.ini
2018-04-14 15:36 - 2018-04-14 15:38 - 019532797 _____ C:\Users\owner\Desktop\GREAT POINT.webm
2018-04-14 14:31 - 2018-04-14 20:18 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-04-14 14:31 - 2018-04-14 20:15 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-04-14 14:31 - 2018-04-14 14:31 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2018-04-13 02:29 - 2018-04-13 02:28 - 000377584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2018-04-11 20:08 - 2018-04-05 17:40 - 000014106 _____ C:\Users\owner\Desktop\Billing and Renewal.xlsx
2018-04-10 11:52 - 2018-03-30 19:09 - 005583040 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-04-10 11:52 - 2018-03-30 19:09 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-04-10 11:52 - 2018-03-30 19:09 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-04-10 11:52 - 2018-03-30 19:09 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-04-10 11:52 - 2018-03-30 19:09 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-04-10 11:52 - 2018-03-30 18:45 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-04-10 11:52 - 2018-03-30 18:39 - 004046528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-04-10 11:52 - 2018-03-30 18:39 - 003958464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-04-10 11:52 - 2018-03-30 18:38 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 001461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:12 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 18:06 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-04-10 11:52 - 2018-03-30 18:06 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-04-10 11:52 - 2018-03-30 18:06 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-04-10 11:52 - 2018-03-30 18:06 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-04-10 11:52 - 2018-03-30 18:03 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-04-10 11:52 - 2018-03-30 18:02 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-04-10 11:52 - 2018-03-30 18:02 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-04-10 11:52 - 2018-03-30 17:59 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-04-10 11:52 - 2018-03-30 17:58 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-04-10 11:52 - 2018-03-30 17:58 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-04-10 11:52 - 2018-03-30 17:58 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-04-10 11:52 - 2018-03-30 17:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-04-10 11:52 - 2018-03-30 17:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-04-10 11:52 - 2018-03-30 17:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-04-10 11:52 - 2018-03-30 17:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-04-10 11:52 - 2018-03-30 17:47 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-04-10 11:52 - 2018-03-30 17:47 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-04-10 11:52 - 2018-03-30 17:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 17:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 17:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 17:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-04-10 11:52 - 2018-03-30 17:47 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-04-10 11:52 - 2018-03-28 00:30 - 003225600 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-04-10 11:52 - 2018-03-23 11:50 - 000396952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-04-10 11:52 - 2018-03-23 10:59 - 000348824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-04-10 11:52 - 2018-03-22 16:00 - 025742336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-04-10 11:52 - 2018-03-22 14:32 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-04-10 11:52 - 2018-03-22 14:32 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-04-10 11:52 - 2018-03-22 14:26 - 020287488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-04-10 11:52 - 2018-03-22 14:19 - 002901504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-04-10 11:52 - 2018-03-22 14:18 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-04-10 11:52 - 2018-03-22 14:17 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-04-10 11:52 - 2018-03-22 14:17 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-04-10 11:52 - 2018-03-22 14:17 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-04-10 11:52 - 2018-03-22 14:17 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-04-10 11:52 - 2018-03-22 14:15 - 005780480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-04-10 11:52 - 2018-03-22 14:10 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-04-10 11:52 - 2018-03-22 14:09 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-04-10 11:52 - 2018-03-22 14:07 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-04-10 11:52 - 2018-03-22 14:06 - 000794112 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-04-10 11:52 - 2018-03-22 14:06 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-04-10 11:52 - 2018-03-22 14:06 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-04-10 11:52 - 2018-03-22 14:05 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-04-10 11:52 - 2018-03-22 14:04 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-04-10 11:52 - 2018-03-22 13:58 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-04-10 11:52 - 2018-03-22 13:55 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-04-10 11:52 - 2018-03-22 13:52 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-04-10 11:52 - 2018-03-22 13:52 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-04-10 11:52 - 2018-03-22 13:51 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-04-10 11:52 - 2018-03-22 13:51 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-04-10 11:52 - 2018-03-22 13:50 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-04-10 11:52 - 2018-03-22 13:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-04-10 11:52 - 2018-03-22 13:48 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-04-10 11:52 - 2018-03-22 13:48 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-04-10 11:52 - 2018-03-22 13:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-04-10 11:52 - 2018-03-22 13:45 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-04-10 11:52 - 2018-03-22 13:45 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-04-10 11:52 - 2018-03-22 13:45 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-04-10 11:52 - 2018-03-22 13:44 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-04-10 11:52 - 2018-03-22 13:43 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-04-10 11:52 - 2018-03-22 13:42 - 000661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-04-10 11:52 - 2018-03-22 13:42 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-04-10 11:52 - 2018-03-22 13:42 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-04-10 11:52 - 2018-03-22 13:41 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-04-10 11:52 - 2018-03-22 13:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-04-10 11:52 - 2018-03-22 13:33 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-04-10 11:52 - 2018-03-22 13:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-04-10 11:52 - 2018-03-22 13:29 - 015282688 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-04-10 11:52 - 2018-03-22 13:29 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-04-10 11:52 - 2018-03-22 13:29 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-04-10 11:52 - 2018-03-22 13:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-04-10 11:52 - 2018-03-22 13:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-04-10 11:52 - 2018-03-22 13:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-04-10 11:52 - 2018-03-22 13:27 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-04-10 11:52 - 2018-03-22 13:27 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-04-10 11:52 - 2018-03-22 13:25 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-04-10 11:52 - 2018-03-22 13:25 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-04-10 11:52 - 2018-03-22 13:24 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-04-10 11:52 - 2018-03-22 13:22 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-04-10 11:52 - 2018-03-22 13:21 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-04-10 11:52 - 2018-03-22 13:20 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-04-10 11:52 - 2018-03-22 13:17 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-04-10 11:52 - 2018-03-22 13:15 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-04-10 11:52 - 2018-03-22 13:15 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-04-10 11:52 - 2018-03-22 13:14 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-04-10 11:52 - 2018-03-22 13:14 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-04-10 11:52 - 2018-03-22 13:04 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-04-10 11:52 - 2018-03-22 12:55 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-04-10 11:52 - 2018-03-22 12:53 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-04-10 11:52 - 2018-03-22 12:52 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-04-10 11:52 - 2018-03-22 12:51 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-04-10 11:52 - 2018-03-14 10:14 - 000135360 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-04-10 11:52 - 2018-03-14 10:09 - 000656384 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-04-10 11:52 - 2018-03-14 06:05 - 001993728 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-04-10 11:52 - 2018-03-14 06:05 - 001559552 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-04-10 11:52 - 2018-03-14 06:05 - 000739840 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-04-10 11:52 - 2018-03-14 06:05 - 000599552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-04-10 11:52 - 2018-03-14 06:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-04-10 11:52 - 2018-03-14 06:05 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-04-10 11:52 - 2018-03-14 06:05 - 000291840 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-04-10 11:52 - 2018-03-14 06:05 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-04-10 11:52 - 2018-03-10 10:11 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2018-04-10 11:52 - 2018-03-09 11:18 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-04-10 11:52 - 2018-03-09 11:12 - 000383680 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-04-10 11:52 - 2018-03-09 11:12 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-04-10 11:52 - 2018-03-09 11:12 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-04-10 11:52 - 2018-03-09 11:12 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-04-10 11:52 - 2018-03-09 11:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-04-10 11:52 - 2018-03-09 11:07 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-04-10 11:52 - 2018-03-09 11:07 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-04-10 11:52 - 2018-03-09 11:07 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-04-10 11:52 - 2018-03-09 11:06 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-04-10 11:52 - 2018-03-09 11:06 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-04-10 11:52 - 2018-03-09 10:31 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-04-10 11:52 - 2018-03-06 11:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2018-04-10 11:52 - 2018-03-06 11:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
2018-04-10 11:52 - 2018-03-06 11:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
2018-04-10 11:52 - 2018-03-06 11:10 - 000170176 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2018-04-10 11:52 - 2018-03-06 11:07 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2018-04-10 11:52 - 2018-03-06 11:07 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2018-04-10 11:52 - 2018-01-25 07:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-04-10 11:52 - 2018-01-25 07:05 - 000063832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:05 - 000020824 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:05 - 000019800 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:05 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-04-10 11:52 - 2018-01-25 07:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-04-10 11:52 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-04-10 11:52 - 2018-01-25 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-04-10 11:52 - 2018-01-25 07:04 - 000922944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-04-10 11:52 - 2018-01-25 07:04 - 000066392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:04 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:04 - 000019800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:04 - 000016216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:04 - 000015704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-04-10 11:52 - 2018-01-25 07:04 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-04-10 11:52 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-04-10 11:52 - 2018-01-25 07:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-04-10 11:52 - 2018-01-25 07:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-04-09 21:03 - 2018-04-09 21:03 - 030200791 _____ C:\Users\owner\Downloads\WWW.DOWNVIDS.NET-Understand Calculus in 10 Minutes.mp4
2018-04-09 15:44 - 2018-04-09 15:44 - 000238516 _____ C:\Users\owner\Desktop\2705639fnl.pdf
2018-04-06 22:19 - 2018-04-06 22:19 - 044246708 _____ C:\Users\owner\Downloads\WWW.DOWNVIDS.NET-Transfer Videos_Photos from Computer to iPhone 2017! Best .mp4
2018-04-06 21:59 - 2018-04-07 00:29 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-04-06 21:59 - 2018-04-06 21:59 - 000001060 _____ C:\Users\owner\Desktop\iFunbox.lnk
2018-04-06 21:59 - 2018-04-06 21:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Funbox DevTeam
2018-04-06 21:59 - 2018-04-06 21:59 - 000000000 ____D C:\ProgramData\McAfee
2018-04-06 21:59 - 2018-04-06 21:59 - 000000000 ____D C:\Program Files (x86)\i-Funbox DevTeam
2018-04-06 21:46 - 2018-04-06 21:59 - 000000000 ____D C:\Users\owner\AppData\Roaming\iFunbox_UserCache

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-21 20:19 - 2009-07-13 21:45 - 000021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-21 20:19 - 2009-07-13 21:45 - 000021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-21 20:17 - 2016-11-22 01:57 - 000000000 ____D C:\Users\owner\AppData\LocalLow\Mozilla
2018-04-21 20:16 - 2016-01-22 18:47 - 000003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{32E77239-5C19-425C-9C8B-7A4CF4D07F58}
2018-04-21 20:12 - 2017-12-09 19:06 - 000000000 ____D C:\Users\owner\AppData\Roaming\WTablet
2018-04-21 20:11 - 2016-02-16 17:30 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-21 20:11 - 2016-02-13 14:07 - 000000216 _____ C:\Windows\Tasks\AutoKMS.job
2018-04-21 20:11 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-21 20:07 - 2016-02-12 16:13 - 000000000 ____D C:\Users\owner\AppData\Roaming\Lavasoft
2018-04-21 20:07 - 2016-02-12 16:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2018-04-21 20:07 - 2016-02-12 16:13 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2018-04-21 20:07 - 2016-02-12 16:12 - 000000000 ____D C:\ProgramData\Lavasoft
2018-04-21 19:14 - 2018-03-15 14:50 - 000000000 ____D C:\Users\owner\Desktop\INT MARKETING
2018-04-21 11:30 - 2016-02-12 16:23 - 000000000 ____D C:\Users\owner\AppData\Roaming\vlc
2018-04-21 11:13 - 2016-02-13 14:07 - 000000218 _____ C:\Windows\Tasks\AutoKMSDaily.job
2018-04-20 08:54 - 2016-02-12 16:22 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-04-17 23:09 - 2016-02-16 01:59 - 000000000 ____D C:\Users\owner\AppData\Roaming\uTorrent
2018-04-17 17:16 - 2016-07-04 01:57 - 000000000 ____D C:\Users\owner\Downloads\ENT
2018-04-16 15:42 - 2009-07-13 22:13 - 000868784 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-16 15:42 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2018-04-14 16:54 - 2016-11-08 12:13 - 000000000 ____D C:\Program Files\SUPAntiSpyware
2018-04-14 15:18 - 2016-02-16 17:29 - 000000000 ____D C:\Users\owner\Desktop\Install Stuf
2018-04-13 03:04 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\rescache
2018-04-13 02:29 - 2017-04-05 23:30 - 000139608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2018-04-13 02:29 - 2017-04-05 23:30 - 000003916 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2018-04-13 02:28 - 2017-11-27 16:37 - 000189032 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2018-04-13 02:28 - 2017-04-05 23:30 - 001019088 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2018-04-13 02:28 - 2017-04-05 23:30 - 000452904 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2018-04-13 02:28 - 2017-04-05 23:30 - 000372920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2018-04-13 02:28 - 2017-04-05 23:30 - 000336848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2018-04-13 02:28 - 2017-04-05 23:30 - 000220600 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2018-04-13 02:28 - 2017-04-05 23:30 - 000198368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2018-04-13 02:28 - 2017-04-05 23:30 - 000192536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2018-04-13 02:28 - 2017-04-05 23:30 - 000166064 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2018-04-13 02:28 - 2017-04-05 23:30 - 000103744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2018-04-13 02:28 - 2017-04-05 23:30 - 000076760 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2018-04-13 02:28 - 2017-04-05 23:30 - 000050776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2018-04-13 02:28 - 2017-04-05 23:30 - 000039352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2018-04-12 21:20 - 2009-07-13 21:45 - 005064336 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-12 21:17 - 2016-01-24 04:25 - 000000000 ____D C:\Windows\system32\appraiser
2018-04-12 19:57 - 2016-01-23 02:03 - 000000000 ____D C:\Windows\system32\MRT
2018-04-12 19:53 - 2017-10-11 18:05 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-04-12 19:53 - 2016-01-23 02:03 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-04-12 12:16 - 2016-02-12 15:54 - 000003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1455317689
2018-04-12 12:16 - 2016-02-12 15:51 - 000000000 ____D C:\Program Files (x86)\Opera
2018-04-11 16:42 - 2016-06-20 13:44 - 000000000 ____D C:\Users\owner\Desktop\Current Projects
2018-04-11 16:26 - 2016-02-15 17:03 - 000000000 ____D C:\Users\owner\Desktop\Development
2018-03-31 11:03 - 2009-07-13 22:08 - 000032612 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-03-27 16:19 - 2016-02-16 01:43 - 000000000 ____D C:\Users\owner\Downloads\MP3
2018-03-27 09:24 - 2016-11-22 00:59 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-03-27 09:24 - 2016-02-12 16:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2016-02-16 19:21 - 2017-08-14 11:00 - 000000132 _____ () C:\Users\owner\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-03-02 17:35 - 2017-08-26 14:57 - 000001456 _____ () C:\Users\owner\AppData\Local\Adobe Save for Web 13.0 Prefs

Some files in TEMP:
====================
2010-03-16 07:12 - 2010-03-16 07:12 - 000174440 ____R (Microsoft Corporation) C:\Users\owner\AppData\Local\Temp\ose00000.exe
2010-03-16 07:12 - 2010-03-16 07:12 - 000149352 ____R (Microsoft Corporation) C:\Users\owner\AppData\Local\Temp\ose00001.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-18 12:05

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (36.1 KB, 15 views)
jawilsondesign is offline  
Old 04-22-2018, 05:47 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Are you running an illegal(cracked) copy of Windows, Office, or both?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-22-2018, 08:34 PM   #6
Registered Member
 
Join Date: Apr 2008
Posts: 15
OS: windows xp



No, both are legal but since I redid my computer not sure Office was activated. (I don't use it much)
jawilsondesign is offline  
Old 04-22-2018, 08:41 PM   #7
Registered Member
 
Join Date: Apr 2008
Posts: 15
OS: windows xp



I am subscribed to this thread, you have my correct e-mail, I checked the box that I wanted to be immediately notified about messages, why do I not get e-mailed? (I have checked my spam folder its not that) I only received one e-mail notification from your site and it was hours after the post.
jawilsondesign is offline  
Old 04-23-2018, 07:01 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You have software on your machine that bypasses Windows and/or Office activation.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-23-2018, 07:42 PM   #9
Registered Member
 
Join Date: Apr 2008
Posts: 15
OS: windows xp



I don't think I have 'bypass software'. Whats it called? My Windows is genuine for sure; I remember paying for it with my computer. (It was not cheap so if youre telling me its fake Id like to know how I can prove that.) Now my Office is old and from my last computer and I'm not sure its registered. In anycase if I cant find my code, I can just take off office and put on a free one like Open Office for all I use it. Is that what I need to do; is the program screwing something up or is this a principle thing?
jawilsondesign is offline  
Old 04-23-2018, 07:46 PM   #10
Registered Member
 
Join Date: Apr 2008
Posts: 15
OS: windows xp



BTW took 3.5 hours to get notice of your email. How do I get it to be immediate?
jawilsondesign is offline  
Old 04-23-2018, 07:46 PM   #11
Registered Member
 
Join Date: Apr 2008
Posts: 15
OS: windows xp



of your message I mean.
jawilsondesign is offline  
Old 04-23-2018, 07:52 PM   #12
Registered Member
 
Join Date: Apr 2008
Posts: 15
OS: windows xp



Actually the e-mail I got was from yesterday it did not notify me at all about your message today.
jawilsondesign is offline  
Old 04-24-2018, 06:47 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello jawilsondesign. Not sure about the email notifications thing. I'll ask.

It is a principle thing. You will have to uninstall MS Office before proceeding.

Why is Cryptographic Services disabled on your machine? Did you disable it via MSConfig or Task Manager?

Please re-enable Cryptographic Services via MSConfig or Task Manager. Let me know if you had trouble.

------------------------------------------------------

I see you have P2P software ( uTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here and here

I would strongly recommend that you uninstall it. You can do so via Control Panel >> Programs and Features.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/...#1TC=windows-7

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

https://pcsupport.about.com/od/windo...-windows-7.htm

------------------------------------------------------

Go here and follow the prompts under Step 1 to clean up your Chrome browser:

https://support.google.com/chrome/answer/2765944

Let me know if it found anything.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    CustomCLSID: HKU\S-1-5-21-2192500448-3463796087-2821819380-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2192500448-3463796087-2821819380-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2192500448-3463796087-2821819380-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2192500448-3463796087-2821819380-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2192500448-3463796087-2821819380-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2192500448-3463796087-2821819380-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => No File
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
    ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
    ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
    Task: {04CF6F7D-0904-43D7-9EEF-67A62CDAA11B} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
    Task: {F6E2D4FC-F0C3-4DBF-A4C4-E9012F04EE0C} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS\AutoKMS.exe
    Task: {89A30445-4F34-4546-B673-42EC77C5E266} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2018-02-01] (AVAST Software)
    Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
    Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS\AutoKMS.exe
    C:\Windows\AutoKMS
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-2192500448-3463796087-2821819380-1000\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-2192500448-3463796087-2821819380-1000\...\MountPoints2: {5a2ebfd9-4305-11e7-86db-1cc1de619e18} - D:\LaunchU3.exe -a
    HKU\S-1-5-21-2192500448-3463796087-2821819380-1000\...\MountPoints2: {709f341d-3113-11e6-934c-1cc1de619e18} - D:\VZW_Software_upgrade_assistant.exe
    earchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2192500448-3463796087-2821819380-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2192500448-3463796087-2821819380-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={75BCA02B-1C3A-4B3E-BF7B-9AAE05FA6608}&mid=c654a12f9bf647cfbf96cd88988577eb-fc325179a99bf9898042f1dae95127bcbde7ed9b&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-11-08 19:50:15&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
    BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll => No File
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.6\\npsitesafety.dll [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    U0 aswVmm; no ImagePath
    2018-04-21 20:11 - 2016-02-13 14:07 - 000000216 _____ C:\Windows\Tasks\AutoKMS.job
    2018-04-21 11:13 - 2016-02-13 14:07 - 000000218 _____ C:\Windows\Tasks\AutoKMSDaily.job
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-24-2018, 10:36 PM   #14
Registered Member
 
Join Date: Apr 2008
Posts: 15
OS: windows xp



Office is off my computer. I have no idea what 'Cryptographic Services' is and have no concept of how to turn it on or off.
jawilsondesign is offline  
Old 04-24-2018, 11:29 PM   #15
Registered Member
 
Join Date: Apr 2008
Posts: 15
OS: windows xp



Took U-torrent off. Did clean up Chrome browser; it found nothing. Did back up.
jawilsondesign is offline  
Old 04-25-2018, 12:11 AM   #16
Registered Member
 
Join Date: Apr 2008
Posts: 15
OS: windows xp



I'm sorry but I should tell you that while I have taken your advice to the letter and only did what you wrote to do in all other respects, earlier today before your message, and after your second day of messages about MS product activation, I mistakenly took it like you were unlikely to keep helping me. I would not have gone to another forum without notifying you, but I read on malwaretips.com that HitmanPro (32-bit) comes highly recommended. I ran it. Again sorry I should have been more patient. As I wrote in my first post before I contacted you, I had Tried Malwarebytes, Super antispyware, Spybot and they all failed--but HitmanPro seems to have worked. I have not only opened Chrome without the ads coming up multiple times I have done this after restarting the computer twice. I don't know if it will stick but it has so far. In any case since this is a breach of your recommendations, and because it seems to have worked, I had let you know.
jawilsondesign is offline  
Old 04-25-2018, 06:51 PM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, jawilsondesign. Thanks for telling me.

I still need you to run that last Fix with FRST and post the Fixlog.txt log.

------------------------------------------------------

Go Start and type cmd into the Search box, right-click cmd.exe at the top and choose 'Run as administrator'.

Type(or copy/paste) the following bolded command at the command prompt and press 'Enter'(note the spaces):

sc config cryptsvc start= auto

Repeat for the following:

sc start cryptsvc

Type exit then press 'Enter'.

------------------------------------------------------

Also...

Go Start > Run and copy/paste the following into the Run box and click OK:

cmd /c net start >log.txt&log.txt&del log.txt

A DOS window will open and close. This is normal.

A Notepad file should open. Please post the contents of the log here.

------------------------------------------------------

Go Start > Run and copy/paste the following into the Run box and click OK:

cmd /c net start >log.txt&log.txt&del log.txt

A DOS window will open and close. This is normal.

A Notepad file should open. Please post the contents of the log here.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-25-2018, 11:26 PM   #18
Registered Member
 
Join Date: Apr 2008
Posts: 15
OS: windows xp



Thank you for all your help. I know you are a pro but everything is working now and I'm just not comfortable doing a bunch of stuff I don't understand when everything is working. (Also because the issue was adware not a virus and If the issue comes back I have made up my mind to redo the computer.) I have done a backup of essential files, as you have suggested, Ive took off utorrent and Word. I have only one antivirus running. Thank you for all the great advice and help. James.
jawilsondesign is offline  
Old 04-28-2018, 11:54 AM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're welcome.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Android Malware Hides as Microsoft Word File, Steals and Emails User Data to Attacker
Android Malware Hides as Microsoft Word File, Steals and Emails User Data to Attacker - Softpedia
JMH3143 Computer Security News 0 10-30-2015 10:39 PM
Jun27 New Banking Malware Uses Network Sniffing for Data Theft
New Banking Malware Uses Network Sniffing for Data Theft | Security Intelligence Blog | Trend Micro
JMH3143 Computer Security News 0 06-28-2014 05:37 PM
Customised malware attacks grow increasingly widespread
The rising popularity of custom malware and the inability of antivirus software to keep pace poses potent challenges for enterprises trying to keep their systems secure. It's no secret that the goal of modern malware writers is to create attack software that is stealthy and flows undetected for...
Glaswegian Computer Security News 0 03-21-2011 01:35 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:01 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts