Jump to content


Photo

Problems with Word, Excel, and PowerPoint


  • This topic is locked This topic is locked
19 replies to this topic

#1 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 01 May 2017 - 07:34 PM

I can open all of these frequently used programs. But if I try and then open a file from Dropbox anyone of these 3 programs will now freeze, they never used to.  And if I try and "save as" again the program will freeze.  If I simply safe to the default 'Documents' file it will save and I can then move the file afterwards.  Or I can open a file by using Windows Explorer, and click on the file, and it will open in the correct software, but obviously it's not working right.   Something is wrong here.  So, here is the Malwarebytes file, the Farbar file, I was unable to run the RGSA file, just couldn't get past Windows security, I tried everything....so, I ran the ESET Scan, and attached that file.  After you've reviewed, if you need anything else, just let me know.  Thank you in advance, I appreciate all you do.  

 

Malwarebytes

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/1/17
Scan Time: 7:33 PM
Logfile: MBAM file.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1846
License: Premium

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-NA3AC93\Carl Russell

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 401519
Time Elapsed: 3 min, 44 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

 

Farbar:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-05-2017
Ran by Carl Russell (01-05-2017 19:47:23)
Running from C:\Users\Carl Russell\Downloads
Windows 10 Pro Version 1703 (X64) (2017-04-13 15:25:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2502126243-2453895596-2800589288-500 - Administrator - Disabled)
Carl Russell (S-1-5-21-2502126243-2453895596-2800589288-1004 - Administrator - Enabled) => C:\Users\Carl Russell
DefaultAccount (S-1-5-21-2502126243-2453895596-2800589288-503 - Limited - Disabled)
Guest (S-1-5-21-2502126243-2453895596-2800589288-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4Team Safe PST Backup Free Edition (HKLM-x32\...\{B197DCCD-2AF1-4B22-A332-7A7C112A2172}) (Version: 2.60.0599 - 4Team Corporation)
Act! Pro (HKLM-x32\...\InstallShield_{B3DFA056-0041-4D86-B891-D96F9F302493}) (Version: 18.1.0.0 - Swiftpage ACT! LLC)
Act! Pro (x32 Version: 18.1.0.0 - Swiftpage ACT! LLC) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Application Verifier (x64) (HKLM\...\{361A49FA-59B3-49FB-8C3E-08AF3EA5791A}) (Version: 4.0.917 - Microsoft Corporation)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
BCL easyConverter SDK 3 (Word Version) 64 (HKLM\...\{350CC85B-CA59-4F85-909D-8E4CDBF532FA}) (Version: 3.0.64 - BCL Technologies)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform)
Cisco WebEx Meetings (HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{CC8F903A-9698-4245-9A38-22412DEF1029}) (Version: 1.0.446 - Citrix)
Dashlane (HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\...\Dashlane) (Version: 4.7.1.28771 - Dashlane, Inc.)
Debugging Tools for Windows (x64) (HKLM\...\{7F2E5C3B-DBDF-469D-AD8D-F686D3B71176}) (Version: 6.11.1.404 - Microsoft Corporation)
Driver Booster 4.3 (HKLM-x32\...\Driver Booster_is1) (Version: 4.3.0 - IObit)
Dropbox (HKLM-x32\...\Dropbox) (Version: 24.4.17 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.65.1 - Dropbox, Inc.) Hidden
DYMO Label Software (HKLM-x32\...\DYMO Label Software) (Version:  - )
DYMO LabelWriter Drivers (HKLM\...\{CE16D92B-50F3-4FC5-B29C-13FAFEE1A6C6}) (Version: 8.3.0.443 - Sanford L.P.)
Family Tree Maker 2014.1 (HKLM\...\{6DF6B967-71FE-4921-BC4C-91724F22726C}) (Version: 22.0.1510 - Software MacKiev)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
GDR 2269 for SQL Server 2014 (KB3045324) (64-bit) (HKLM\...\KB3045324) (Version: 12.0.2269.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
GoToAssist Customer 3.1.0.1251 (HKLM-x32\...\GoToAssist Express Customer) (Version: 3.1.0.1251 - Citrix Online)
GoToMeeting 8.4.0.6871 (HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\...\GoToMeeting) (Version: 8.4.0.6871 - CitrixOnline)
Hotfix 2569 for SQL Server 2014 (KB3158271) (64-bit) (HKLM\...\KB3158271) (Version: 12.0.2569.0 - Microsoft Corporation)
HP 10bII+ Virtual Calculator (HKLM-x32\...\{C6ABAE79-1C6E-45DF-84DA-ADA90740F2FB}) (Version: 1.3.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.6.14.19 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{CE29BC77-C5AE-49D8-A8C0-FDAF6ACF74DF}) (Version: 6.0.1.41 - Apple Inc.)
Insperity ExpensAble Office (HKLM-x32\...\{12C45EBF-343F-40F8-87AE-C9BEA335D5E0}) (Version: 9.1.1 - Insperity Expense Management)
Intel Security True Key (HKLM\...\TrueKey) (Version: 3.9.141.1 - Intel Security)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4409 - Intel Corporation)
IObit Malware Fighter 5 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 5.0 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.3.0.18 - IObit)
iTunes (HKLM\...\{2C49F336-2E86-4407-83E2-16AC65598EF4}) (Version: 12.5.3.16 - Apple Inc.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version:  - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A106FA6F-E94C-44C9-8A0F-C34BD82C9FE6}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7967.2139 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{E2D10175-7411-4EA5-8E32-FA21262B435D}) (Version: 11.2.5592.0 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{92FBD63F-918C-4465-A283-957B15042D80}) (Version: 12.0.2569.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{2C8240B9-2142-4A0E-9678-7F3C678E34C6}) (Version: 12.0.2569.0 - Microsoft Corporation)
Microsoft Support and Recovery Assistant for Office 365 (HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\...\4415f693b586d348) (Version: 16.0.1369.8 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU  (HKLM-x32\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x64 (HKLM\...\{965DF723-5688-359E-84D2-417CAFE644B5}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86 (HKLM-x32\...\{44D9A2CB-0692-3180-B5E2-26F4E807D067}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.0) (HKLM\...\SDKSetup_7.0.7600.16385.40715) (Version: 7.0.7600.16385.40715 - Microsoft Corporation)
Mozilla Firefox 53.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0 (x86 en-US)) (Version: 53.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.0.6312 - Mozilla)
NVIDIA Graphics Driver 376.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.67 - NVIDIA Corporation)
NVIDIA Update 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.11.4.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{D2064264-3162-4DB1-AFE0-167BEFBBCD9C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7424 - Realtek Semiconductor Corp.)
Realtek USB Gigabit Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 8.17.812.2014 - Realtek)
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{E8A70371-2C4D-4B12-831D-6A4BB9AC7AEF}) (Version: 7.29.0.73 - Skype Technologies S.A.)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.5.1 - IObit)
Snagit 10 (HKLM-x32\...\{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}) (Version: 10.0.0 - TechSmith Corporation)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SQL Server 2014 Common Files (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.0.2000.8 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.77242 - TeamViewer)
Trigger External Graphics Family 16.02.0315.0179 (HKLM-x32\...\{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}) (Version: 16.02.0315.0179 - MCT Corp)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.1 - Tweaking.com)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
WinZip 21.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410B}) (Version: 21.0.12288 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2502126243-2453895596-2800589288-1004_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Carl Russell\AppData\Local\Citrix\GoToMeeting\6634\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2502126243-2453895596-2800589288-1004_Classes\CLSID\{A03A51A2-5B59-4ECE-96D1-037F7F2A0D8F}\localserver32 -> C:\Users\Carl Russell\AppData\Local\SkypePlugin\7.29.0.73\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2502126243-2453895596-2800589288-1004_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-2502126243-2453895596-2800589288-1004_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Carl Russell\AppData\Local\SkypePlugin\7.29.0.73\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2502126243-2453895596-2800589288-1004_Classes\CLSID\{FE0A3EA9-4DDA-4B0A-9981-5ABE8F0186CD}\InprocServer32 -> C:\Users\Carl Russell\AppData\Local\SkypePlugin\7.29.0.73\GatewayActiveX-x64.dll (Skype Technologies S.A.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {030F5BC3-5286-4FBB-8907-A5465D903D5B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-02] (AVAST Software)
Task: {0F5C9BAE-D515-4D85-8A0F-2AA1F261AA28} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2017-04-10] (IObit)
Task: {106AA501-219E-43F2-8546-BCEB4651BC4A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {14C17C21-EF48-49C0-98C0-F0A8C58AEFBB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-28] (Google Inc.)
Task: {15216095-31D6-42D5-A223-D1732B6A5FD7} - System32\Tasks\4Team updater => C:\Program Files (x86)\4Team Corporation\4Team-Updater\4Team-Updater.exe [2014-06-10] ()
Task: {210EE009-6CA3-4954-869E-F14B6BF7FCCF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-19] (Microsoft Corporation)
Task: {2227C2A8-6750-44F6-AD29-E7F32E951715} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-04-01] (Dropbox, Inc.)
Task: {2E51984C-129F-4268-8B55-4813A3E41DAD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {35237C7E-3628-4DF2-9B25-EEC64D617181} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-11] (Adobe Systems Incorporated)
Task: {368314BF-968E-4396-99FF-0173A7D02E4F} - System32\Tasks\Uninstaller_SkipUac_Carl_Russell => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2017-03-29] (IObit)
Task: {380B8BEF-58C3-428C-B51C-808EEEC4427D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-04-10] (Piriform Ltd)
Task: {4360CD0A-9172-40EB-B4F0-802B96030C2B} - System32\Tasks\Driver Booster SkipUAC (Carl Russell) => C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DriverBooster.exe [2017-03-16] (IObit)
Task: {4780BBBF-CD5D-466F-8216-175A22FD5C90} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {4F85B63C-1A34-4943-9599-F41FC3981221} - System32\Tasks\FormatPackage_SkipUac_Carl Russell => C:\Program Files (x86)\iFunSoft\Format Package\FormatPackage.exe
Task: {4FB559C6-150A-42BA-A1BE-17560DF772E1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {554C0289-B1F3-4482-A4CF-66EC0DD62D69} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2016-09-09] (Apple Inc.)
Task: {5C5BCD71-C8F7-4157-9F88-520FF7A1A1DC} - System32\Tasks\G2MUpdateTask-S-1-5-21-2502126243-2453895596-2800589288-1004 => C:\Users\Carl Russell\AppData\Local\Citrix\GoToMeeting\6871\g2mupdate.exe [2017-04-24] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {64475BAA-06A5-481E-9321-ECFA787E9DEC} - System32\Tasks\G2MUploadTask-S-1-5-21-2502126243-2453895596-2800589288-1004 => C:\Users\Carl Russell\AppData\Local\Citrix\GoToMeeting\6871\g2mupload.exe [2017-04-24] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {64D9FD31-4A81-45C9-8065-E5B1DD662070} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {7A99D10C-15D4-4CBB-BFD1-4EC7FB6D47BE} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.3.0\Scheduler.exe [2017-03-10] (IObit)
Task: {7E19B2B2-F39A-48BD-AB75-640B21ED39F3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-04-11] (Microsoft Corporation)
Task: {84B10CA6-76A3-4111-939A-23B4D1E57A43} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {879A349B-065C-43A7-A144-90680326B602} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {92134120-1547-4A38-999E-0BAF7FF1BC9B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-28] (Google Inc.)
Task: {967A8DDD-5966-494D-9791-95471B626623} - System32\Tasks\SafeZone scheduled Autoupdate 1447798629 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {9A2004B8-8A85-4B72-80A4-CB5012FCC882} - \ASC10_SkipUac_Carl Russell -> No File <==== ATTENTION
Task: {9BEB495C-612B-49CD-BE7A-7383C5C885CB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {9EDE7BBB-7195-4968-B0F0-7F74FA7C0BF0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {B77BB33F-A2B2-44EF-82ED-5B274AB020F7} - System32\Tasks\IObitSelfCheckTask => C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe [2016-10-18] (IObit)
Task: {D2E53348-2C90-4871-B174-101D1CD13CB9} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-04-01] (Dropbox, Inc.)
Task: {D9303913-4D1D-43D5-9EBE-1EA5D41A833D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-05-01] (Microsoft Corporation)
Task: {DDF8E0CA-56C5-4D3E-B19C-9BB83A0783D6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-19] (Microsoft Corporation)
Task: {FAD22C94-4CE1-4816-8B20-6512255D832A} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2016-10-22] (WinZip Computing, S.L.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2502126243-2453895596-2800589288-1004.job => C:\Users\Carl Russell\AppData\Local\Citrix\GoToMeeting\6871\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2502126243-2453895596-2800589288-1004.job => C:\Users\Carl Russell\AppData\Local\Citrix\GoToMeeting\6871\g2mupload.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Carl_Russell.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-29 14:01 - 2012-08-28 15:20 - 00313432 _____ () C:\WINDOWS\system32\GManager.exe
2017-03-21 16:55 - 2017-04-17 12:04 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-21 16:55 - 2017-04-17 12:04 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 19:17 - 2016-10-05 19:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-27 21:07 - 2014-08-22 18:10 - 02244912 _____ () C:\WINDOWS\system32\MlPatch.exe
2017-03-18 16:58 - 2017-03-18 16:58 - 00125440 _____ () C:\WINDOWS\System32\HeatCore.dll
2017-04-13 11:08 - 2017-01-15 19:55 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-18 16:58 - 2017-03-18 16:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 16:59 - 2017-03-18 22:30 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-05-01 09:49 - 2017-05-01 09:50 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.675.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-05-01 09:49 - 2017-05-01 09:50 - 00190464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.675.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-05-01 09:49 - 2017-05-01 09:50 - 43012096 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.675.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-05-01 09:49 - 2017-05-01 09:50 - 02451456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.675.0_x64__kzf8qxf38zg5c\skypert.dll
2016-10-27 23:09 - 2016-10-27 23:09 - 00821904 ____N () C:\Windows\System32\SurfaceDTX.exe
2016-01-22 18:13 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-01-22 18:13 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-01-22 18:13 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-01-22 18:13 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-01-22 18:13 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2017-01-04 11:32 - 2017-03-28 17:08 - 00442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2017-01-04 11:32 - 2017-03-28 17:08 - 00210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2017-01-04 11:32 - 2017-03-28 17:08 - 00059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2017-03-08 15:25 - 2017-02-09 22:50 - 00036280 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-04-02 14:57 - 2017-04-02 14:57 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-06-22 11:51 - 2016-06-22 11:51 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-04-02 14:57 - 2017-04-02 14:57 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-04-02 14:56 - 2017-04-02 14:56 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-04-02 14:57 - 2017-04-02 14:57 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-04-14 17:36 - 2016-04-14 17:36 - 00024072 _____ () C:\Program Files (x86)\4Team Corporation\Safe PST Backup\ForTeam.ServiceClient.dll
2016-04-14 17:36 - 2016-04-14 17:36 - 00065024 _____ () C:\Program Files (x86)\4Team Corporation\Safe PST Backup\ForTeam.Settings.dll
2017-05-01 11:21 - 2017-05-01 11:21 - 00165056 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\JitV.dll
2016-04-14 17:36 - 2016-04-14 17:36 - 00910856 _____ () C:\Program Files (x86)\4Team Corporation\Safe PST Backup\System.Data.SQLite.dll
2016-10-05 19:18 - 2016-10-05 19:18 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-05 19:18 - 2016-10-05 19:18 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-09-01 18:13 - 2016-09-01 18:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-04-04 10:44 - 2017-03-28 22:04 - 02187096 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-04-04 10:44 - 2017-03-28 22:04 - 00086360 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll
2017-05-01 11:40 - 2017-04-26 13:59 - 00870720 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2015-12-14 10:42 - 2017-03-28 19:54 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2015-12-14 10:42 - 2017-03-28 19:54 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-14 10:42 - 2017-03-28 19:54 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-14 10:42 - 2017-04-26 14:02 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-05-01 11:40 - 2017-04-26 14:02 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-14 10:42 - 2017-03-28 19:54 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2015-12-14 10:42 - 2017-03-28 19:54 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-05-01 11:40 - 2017-04-26 14:02 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-05-01 11:40 - 2017-04-26 14:02 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-05-01 11:40 - 2017-03-28 19:54 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-05-01 11:40 - 2017-03-28 19:54 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-05-01 11:40 - 2017-03-28 19:54 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-14 10:42 - 2017-03-28 19:56 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-05 15:55 - 2017-04-26 14:02 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-05-01 11:40 - 2017-04-26 14:02 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-05-01 11:40 - 2017-04-26 14:02 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2015-12-14 10:42 - 2017-03-28 19:56 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-05-01 11:40 - 2017-03-28 19:54 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-05-01 11:40 - 2017-03-28 19:56 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-14 10:42 - 2017-03-28 19:56 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-14 10:42 - 2017-04-26 14:02 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-14 10:42 - 2017-03-28 19:56 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-05 15:55 - 2017-04-26 14:02 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-14 10:42 - 2017-03-28 19:56 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-14 10:42 - 2017-03-28 19:56 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-14 10:42 - 2017-03-28 19:56 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-14 10:42 - 2017-03-28 19:56 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-14 10:42 - 2017-03-28 19:56 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2015-12-14 10:42 - 2017-03-28 19:56 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-12-14 10:42 - 2017-03-28 19:56 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-05-01 11:40 - 2017-04-26 14:02 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-05-01 11:40 - 2017-04-26 14:02 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-05 15:55 - 2017-03-28 19:55 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-05-01 11:40 - 2017-04-26 14:02 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-14 10:42 - 2017-04-26 14:02 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-14 10:42 - 2017-03-28 19:56 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-05-01 11:40 - 2017-04-26 14:02 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-14 10:42 - 2017-03-28 19:54 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-05-01 11:40 - 2017-04-26 14:02 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-05-01 11:40 - 2017-04-26 14:02 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-05-01 11:40 - 2017-04-26 14:02 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-05-01 11:40 - 2017-04-26 14:02 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-05-01 11:40 - 2017-04-26 14:02 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-05-01 11:40 - 2017-04-26 14:02 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-05-01 11:40 - 2017-04-26 14:02 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-05-01 11:40 - 2017-04-26 14:02 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2015-12-14 10:42 - 2017-03-28 19:56 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-02-27 15:27 - 2017-04-26 14:02 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-01-24 11:57 - 2017-04-26 14:02 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2016-04-14 10:12 - 2017-04-26 14:02 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-01-24 11:57 - 2017-04-26 14:02 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-24 11:57 - 2017-04-26 14:02 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-24 11:57 - 2017-04-26 14:02 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2015-12-14 10:42 - 2017-03-28 19:56 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-05-01 11:40 - 2017-04-26 14:02 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2016-02-12 11:31 - 2017-04-26 14:02 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-05-01 11:40 - 2017-04-26 14:02 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-05-01 11:40 - 2017-03-28 19:52 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-05-01 11:40 - 2017-04-26 14:02 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-05-01 11:40 - 2017-03-22 13:47 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-05-01 11:40 - 2017-04-26 14:02 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-07-12 13:18 - 2017-04-26 14:02 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-05-01 11:40 - 2017-03-28 20:00 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-05-01 11:40 - 2017-03-28 20:00 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-05-01 11:40 - 2017-04-26 14:02 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-08-05 15:55 - 2017-04-26 14:02 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-05-01 11:40 - 2017-04-26 14:02 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-01-04 11:32 - 2017-03-28 17:09 - 00899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2017-01-04 11:32 - 2017-03-28 17:09 - 00631072 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 07:04 - 2017-05-01 17:13 - 00496034 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 fr.a2dfp.net
0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 atlas.aamedia.ro
0.0.0.0 abcstats.com
0.0.0.0 ad4.abradio.cz
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 www2.a-counter.kiev.ua
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 accuserveadsystem.com
0.0.0.0 www.accuserveadsystem.com
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 app.activetrail.com
0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru
0.0.0.0 cms.ad2click.nl
0.0.0.0 ad2games.com
0.0.0.0 ads.ad2games.com
0.0.0.0 content.ad20.net
0.0.0.0 core.ad20.net

There are 12237 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Carl Russell\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "FAH.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk"
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "TUCCDUtil"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_7C5B14881C6D8DB724CF47F203D86712"
HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"
HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\...\StartupApproved\Run: => "Advanced SystemCare 9"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B308C2B0-FCC7-4031-BE78-BBDF8E7A6270}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{FACEAF52-F580-4430-9C9C-02A87A419061}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E4109C37-1ECE-4CBA-B779-473944A0F217}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe
FirewallRules: [{0984B84E-F60A-4EE4-BEDE-993A70186779}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\AutoUpdate.exe
FirewallRules: [{96909D90-E1E8-40B2-9456-B4F4F7D6BE04}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\AutoUpdate.exe
FirewallRules: [{D5F9D501-BB79-46FC-A2D4-8A209C46112D}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DBDownloader.exe
FirewallRules: [{D70D7BC5-7515-4D70-98FC-3CEE0839C8C8}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DBDownloader.exe
FirewallRules: [{4C7426A7-388F-40EF-94CB-69EF615EB5BE}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DriverBooster.exe
FirewallRules: [{A2A55E96-472D-493F-989F-99C08C895D0D}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DriverBooster.exe
FirewallRules: [{773F1412-0578-4B1D-AC64-B6040EB52423}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{193A5DD8-1F87-44A5-BAC6-A40F5B3F7D77}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{7718D388-E4DA-43CA-8CDD-50D8BB802022}] => (Allow) LPort=5357
FirewallRules: [{24F39F03-1BC7-4D4C-BBD1-419777567AED}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{7737F848-AEE3-4613-B337-BB2164D6EDFF}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{E0ECDA32-31C5-4C8A-89FB-6B926865965D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{160AF9EC-DE36-4F86-A1E7-047E9E027262}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{FD72B72C-2CBD-4848-A5A5-05F920BCAE22}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{0699B839-2186-4733-8470-2D81B78FE868}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0E2CC24C-17BF-42EC-87EF-B2359B62FDB5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FC3670D6-D821-4DA1-A93F-3C2212813C75}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{F0D6B278-5BFB-4D29-AEA4-BD6533AF7D75}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{B29DED25-6EF8-4794-BD89-BE5E097A1E4E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{4DF100AE-5A4D-4CF3-BB67-55068A566C34}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{7CECB217-791C-442D-8FDE-EF20F3A21BD9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{166E605B-59B3-474D-B55A-F7B4EE477AC7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{FEFB4031-C148-495A-BE04-762335526CB0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{91C3CE50-670B-4BE8-B01B-0214EFBDE59F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A2BA3563-6740-4115-8C0E-AD2BC4D839B1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1656C686-A2F2-4F28-A4F9-057720E9B217}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C8495CD8-D865-4DF3-A1BE-F9A7B056A23D}] => (Allow) LPort=1434
FirewallRules: [{F81A0448-99EE-4FEE-A79A-0B6387A1EC0C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A7C26C46-BE24-4D65-8855-3F8A4363F149}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{942B345E-96A8-4001-A330-4ABF5764B898}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A0BDD112-E329-4B9D-A32F-162DB60913AE}] => (Allow) LPort=1434
FirewallRules: [{24927DF6-E0F3-411A-A38C-8B96CBB72083}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{6A5EDA15-504D-4086-8709-2D1FCF1938E6}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{5BAA3622-D315-4F24-B17F-6A55AF1EF816}] => (Allow) C:\Program Files (x86)\ACT\Act for Windows\Act!.exe
FirewallRules: [{7D37452C-BF0E-4B43-99D2-CA1C2DB0994C}] => (Allow) C:\Program Files (x86)\ACT\Act for Windows\ActEmail.exe
FirewallRules: [{4D46EBC8-0F85-4F47-B3BD-C3F53D9377BA}] => (Allow) C:\Program Files (x86)\ACT\Act for Windows\Act15.exe
FirewallRules: [{B803C287-50C7-43C9-8E40-04486F8C2497}] => (Allow) C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe
FirewallRules: [{A518C8B6-9DFF-4600-8013-81A99A3347F8}] => (Allow) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
FirewallRules: [{68A4188A-1E87-4549-AB1E-5F2F541D1F5C}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
FirewallRules: [{6DA88325-624B-4DB7-BB1F-CC470896D72A}] => (Allow) C:\Program Files\Microsoft SQL Server\MSSQL12.ACT7\MSSQL\Binn\sqlservr.exe
FirewallRules: [{6A226CD4-B33A-4786-AAA9-451046B7AC31}] => (Allow) LPort=1434
FirewallRules: [{E6D3E005-4649-42A2-B790-1ED530FF785A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5E2483CC-E118-4D12-BBF8-4101E5EA89FA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1AA58689-4439-473B-A916-D02A5DC209FD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0B7F2132-CCB5-43A6-8489-988F12FEE4BC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5329E5F0-0E83-433F-AC99-821841AFB260}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{27003E20-2969-468D-A7CF-C3C96412D072}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{EDACBAF2-A256-4023-9275-E43C80C353D7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7F575F12-65C6-46E3-9460-11A40ACD66A5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E74480C8-F193-437A-B39D-C87D075BB5BC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{972D6E9A-6F33-4C86-A691-CCD1CC74582D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CEA0D0E4-183A-4C7A-8AED-D43CBCCC65C5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{E45727E9-3718-4139-889E-EEE68E8AC3F9}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

01-05-2017 10:06:38 Scheduled Checkpoint
01-05-2017 17:12:40 Advanced SystemCare 10 restore point
01-05-2017 17:13:11 Removed Blackboard Collaborate Launcher
01-05-2017 17:21:35 Advanced SystemCare 10 restore point

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/01/2017 07:30:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   23 4.7.F.C.E.D.A.0.C.4.E.B.5.E.4.F.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR DESKTOP-NA3AC93.local.

Error: (05/01/2017 07:30:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:F4E5:BE4C:0ADE:CF74:5353   25 4.7.F.C.E.D.A.0.C.4.E.B.5.E.4.F.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR DESKTOP-NA3AC93-2.local.

Error: (05/01/2017 07:30:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   23 1.0.0.127.in-addr.arpa. PTR DESKTOP-NA3AC93.local.

Error: (05/01/2017 07:30:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 127.0.0.1:5353   25 1.0.0.127.in-addr.arpa. PTR DESKTOP-NA3AC93-2.local.

Error: (05/01/2017 05:27:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WINWORD.EXE version 16.0.7967.2139 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2f2c

Start Time: 01d2c2c1af65e23a

Termination Time: 42

Application Path: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

Report Id: 7146c27e-0d55-4920-99cc-f4199661f8ea

Faulting package full name:

Faulting package-relative application ID:

Error: (05/01/2017 05:24:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\bin\ia64\pgosweep.exe".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/01/2017 05:24:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\bin\ia64\pgomgr.exe".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/01/2017 05:24:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\bin\ia64\pgocvt.exe".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/01/2017 05:24:03 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
The manifest file root element must be assembly.

Error: (05/01/2017 05:20:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\bin\ia64\pgosweep.exe".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (05/01/2017 07:30:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/01/2017 07:30:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/01/2017 05:33:47 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NA3AC93)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (05/01/2017 05:00:54 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-NA3AC93)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 and APPID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user DESKTOP-NA3AC93\Carl Russell SID (S-1-5-21-2502126243-2453895596-2800589288-1004) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/01/2017 04:03:57 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-NA3AC93)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 and APPID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user DESKTOP-NA3AC93\Carl Russell SID (S-1-5-21-2502126243-2453895596-2800589288-1004) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/01/2017 04:03:11 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-NA3AC93)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user DESKTOP-NA3AC93\Carl Russell SID (S-1-5-21-2502126243-2453895596-2800589288-1004) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (05/01/2017 04:03:11 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-NA3AC93)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user DESKTOP-NA3AC93\Carl Russell SID (S-1-5-21-2502126243-2453895596-2800589288-1004) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (05/01/2017 04:02:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/01/2017 04:02:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/01/2017 04:01:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.


CodeIntegrity:
===================================
  Date: 2017-04-13 11:39:17.325
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-04-13 11:39:17.055
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-04-13 11:27:18.812
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-04-13 11:26:06.152
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-04-13 11:26:05.158
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-04-13 11:25:58.051
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-04-13 11:25:55.981
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-04-13 11:25:55.140
  Des


#2 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,038 posts

Posted 04 May 2017 - 07:12 AM

Hello Carlgrus.
Welcome to SpywareInfo Forum.
I'm Android 8888 and I'll be helping you with your computer's malware issues. Please ask questions if anything is unclear.

 

First, I apologize for the delay.
 

You did not posted the FRST.txt log produced by Farbar tool. It should be located in the same folder as the executable FRST file and Addition.txt which in your case is C:\Users\Carl Russell\Downloads

Please copy and paste the entire contents of that log in your next reply for my review and note any errors encountered.

 

Thank you.

 

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#3 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 04 May 2017 - 09:43 AM

Hello Android 8888;  Thank you for your help, and sorry I didn't post FRST.txt.  But I ran it again and here it is below.  And no errors were noted.  Carl

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-05-2017 01
Ran by Carl Russell (administrator) on DESKTOP-NA3AC93 (04-05-2017 11:39:41)
Running from C:\Users\Carl Russell\Downloads
Loaded Profiles: Carl Russell (Available Profiles: Carl Russell)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft) C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1251\g2ax_service.exe
() C:\Windows\System32\GManager.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Windows\System32\mlpatch.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.ACT7\MSSQL\Binn\sqlservr.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Windows\System32\SurfaceDtxService.exe
(Microsoft Corporation) C:\Windows\System32\SurfaceUsbHubFwUpdateService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1251\g2ax_comm_customer.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1251\g2ax_system_customer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1251\g2ax_user_customer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Windows\System32\SurfaceDTX.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Dashlane, Inc.) C:\Users\Carl Russell\AppData\Roaming\Dashlane\Dashlane.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(4Team Corporation) C:\Program Files (x86)\4Team Corporation\Safe PST Backup\SafePSTBackup.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
(Dashlane, Inc.) C:\Users\Carl Russell\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Swiftpage ACT! LLC) C:\Program Files (x86)\ACT\Act for Windows\Act!.Integration.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.675.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Swiftpage ACT! LLC) C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\SurfaceService.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(Swiftpage ACT! LLC) C:\Program Files (x86)\ACT\Act for Windows\Act!.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [SurfaceDTX.exe] => C:\WINDOWS\System32\SurfaceDTX.exe [821904 2016-10-27] ()
HKLM\...\Run: [TUCCDUtil] => C:\Program Files (x86)\Mct Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe [1895120 2016-02-19] (Magic Control Technology Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-10-28] (Apple Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2414520 2017-02-09] (NVIDIA Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-02] (AVAST Software)
HKLM-x32\...\Run: [Act.Outlook.Service] => C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe [18944 2016-04-07] (Swiftpage ACT! LLC)
HKLM-x32\...\Run: [Act! Preloader] => C:\Program Files (x86)\ACT\Act for Windows\Act!.exe [301008 2016-04-07] (Swiftpage ACT! LLC)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5296416 2017-04-11] (IObit)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28432392 2017-05-01] (Dropbox, Inc.)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1251\g2ax_winlogonx64.dll (Citrix Systems, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\...\Run: [Dashlane] => C:\Users\Carl Russell\AppData\Roaming\Dashlane\Dashlane.exe [505296 2017-04-21] (Dashlane, Inc.)
HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\...\Run: [Safe PST Backup] => C:\Program Files (x86)\4Team Corporation\Safe PST Backup\SafePSTBackup.exe [5105656 2016-04-14] (4Team Corporation)
HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9532120 2017-04-10] (Piriform Ltd)
HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-09-09] (Apple Inc.)
HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\...\Run: [DashlanePlugin] => C:\Users\Carl Russell\AppData\Roaming\Dashlane\DashlanePlugin.exe [552400 2017-04-21] (Dashlane, Inc.)
HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\...\Run: [GoogleChromeAutoLaunch_6D133E8E7172CE845EF6EAC947B0E399] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941912 2017-03-28] (Google Inc.)
HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [37376 2017-03-18] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-02] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-02] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Act! Integration.lnk [2016-01-19]
ShortcutTarget: Act! Integration.lnk -> C:\Program Files (x86)\ACT\Act for Windows\Act!.Integration.exe (Swiftpage ACT! LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2016-11-18]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-11-18]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\Carl Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-10-28]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.75.1
Tcpip\..\Interfaces\{6bf6026b-c085-487e-9c53-e235445b9cdc}: [DhcpNameServer] 192.168.75.1
Tcpip\..\Interfaces\{ebcf63c7-543a-49e8-8cba-242ab48dd3b4}: [DhcpNameServer] 192.168.75.1
Tcpip\..\Interfaces\{efa17ca0-407c-4df7-b191-41aad6a9444b}: [DhcpNameServer] 192.168.75.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SL5H&ocid=SL5HDHP&osmkt=en-us
HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.com/?trackid=sp-006
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll [2010-04-13] (TechSmith Corporation)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-03-28] (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-01] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-01] (Microsoft Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [2010-04-13] (TechSmith Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-04-08] (Intel Security)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Carl Russell\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2017-04-21] (Dashlane, Inc.)
BHO-x32: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile -> {D5233FCD-D258-4903-89B8-FB1568E7413D} -> C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Carl Russell\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2017-04-21] (Dashlane, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-01] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2502126243-2453895596-2800589288-1004 -> hxxp://www.bing.com/

FireFox:
========
FF DefaultProfile: crussell@hpearce.com
FF ProfilePath: C:\Users\Carl Russell\AppData\Roaming\Mozilla\Firefox\Profiles\yyclqesd.default-1447192209595 [2017-05-04]
FF user.js: detected! => C:\Users\Carl Russell\AppData\Roaming\Mozilla\Firefox\Profiles\yyclqesd.default-1447192209595\user.js [2016-12-19]
FF NewTab: Mozilla\Firefox\Profiles\yyclqesd.default-1447192209595 -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\yyclqesd.default-1447192209595 -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\yyclqesd.default-1447192209595 -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\yyclqesd.default-1447192209595 -> Google
FF Homepage: Mozilla\Firefox\Profiles\yyclqesd.default-1447192209595 -> hxxps://my.yahoo.com/?mkg=015
FF Extension: (iCloud Bookmarks) - C:\Users\Carl Russell\AppData\Roaming\Mozilla\Firefox\Profiles\yyclqesd.default-1447192209595\Extensions\firefoxdav@icloud.com [2016-10-19]
FF Extension: (Dashlane) - C:\Users\Carl Russell\AppData\Roaming\Mozilla\Firefox\Profiles\yyclqesd.default-1447192209595\Extensions\jetpack-extension@dashlane.com.xpi [2017-05-04]
FF Extension: (Adblock Plus) - C:\Users\Carl Russell\AppData\Roaming\Mozilla\Firefox\Profiles\yyclqesd.default-1447192209595\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-28]
FF Extension: (Shield Recipe Client) - C:\Users\Carl Russell\AppData\Roaming\Mozilla\Firefox\Profiles\yyclqesd.default-1447192209595\features\{7b1e15a0-fdb1-49b6-8ba7-e4100ec9c1b6}\shield-recipe-client@mozilla.org.xpi [2017-05-03]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-04-02]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-04-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-11] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2502126243-2453895596-2800589288-1004: @citrixonline.com/appdetectorplugin -> C:\Users\Carl Russell\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-30] (Citrix Online)
FF Plugin HKU\S-1-5-21-2502126243-2453895596-2800589288-1004: SkypePlugin -> C:\Users\Carl Russell\AppData\Local\SkypePlugin\7.29.0.73\npGatewayNpapi.dll [2016-12-08] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-2502126243-2453895596-2800589288-1004: SkypePlugin64 -> C:\Users\Carl Russell\AppData\Local\SkypePlugin\7.29.0.73\npGatewayNpapi-x64.dll [2016-12-08] (Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: C:\Users\Carl Russell\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-01-19] (Cisco WebEx LLC)

Chrome:
=======
CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_iobitfs_16_08&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0ByC0A0EtB0B0CtByEtByBzzyCtAtC0EtN0D0Tzu0StCyDtCyCtN1L2XzutAtFtCzztFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0Fzz0AtDtDyEyDtGtA0CyEyEtGzz0Azz0CtGyBtCzz0DtGyE0C0C0AyDtC0BtAtB0B0FyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0F0Dzz0D0AtAtDtGzztAzztBtGyEzy0D0EtGzy0DyCtBtGtC0CyE0AyD0CzyyEtDzy0EyC2QtN0A0LzutB%26cr%3D1285156308%26a%3Dwncy_iobitfs_16_08%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
CHR DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_iobitfs_16_08&param1=1&param2=f%3D4%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0ByC0A0EtB0B0CtByEtByBzzyCtAtC0EtN0D0Tzu0StCyDtCyCtN1L2XzutAtFtCzztFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0Fzz0AtDtDyEyDtGtA0CyEyEtGzz0Azz0CtGyBtCzz0DtGyE0C0C0AyDtC0BtAtB0B0FyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0F0Dzz0D0AtAtDtGzztAzztBtGyEzy0D0EtGzy0DyCtBtGtC0CyE0AyD0CzyyEtDzy0EyC2QtN0A0LzutB%26cr%3D1285156308%26a%3Dwncy_iobitfs_16_08%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
CHR DefaultSearchKeyword: Default -> search provided by yahoo.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Carl Russell\AppData\Local\Google\Chrome\User Data\Default [2017-05-04]
CHR Extension: (Google Docs) - C:\Users\Carl Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-28]
CHR Extension: (Avast Online Security (BETA)) - C:\Users\Carl Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2017-05-03]
CHR Extension: (Adobe Acrobat) - C:\Users\Carl Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-06]
CHR Extension: (Avast SafePrice) - C:\Users\Carl Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-03-18]
CHR Extension: (Dashlane Secure Password Manager) - C:\Users\Carl Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2017-04-25]
CHR Extension: (Avast Online Security) - C:\Users\Carl Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-04-06]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Carl Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-04-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Carl Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (RocketReach) - C:\Users\Carl Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiecklaabeielolbliiddlbokpfnmhba [2017-02-23]
CHR Extension: (Gmail) - C:\Users\Carl Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-28]
CHR Extension: (Chrome Media Router) - C:\Users\Carl Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-06]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Act! Scheduler; C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe [90112 2016-04-07] (Swiftpage ACT! LLC) [File not signed]
S3 ActService; C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [27136 2016-04-07] (Microsoft) [File not signed]
R2 ActSmartTaskService; C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [27136 2016-04-07] (Microsoft) [File not signed]
R2 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [462624 2017-03-21] (IObit)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-02] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-02] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [310496 2017-04-02] (AVAST Software)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [263168 2013-07-03] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3801280 2017-04-19] (Microsoft Corporation)
S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [465912 2016-07-14] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-03] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-03] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [48944 2017-05-01] (Dropbox, Inc.)
R2 GManager; C:\WINDOWS\system32\GManager.exe [313432 2012-08-28] ()
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1251\g2ax_service.exe [607240 2017-02-15] (Citrix Systems, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)
S2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [391168 2016-07-14] (Intel Corporation)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1764640 2017-04-11] (IObit)
S3 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3020440 2015-11-25] (Intel® Corporation)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2017-03-28] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MlPatch; C:\WINDOWS\system32\MlPatch.exe [2244912 2014-08-22] ()
R2 MSSQL$ACT7; C:\Program Files\Microsoft SQL Server\MSSQL12.ACT7\MSSQL\Binn\sqlservr.exe [370368 2016-05-27] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2017-01-15] (NVIDIA Corporation)
R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [252344 2012-06-15] (arvato digital services llc)
S3 SafePSTShadowCopy; C:\Program Files (x86)\4Team Corporation\SafePSTBackup Shadow Copy Service\SafePST.ShadowCopySvc.exe [15880 2016-04-14] (4Team)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
S2 SQLAgent$ACT7; C:\Program Files\Microsoft SQL Server\MSSQL12.ACT7\MSSQL\Binn\SQLAGENT.EXE [613056 2016-05-27] (Microsoft Corporation)
R2 SurfaceDtxService; C:\WINDOWS\system32\SurfaceDtxService.exe [94856 2016-10-27] (Microsoft Corporation)
R2 SurfaceService; C:\WINDOWS\system32\SurfaceService.exe [767760 2017-02-09] (Microsoft Corporation)
R2 SurfaceUsbHubFwUpdateService; C:\WINDOWS\System32\SurfaceUsbHubFwUpdateService.exe [951056 2017-02-09] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10888944 2017-04-25] (TeamViewer GmbH)
S3 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [868592 2016-03-31] (McAfee, Inc.)
S3 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-03-31] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-03-31] (McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [307736 2017-04-02] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-04-02] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334088 2017-04-02] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-04-02] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-04-02] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-04-02] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-04-28] (AVAST Software)
R1 aswNetSec; C:\WINDOWS\system32\drivers\aswNetSec.sys [507416 2017-04-25] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-04-02] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-04-02] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1005048 2017-04-02] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [556784 2017-04-28] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [164064 2017-04-02] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-04-02] (AVAST Software)
R3 CSI2HostControllerDriver; C:\WINDOWS\System32\drivers\CSI2HostControllerDriver.sys [125456 2016-07-16] (Intel® Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-04-17] ()
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-31] (REALiX™)
R3 iacamera64; C:\WINDOWS\system32\DRIVERS\iacamera64.sys [2133520 2016-07-16] (Intel® Corporation)
S3 iaLPSS2_SPI; C:\WINDOWS\System32\drivers\iaLPSS2_SPI.sys [152360 2015-09-03] (Intel Corporation)
S3 iaLPSS2_UART2; C:\WINDOWS\System32\drivers\iaLPSS2_UART2.sys [281896 2015-09-03] (Intel Corporation)
R1 IMFCameraProtect; C:\WINDOWS\system32\drivers\IMFCameraProtect.sys [44096 2017-03-29] (IObit.com)
R3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFDownProtect.sys [39288 2017-03-08] (IObit.com)
S3 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win10_amd64\IMFFilter.sys [40440 2017-02-17] (IObit)
R3 IMFForceDelete; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFForceDelete.sys [33600 2017-02-17] (IObit.com)
R3 IntcAudioBus; C:\WINDOWS\System32\drivers\IntcAudioBus.sys [246344 2017-04-24] (Intel® Corporation)
R3 IntcOED; C:\WINDOWS\System32\drivers\IntcOED.sys [750152 2017-04-24] (Intel® Corporation)
R3 IntTouch; C:\WINDOWS\System32\drivers\iaPreciseTouch.sys [769072 2017-04-05] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-04-07] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-05-04] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-05-04] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251832 2017-05-04] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92096 2017-05-04] (Malwarebytes)
R3 mctkmd; C:\WINDOWS\system32\drivers\mctkmd64.sys [172752 2016-02-03] (Magic Control Technology Corporation)
R0 mctkmdldr; C:\WINDOWS\System32\drivers\mctkmdldr64.sys [19584 2011-04-08] (Magic Control Technology Corporation)
R3 mrvlpcie8897; C:\WINDOWS\System32\drivers\mrvlpcie8897.sys [1036288 2017-03-18] (Marvell Semiconductors Inc.)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2015-11-05] (Apple Inc.) [File not signed]
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvmso.inf_amd64_98dc755eff368925\nvlddmkm.sys [14248888 2017-02-09] (NVIDIA Corporation)
R3 ov5693; C:\WINDOWS\System32\drivers\ov5693.sys [164880 2016-07-16] (Intel® Corporation)
R3 ov7251; C:\WINDOWS\System32\drivers\ov7251.sys [156176 2016-07-16] (Intel Corporation)
R3 ov8865; C:\WINDOWS\System32\drivers\ov8865.sys [162320 2016-07-16] (Intel Corporation)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\regfilter.sys [52792 2017-02-17] (IObit.com)
S4 RsFx0301; C:\WINDOWS\System32\DRIVERS\RsFx0301.sys [249024 2016-05-27] (Microsoft Corporation)
R3 rtux64w10; C:\WINDOWS\System32\drivers\rtux64w10.sys [375296 2017-01-17] (Realtek                                                                )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SkcController; C:\WINDOWS\System32\drivers\SkcController.sys [125952 2017-02-21] (Intel® Corporation)
R3 supportdriver; C:\WINDOWS\System32\drivers\iaisp64.sys [52752 2016-07-16] (Intel® Corporation)
R3 SurfaceBaseIntegration; C:\WINDOWS\System32\drivers\SurfaceBaseIntegration.sys [59448 2015-09-09] (Microsoft Corporation)
R3 SurfaceButton; C:\WINDOWS\System32\drivers\SurfaceButton.sys [128144 2016-06-28] (Microsoft Corporation)
R3 SurfaceDigitizerIntegration; C:\WINDOWS\System32\drivers\SurfaceDigitizerIntegration.sys [58504 2015-09-09] (Microsoft Corporation)
R3 SurfaceDisplayCalibration; C:\WINDOWS\System32\drivers\SurfaceDisplayCalibration.sys [51344 2015-11-21] (Microsoft Corporation)
R3 SurfaceIntegrationDriver; C:\WINDOWS\System32\drivers\SurfaceIntegrationDriver.sys [103688 2017-04-05] (Microsoft Corporation)
S3 SurfacePenClickFilter; C:\WINDOWS\System32\drivers\SurfacePenClickFilter.sys [56984 2015-09-09] (Microsoft Corporation)
R3 SurfacePenDriver; C:\WINDOWS\System32\drivers\SurfacePenDriver.sys [115592 2016-07-14] (Microsoft Corporation)
S3 SurfacePenIntegration; C:\WINDOWS\System32\drivers\SurfacePenIntegration.sys [61464 2015-09-09] (Microsoft Corporation)
R3 SurfaceStorageFwUpdate; C:\WINDOWS\System32\drivers\SurfaceStorageFwUpdate.sys [2822280 2015-10-27] (Microsoft Corporation)
R3 SurfaceSystemTelemetryDriver; C:\WINDOWS\System32\drivers\SurfaceSystemTelemetryDriver.sys [64000 2015-09-09] (Microsoft Corporation)
R3 SurfaceTouchServicingML; C:\WINDOWS\System32\drivers\SurfaceTouchServicingML.sys [77584 2016-06-28] (Microsoft Corporation)
R0 SurfaceUsbHubFwUpdate; C:\WINDOWS\System32\drivers\SurfaceUsbHubFwUpdate.sys [80144 2017-02-09] (Microsoft Corporation)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-04 11:33 - 2017-05-04 11:33 - 00000000 ____D C:\Users\Carl Russell\Downloads\FRST-OlderVersion
2017-05-04 11:09 - 2017-05-04 11:09 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-05-04 11:02 - 2017-05-04 11:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-05-03 17:24 - 2017-05-03 17:24 - 00016742 _____ C:\Users\Carl Russell\Documents\cc_20170503_172438.reg
2017-05-03 17:06 - 2017-05-03 17:06 - 00003142 _____ C:\WINDOWS\System32\Tasks\ASC10_PerformanceMonitor
2017-05-03 17:04 - 2017-05-03 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2017-05-03 17:03 - 2017-05-03 17:03 - 39658392 _____ (IObit ) C:\Users\Carl Russell\Downloads\advanced-systemcare-setup(8).exe
2017-05-03 16:03 - 2017-05-03 16:03 - 00000000 ____D C:\Users\Carl Russell\AppData\Roaming\Dropbox
2017-05-03 16:02 - 2017-05-04 11:05 - 00000952 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-05-03 16:02 - 2017-05-04 11:05 - 00000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-05-03 16:02 - 2017-05-04 11:02 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-05-03 16:02 - 2017-05-04 10:50 - 00000000 ____D C:\Users\Carl Russell\AppData\Local\Dropbox
2017-05-03 16:02 - 2017-05-03 16:02 - 00690080 _____ (Dropbox, Inc.) C:\Users\Carl Russell\Downloads\DropboxInstaller(3).exe
2017-05-03 16:02 - 2017-05-03 16:02 - 00004012 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-05-03 16:02 - 2017-05-03 16:02 - 00003780 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-05-03 16:02 - 2017-05-03 16:02 - 00000000 ____D C:\ProgramData\Dropbox
2017-05-01 21:20 - 2017-05-01 21:20 - 00003172 _____ C:\Users\Carl Russell\Desktop\eset.txt
2017-05-01 20:06 - 2017-05-01 20:06 - 06752896 _____ (ESET spol. s r.o.) C:\Users\Carl Russell\Downloads\esetonlinescanner_enu.exe
2017-05-01 20:06 - 2017-05-01 20:06 - 00000000 ____D C:\Users\Carl Russell\AppData\Local\ESET
2017-05-01 19:53 - 2017-05-01 19:53 - 00899584 _____ C:\Users\Carl Russell\Downloads\RGSA.exe
2017-05-01 19:49 - 2017-05-01 19:49 - 00061762 _____ C:\Users\Carl Russell\Desktop\Addition.txt
2017-05-01 19:47 - 2017-05-04 11:36 - 00059900 _____ C:\Users\Carl Russell\Downloads\Addition.txt
2017-05-01 19:46 - 2017-05-04 11:39 - 00039949 _____ C:\Users\Carl Russell\Downloads\FRST.txt
2017-05-01 19:46 - 2017-05-04 11:39 - 00000000 ____D C:\FRST
2017-05-01 19:43 - 2017-05-04 11:33 - 02428928 _____ (Farbar) C:\Users\Carl Russell\Downloads\FRST64.exe
2017-05-01 19:40 - 2017-05-01 19:40 - 00001101 _____ C:\Users\Carl Russell\Desktop\MBAM file.txt
2017-05-01 17:13 - 2017-05-01 17:13 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2017-05-01 17:06 - 2017-05-01 17:07 - 39658392 _____ (IObit ) C:\Users\Carl Russell\Downloads\advanced-systemcare-setup(7).exe
2017-05-01 17:06 - 2017-05-01 17:06 - 41773432 _____ (IObit ) C:\Users\Carl Russell\Downloads\IObit-Malware-Fighter-Setup(5).exe
2017-05-01 17:02 - 2017-05-01 17:03 - 39658392 _____ (IObit ) C:\Users\Carl Russell\Downloads\advanced-systemcare-setup(6).exe
2017-05-01 16:04 - 2017-05-03 10:48 - 00000000 _____ C:\Users\Carl Russell\AppData\LocalLow\rightsCheck_1.txt
2017-05-01 15:18 - 2017-04-19 03:14 - 08321440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-01 15:18 - 2017-04-19 03:06 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-05-01 15:18 - 2017-04-19 03:06 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-01 15:18 - 2017-04-19 03:02 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-01 15:18 - 2017-04-19 03:02 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-05-01 15:18 - 2017-04-19 02:34 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-01 15:18 - 2017-04-19 02:19 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-05-01 15:18 - 2017-04-19 02:18 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-05-01 15:18 - 2017-04-19 02:17 - 23680512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-01 15:18 - 2017-04-19 02:14 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-01 15:18 - 2017-04-19 02:13 - 00980992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-05-01 15:18 - 2017-04-19 02:13 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-05-01 15:18 - 2017-04-19 02:12 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-01 15:18 - 2017-04-19 02:12 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-05-01 15:18 - 2017-04-19 02:10 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-01 15:18 - 2017-04-19 02:09 - 08246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-01 15:18 - 2017-04-19 02:08 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-05-01 15:18 - 2017-04-19 02:07 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-01 15:18 - 2017-04-19 02:07 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-05-01 15:18 - 2017-04-19 02:02 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-01 15:18 - 2017-04-19 02:02 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-05-01 15:18 - 2017-04-19 01:58 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-05-01 15:18 - 2017-04-19 01:58 - 06761048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-05-01 15:18 - 2017-04-19 01:44 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-05-01 15:18 - 2017-04-19 01:41 - 20506112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-05-01 15:18 - 2017-04-19 01:41 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-01 15:18 - 2017-04-19 01:37 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-01 15:18 - 2017-04-19 01:37 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-05-01 15:18 - 2017-04-19 01:36 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-05-01 15:18 - 2017-04-19 01:35 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-05-01 15:18 - 2017-04-19 01:34 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-05-01 15:18 - 2017-04-19 01:34 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-01 15:18 - 2017-04-19 01:34 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-05-01 15:18 - 2017-04-19 01:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-05-01 15:18 - 2017-04-19 01:33 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-01 15:18 - 2017-04-19 01:32 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-05-01 15:18 - 2017-04-19 01:32 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-05-01 15:18 - 2017-04-19 01:30 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-05-01 15:18 - 2017-04-19 01:30 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-05-01 15:18 - 2017-04-19 01:30 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-01 15:18 - 2017-04-19 01:30 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-05-01 15:18 - 2017-04-19 01:29 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-05-01 15:18 - 2017-04-19 01:29 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-05-01 15:18 - 2017-04-19 01:28 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-05-01 15:18 - 2017-04-19 01:28 - 01627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-01 15:18 - 2017-04-19 01:24 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-01 15:18 - 2017-04-13 19:43 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-05-01 15:18 - 2017-04-13 19:43 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-05-01 15:18 - 2017-04-13 19:41 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-05-01 15:18 - 2017-04-13 19:40 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-05-01 15:18 - 2017-04-13 19:39 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-05-01 15:18 - 2017-04-13 19:38 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-05-01 15:18 - 2017-04-13 19:37 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-05-01 15:18 - 2017-04-13 19:35 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-05-01 15:18 - 2017-04-13 19:35 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-01 15:18 - 2017-04-13 19:33 - 01074688 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-01 15:18 - 2017-04-13 19:32 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-01 15:18 - 2017-04-13 19:31 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-05-01 15:18 - 2017-04-13 19:26 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-05-01 15:18 - 2017-04-13 19:25 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-05-01 15:18 - 2017-04-13 19:21 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-05-01 15:18 - 2017-04-13 19:21 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-05-01 15:18 - 2017-04-13 19:18 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-05-01 15:18 - 2017-04-13 19:18 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-05-01 15:18 - 2017-04-13 19:15 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-05-01 15:18 - 2017-04-13 19:15 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-05-01 15:18 - 2017-04-13 19:13 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-01 15:18 - 2017-04-13 19:13 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-05-01 15:18 - 2017-04-13 19:13 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-05-01 15:18 - 2017-04-13 19:11 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-05-01 15:18 - 2017-04-13 19:09 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-01 15:18 - 2017-04-13 19:06 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-05-01 15:18 - 2017-04-13 19:04 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-05-01 15:18 - 2017-04-13 19:01 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-05-01 15:17 - 2017-04-19 03:07 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-05-01 15:17 - 2017-04-19 03:06 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-01 15:17 - 2017-04-19 03:04 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-05-01 15:17 - 2017-04-19 03:03 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-05-01 15:17 - 2017-04-19 02:59 - 00387416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-01 15:17 - 2017-04-19 02:22 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-01 15:17 - 2017-04-19 02:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-01 15:17 - 2017-04-19 02:16 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-01 15:17 - 2017-04-19 02:16 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-05-01 15:17 - 2017-04-19 02:15 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-05-01 15:17 - 2017-04-19 02:14 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-05-01 15:17 - 2017-04-19 02:14 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-01 15:17 - 2017-04-19 02:13 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-01 15:17 - 2017-04-19 02:12 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-01 15:17 - 2017-04-19 02:11 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-01 15:17 - 2017-04-19 02:11 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-01 15:17 - 2017-04-19 02:11 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-01 15:17 - 2017-04-19 02:11 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-01 15:17 - 2017-04-19 02:11 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-05-01 15:17 - 2017-04-19 02:10 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-05-01 15:17 - 2017-04-19 02:10 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-05-01 15:17 - 2017-04-19 02:10 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-05-01 15:17 - 2017-04-19 02:08 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-01 15:17 - 2017-04-19 02:07 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-01 15:17 - 2017-04-19 02:07 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-01 15:17 - 2017-04-19 02:07 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-05-01 15:17 - 2017-04-19 02:06 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-05-01 15:17 - 2017-04-19 02:05 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-05-01 15:17 - 2017-04-19 02:05 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-01 15:17 - 2017-04-19 02:04 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-05-01 15:17 - 2017-04-19 02:04 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-05-01 15:17 - 2017-04-19 02:01 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-05-01 15:17 - 2017-04-19 01:59 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-01 15:17 - 2017-04-19 01:59 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-05-01 15:17 - 2017-04-19 01:37 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-05-01 15:17 - 2017-04-19 01:36 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-01 15:17 - 2017-04-19 01:33 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-01 15:17 - 2017-04-13 20:39 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-05-01 15:17 - 2017-04-13 20:37 - 00206232 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-01 15:17 - 2017-04-13 20:35 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-05-01 15:17 - 2017-04-13 20:35 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-05-01 15:17 - 2017-04-13 20:35 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-05-01 15:17 - 2017-04-13 20:33 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-05-01 15:17 - 2017-04-13 20:32 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-05-01 15:17 - 2017-04-13 20:32 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-05-01 15:17 - 2017-04-13 20:30 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-05-01 15:17 - 2017-04-13 20:25 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-05-01 15:17 - 2017-04-13 20:25 - 01452960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-05-01 15:17 - 2017-04-13 19:41 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-05-01 15:17 - 2017-04-13 19:39 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-05-01 15:17 - 2017-04-13 19:39 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-05-01 15:17 - 2017-04-13 19:39 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-05-01 15:17 - 2017-04-13 19:39 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-05-01 15:17 - 2017-04-13 19:38 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-05-01 15:17 - 2017-04-13 19:38 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-05-01 15:17 - 2017-04-13 19:38 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-01 15:17 - 2017-04-13 19:37 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-05-01 15:17 - 2017-04-13 19:37 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-05-01 15:17 - 2017-04-13 19:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-01 15:17 - 2017-04-13 19:37 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-05-01 15:17 - 2017-04-13 19:36 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-05-01 15:17 - 2017-04-13 19:36 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-05-01 15:17 - 2017-04-13 19:36 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-01 15:17 - 2017-04-13 19:35 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-01 15:17 - 2017-04-13 19:35 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-01 15:17 - 2017-04-13 19:35 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-01 15:17 - 2017-04-13 19:34 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-05-01 15:17 - 2017-04-13 19:34 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-05-01 15:17 - 2017-04-13 19:33 - 01885696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-01 15:17 - 2017-04-13 19:33 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-05-01 15:17 - 2017-04-13 19:33 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-05-01 15:17 - 2017-04-13 19:32 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-01 15:17 - 2017-04-13 19:31 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-01 15:17 - 2017-04-13 19:31 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-05-01 15:17 - 2017-04-13 19:30 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-05-01 15:17 - 2017-04-13 19:29 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-05-01 15:17 - 2017-04-13 19:29 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-01 15:17 - 2017-04-13 19:29 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-05-01 15:17 - 2017-04-13 19:29 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-05-01 15:17 - 2017-04-13 19:29 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-05-01 15:17 - 2017-04-13 19:28 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-01 15:17 - 2017-04-13 19:24 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-05-01 15:17 - 2017-04-13 19:15 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-01 15:17 - 2017-04-13 19:13 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-01 15:17 - 2017-04-13 19:12 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-01 15:17 - 2017-04-13 19:08 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-01 11:39 - 2017-05-01 11:39 - 00690080 _____ (Dropbox, Inc.) C:\Users\Carl Russell\Downloads\DropboxInstaller(2).exe
2017-05-01 11:33 - 2017-05-01 11:33 - 00690080 _____ (Dropbox, Inc.) C:\Users\Carl Russell\Downloads\DropboxInstaller(1).exe
2017-05-01 11:26 - 2017-05-01 11:26 - 00002234 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-05-01 11:26 - 2017-05-01 11:26 - 00002234 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-05-01 11:26 - 2017-05-01 11:26 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2017-05-01 11:22 - 2017-05-01 11:22 - 00002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-05-01 11:22 - 2017-05-01 11:22 - 00002499 _____ C:\ProgramData\Microsoft\Windows\Star


#4 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,038 posts

Posted 04 May 2017 - 05:16 PM

Hello Carlgrus.


First we will check for and clean malware from your computer and then we will be able to treat the freeze issues.
 

I see you have Team Viewer installed. This is a remote access program, and is a potential risk if unneeded or unused. If not needed, I would recommend uninstalling it. If you decide to keep it, be sure you have a strong password of at least 8 characters (more is better), including at least one lower case letter, one upper case letter, at least one number, and at least one special character (upper case on the number keys).


Driver Booster program is part of the worst programs you can install on a system. When it comes to messing up your system (Windows), these are as worst as malware. They are completely worthless and useless to use. The worst is that they'll often take action on your system without you knowing, nor authorizing it, which could lead to your system being altered in a way you don't want it to be or even worst, a unbootable system. Every feature they provide, you can either do it natively under Windows, do it via another standalone executable (which is way easier and safer to use) or they aren't providing something you need.

Below you have relevant articles if you want to read more about PC Boosters/Optimizers and why they are useless:

How to Optimize and Tune-Up Your PC Without Paying an Eletronics Store
10 Types of System Tools and Optimization Programs You Don't Need on Windows
PC Cleaning Apps are a Scam: Here's Why (and How to Speed Up Your PC)


I noticed that you have IObit Malware Fighter 5 installed on your system. Since you already have installed an excellent and extremely comprehensive anti-malware tool -- Malwarebytes Premium version -- that provides optimal protection (Anti-Malware, Anti-Exploit, Anti-Ransomware, Website Protection) to your computer it is completely useless to have Malware Fighter installed. I strongly suggest you uninstall IObit Malware Fighter.

If you have an issue when uninstalling a program, please let me know.


Next,

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Press the Windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.
Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 

Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.com/?trackid=sp-006
FF user.js: detected! => C:\Users\Carl Russell\AppData\Roaming\Mozilla\Firefox\Profiles\yyclqesd.default-1447192209595\user.js [2016-12-19]
FF NewTab: Mozilla\Firefox\Profiles\yyclqesd.default-1447192209595 -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\yyclqesd.default-1447192209595 -> hxxps://my.yahoo.com/?mkg=015
CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_iobitfs_16_08&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0ByC0A0EtB0B0CtByEtByBzzyCtAtC0EtN0D0Tzu0StCyDtCyCtN1L2XzutAtFtCzztFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0Fzz0AtDtDyEyDtGtA0CyEyEtGzz0Azz0CtGyBtCzz0DtGyE0C0C0AyDtC0BtAtB0B0FyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0F0Dzz0D0AtAtDtGzztAzztBtGyEzy0D0EtGzy0DyCtBtGtC0CyE0AyD0CzyyEtDzy0Ey... (long line)
CHR DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_iobitfs_16_08&param1=1&param2=f%3D4%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0ByC0A0EtB0B0CtByEtByBzzyCtAtC0EtN0D0Tzu0StCyDtCyCtN1L2XzutAtFtCzztFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0Fzz0AtDtDyEyDtGtA0CyEyEtGzz0Azz0CtGyBtCzz0DtGyE0C0C0AyDtC0BtAtB0B0FyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0F0Dzz0D0AtAtDtGzztAzztBtGyEzy0D0EtGzy0DyCtBtGtC0CyE0AyD0C... (long line)
CHR Extension: (Avast SafePrice) - C:\Users\Carl Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-03-18]
CHR Extension: (Avast Online Security) - C:\Users\Carl Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-04-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Carl Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Chrome Media Router) - C:\Users\Carl Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-06]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
End

Save the file as fixlist.txt in to the same location as FRST64.
Right-click the FRST64 icon and select Run as administrator to run the tool.
Click the Fix button only once and wait.
When finished FRST will generate a log on the Desktop (fixlog.txt). Please post its entire contents to your next reply.

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.



Next,

Please download Junkware Removal Tool by Malwarebytes and save it to your computer's Desktop.

  • Please close your security software to avoid potential conflicts.
  • Right-click on the icon and select Run as administrator.
  • The tool will open and check for updates. You will see the Disclaimer.
  • Press any key to continue and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.

Please post the contents of JRT.txt into your next reply.


Next,

Please download AdwCleaner by Malwarebytes and save it to your computer's Desktop.

  • Close all open programs and internet browsers.
  • Double-click on the icon to start the tool.
  • Click Yes to accept any security warnings that may appear.
  • Click I Agree on the disclaimer to accept the Terms of Use.
  • Click the Scan button to start the scan and wait for the process to complete.
  • Click the Logfile button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button and follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file in your next reply.
  • You can find the log file at C:\AdwCleaner[Cn].txt (n is a number, the highest number is the most recent).

 

 

Next,

The 'Scan for Rootkits' option is disabled in Malwarebytes. Please enable it, perform another scan and post its log.

  • Open Malwarebytes;
  • On the left pane select Settings;
  • Select the Protection tab;
  • Scroll down to Scan Options and ensure Scan for Rootkits is on and leave all other settings to default.
  • Go back to Dashboard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient.
  • When the scan completes if potential threats are detected, ensure to check-mark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.

Please attach the log in your next reply.



To summarize, please post in your next reply the entire contents of:
fixlog.txt log;
JRT.txt log;
AdwCleaner clean log;
Malwarebytes log.
 

 

How is your computer running now?

 

Thank you.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#5 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 05 May 2017 - 12:54 PM

Hello Android 8888; 

 

Thank you very much, I've done everything you said...but the problem persists.  I went back into Word, tried to open a Dropbox file, and Word freezes up.  If I go into Windows Explorer and double click the Dropbox folder, it will open in Word, but not the other way around.  I've also uninstalled Dropbox, and re-installed...no change.  And after I try to exit Word when it freezes, this is the message I get: 

 

"The exception unknown softwrare exception (0xe0000002) occurred in the application at location 0x000000007748B782". 

 

So, as per your request, and in the order you asked, here is fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-05-2017 01
Ran by Carl Russell (05-05-2017 10:58:36) Run:1
Running from C:\Users\Carl Russell\Desktop\Spyware Utilities
Loaded Profiles: Carl Russell (Available Profiles: Carl Russell)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.com/?trackid=sp-006
FF user.js: detected! => C:\Users\Carl Russell\AppData\Roaming\Mozilla\Firefox\Profiles\yyclqesd.default-1447192209595\user.js [2016-12-19]
FF NewTab: Mozilla\Firefox\Profiles\yyclqesd.default-1447192209595 -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\yyclqesd.default-1447192209595 -> hxxps://my.yahoo.com/?mkg=015
CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_iobitfs_16_08&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0ByC0A0EtB0B0CtByEtByBzzyCtAtC0EtN0D0Tzu0StCyDtCyCtN1L2XzutAtFtCzztFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0Fzz0AtDtDyEyDtGtA0CyEyEtGzz0Azz0CtGyBtCzz0DtGyE0C0C0AyDtC0BtAtB0B0FyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0F0Dzz0D0AtAtDtGzztAzztBtGyEzy0D0EtGzy0DyCtBtGtC0CyE0AyD0CzyyEtDzy0Ey... (long line)
CHR DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_iobitfs_16_08&param1=1&param2=f%3D4%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0ByC0A0EtB0B0CtByEtByBzzyCtAtC0EtN0D0Tzu0StCyDtCyCtN1L2XzutAtFtCzztFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0Fzz0AtDtDyEyDtGtA0CyEyEtGzz0Azz0CtGyBtCzz0DtGyE0C0C0AyDtC0BtAtB0B0FyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0F0Dzz0D0AtAtDtGzztAzztBtGyEzy0D0EtGzy0DyCtBtGtC0CyE0AyD0C... (long line)
CHR Extension: (Avast SafePrice) - C:\Users\Carl Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-03-18]
CHR Extension: (Avast Online Security) - C:\Users\Carl Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-04-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Carl Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Chrome Media Router) - C:\Users\Carl Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-06]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key removed successfully
HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value removed successfully
C:\Users\Carl Russell\AppData\Roaming\Mozilla\Firefox\Profiles\yyclqesd.default-1447192209595\user.js => moved successfully
C:\Users\Carl Russell\AppData\Roaming\Mozilla\Firefox\Profiles\yyclqesd.default-1447192209595\user.js => not found.
Firefox "newtab" removed successfully
Firefox "homepage" removed successfully
Chrome HomePage => removed successfully
Chrome DefaultSearchURL => removed successfully
C:\Users\Carl Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => moved successfully
C:\Users\Carl Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
C:\Users\Carl Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Carl Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 88263454 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 159375514 B
Edge => 37494247 B
Chrome => 7130743 B
Firefox => 294742393 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 10986 B
NetworkService => 1562 B
Carl Russell => 16325714 B

RecycleBin => 6350 B
EmptyTemp: => 585.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:59:29 ====

 

JRT.txt log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Pro x64
Ran by Carl Russell (Administrator) on Fri 05/05/2017 at 11:05:35.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 8

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Carl Russell\AppData\Local\nico mak computing (Folder)
Successfully deleted: C:\Users\Carl Russell\AppData\Local\packageaware (Folder)
Successfully deleted: C:\Users\Carl Russell\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\Users\Carl Russell\Documents\add-in express (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Carl_Russell (Task)
Successfully deleted: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Carl_Russell.job (Task)
Successfully deleted: C:\WINDOWS\wininit.ini (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/05/2017 at 11:08:58.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner clean log

 

# AdwCleaner v6.046 - Logfile created 05/05/2017 at 11:14:33
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-05-04.2 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : Carl Russell - DESKTOP-NA3AC93
# Running from : C:\Users\Carl Russell\Downloads\adwcleaner_6.046.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: AdvancedSystemCareService10


***** [ Folders ] *****

[-] Folder deleted: C:\Users\Carl Russell\AppData\LocalLow\IObit\Advanced SystemCare
[-] Folder deleted: C:\Users\Carl Russell\AppData\Roaming\iFunSoft
[-] Folder deleted: C:\Users\Carl Russell\AppData\Roaming\IObit\Advanced SystemCare
[-] Folder deleted: C:\ProgramData\iFunSoft
[-] Folder deleted: C:\ProgramData\IObit\ASCDownloader
[-] Folder deleted: C:\ProgramData\IObit\Advanced SystemCare
[#] Folder deleted on reboot: C:\ProgramData\Application Data\iFunSoft
[#] Folder deleted on reboot: C:\ProgramData\Application Data\IObit\ASCDownloader
[#] Folder deleted on reboot: C:\ProgramData\Application Data\IObit\Advanced SystemCare
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
[-] Folder deleted: C:\Program Files (x86)\IObit\Advanced SystemCare
[-] Folder deleted: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****

[-] Task deleted: ASC10_PerformanceMonitor


***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-2502126243-2453895596-2800589288-1004\Software\darwendlm
[#] Key deleted on reboot: HKCU\Software\darwendlm
[-] Key deleted: HKLM\SOFTWARE\IOBIT\ASC
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1
[#] Key deleted on reboot: [x64] HKCU\Software\darwendlm
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\BHO.DLL
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect


***** [ Web browsers ] *****

[-] [C:\Users\Carl Russell\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Carl Russell\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Carl Russell\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search provided by yahoo.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2636 Bytes] - [05/05/2017 11:14:33]
C:\AdwCleaner\AdwCleaner[S0].txt - [2677 Bytes] - [05/05/2017 11:13:29]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2782 Bytes] ##########

 

 and Malwarebytes log

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/5/17
Scan Time: 11:20 AM
Logfile: Malwarebyte log.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1875
License: Premium

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-NA3AC93\Carl Russell

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 402301
Time Elapsed: 3 min, 42 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

 

Thank you again....Carl



#6 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,038 posts

Posted 05 May 2017 - 03:52 PM

Hello Carlgrus.

Thank you for the logs.


Please download Sophos Virus Removal Tool and save it to your computer's Desktop.

  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • If any threats are found click Details, then View Log file (bottom left-hand corner).
  • Copy and paste its contents in your next reply and note any errors encountered.
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup.
  • Click Exit to close the program.
  • If no threats were found, please confirm that result.

Note: Whenever necessary, the log will be in the following location:

C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 
Please post the contents of the log in your next reply and note any errors encountered.


Next,

Click the CTRL key and double-click on Word icon to open Word in safe mode;
Click Yes on 'Do you wish to start Word in safe mode?';
Click the File menu on the left top and then on the left Pane select Options;
On the left vertical menu select Add-ins;
At the bottom click the Go button. A new window will open;
Take note of all add-ins that are check-marked and then uncheck them all;

Click the OK button and close Word;

Then reopen Word in normal mode;
Check all the boxes for the add-ins which were selected before and click the OK button.

Now try to open a Dropbox file and check if the problem persists.


To summarize please post the contents of SVRT log and let me know if you are still having freezes when opening a Dropbox file with Word.

Thank you.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#7 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 05 May 2017 - 05:07 PM

Hello Android 8888

 

Once again, I have done all that you've recommended.  Ran Sophos Virus Removal Tool, and it came back and said the computer is clean, 0 threats found.  I then started Word in Safe mode, unchecked myt Add-ins, reopened in normal mode...checked all boxes for the add-ins...and unfortunately, the problem persists...Very challenging.  I respect all you're doing.  I'll await your next recommendation.  Thank you again.  Carl



#8 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,038 posts

Posted 06 May 2017 - 06:56 AM

Hello Carlgrus.
 

Ran Sophos Virus Removal Tool, and it came back and said the computer is clean, 0 threats found.

This is great. Your computer appears to be free of malware. :good:

 

Now, about the freezes issue please proceed as follow:

 

  • Start Word in Safe Mode again and disable all Add-ins. To ensure the Office app is in Safe Mode, check the title bar. You should see something like: Microsoft Word (Safe Mode).
  • Now leave all Add-ins disabled and close Word (Safe Mode).
  • Then try to open a Word document from Dropbox and see if the freezes problem persists. If so, please tell me if you are still receiving any error message when that happens.

 

Thank you.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#9 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 06 May 2017 - 08:47 AM

Hello Android 8888;

 

Yes the problem persists, and still getting the error message.  The only thing that changed is in the error message the location at the end of the message now reads 0x0000000075ECB782, which is a slightly different location than before, which was 0x000000007748B782. 



#10 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,038 posts

Posted 06 May 2017 - 05:58 PM

Hello Carlgrus.

 

Incompatible device drivers can also cause this error.

Please try to update Windows manually.

Click the Windows Start button in Windows 10;
Click Settings > Update & security > Windows Update;
Click the Search updates button;
If updates are available they should automatically be installed on your PC;
Restart the computer.

Try to open a Word document from the Dropbox and see if it's still freezing.

Then, try to perform some drivers updates.
Update drivers in Windows 10


If that doesn't solve the problem, please read carefully the instructions in the following link and try to repair Office:
https://support.offi...0e-a6b40c5bb88b


Let me know how successful you were with the procedures above. Does the problem persists?


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#11 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 07 May 2017 - 05:32 AM

Hello Android 8888; 

 

I did all of the above and the problem persists!  I did not need any Windows updates, or driver updates. 



#12 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,038 posts

Posted 07 May 2017 - 03:57 PM

Hello Carlgrus.


It appears that the freezes issue is due to an incompatibility with Malwarebytes version 3.0.6. that you have installed.


However there is a new version that is supposed to solve the problem. Please follow the instructions below to remove your current version of Malwarebytes and only then you can install the newest version.

 

 

Please download MBAM-clean and save it to your computer Desktop.
Right-click on mbam-clean.exe icon and select Run as administrator to start the tool.
It will ask you to reboot the machine - please do so.
Run the MBAM-clean tool again and reboot when complete. NOTE: DO NOT miss this step.

If you have lost the activation license key information it can be located here


Next,
Please download the Malwarebytes version 3.1.1. Beta installer file and save it to your computer's Desktop.
Right-click the installer file and select Run as administrator;

Click Yes to accept the User Account Control security warning that may appear and follow the prompts.
Once the installation is complete, restart the computer.


Now, try to do some tests by opening and saving Word documents from Dropbox and let me know if the freezes problem persists.

 

Thank you.

 

Android 8888


Edited by Android 8888, 07 May 2017 - 04:24 PM.

Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#13 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 07 May 2017 - 04:43 PM

Hello Android 8888;

 

You did it!!!  That was it.  It was Malwarebytes incompatibility.  You nailed it!  Thank you very much for your patience and persistence.  I appreciate it very much.  If there is any way I can help you with commercial real estate in southern Connecticut, just let me know.  All the best.   Carl 



#14 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,038 posts

Posted 08 May 2017 - 05:15 AM

Hello Carlgrus.

You are welcome. :good:

I'm glad the problem has been solved. However there is some work to do yet.

Please download Security Analysis by Rocket Grannie from here

  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • When finished, a Notepad window will open with the results of the scan.
  • The log named SALog.txt can also be found on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log in this topic.

Note: If you get a Warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk.

Please post the SALog.txt in your next reply and wait for further instructions.

Thank you.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#15 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 08 May 2017 - 09:33 AM

Hello Android 8888;

 

Thanks again, and here is the SALog.txt

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 7th May, 2017
Running from:C:\Users\Carl Russell\Desktop (11:32:21 - 05/08/2017)
***---------------------------------------------------------***
Microsoft Windows 10 Pro X64
UAC is Enabled
Internet Explorer 11
Default Browser: Microsoft Edge
***------------Antivirus - Antispyware - Firewall-----------***
Avast Antivirus (Disabled - up to Date)
Malwarebytes (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
Malwarebytes (Enabled - up to Date)
Spybot - Search and Destroy (Enabled - Not up to Date)
Malwarebytes (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
Avast Antivirus (Disabled - up to Date)
Malwarebytes (Enabled - up to Date)
Avast Antivirus (Disabled)
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player 25 NPAPI (25.0.0.148)
CCleaner (5.29)
Google Chrome (57.0.2987.133) ==> is out of Date
Malwarebytes (3.1.1.1722)
Microsoft Silverlight (5.1.50906.0)
Mozilla Firefox (53.0.2)
Spybot - Search & Destroy (2.4.40)

***----------------Analysis Complete-------------------------***



#16 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,038 posts

Posted 08 May 2017 - 04:09 PM

Hello Carlgrus.

Please update your Google Chrome browser to the latest version (58). Outdated versions contain vulnerabilities that can be exploited by malware even if you don't use it.
How to update Google Chrome

Your Avast Antivirus is disabled. Please enable it (if have not already done it) so you can remain protected. It can run in conjunction with Malwarebytes Premium version.

Please keep in mind that you should run only one security program of each type with Real-Time Protection, i.e., only one anti-virus, one anti-spyware, one firewall.

 

With both running Malwarebytes Premium and Avast Free Antivirus, I do not see the need to use Spybot. But if you wish to keep using it you should disable its Real-Time Protection and use it as a stand alone scanner. Otherwise they can conflict with each other and become less effective protection.
Instructions on how to do it here: https://www.safer-networking.org/faq/live-protection-is-conflicting-with-my-other-av-program/
 

 

Next,
You can remove the tools we used in the malware removal process using DelFix.

Follow the instructions below to download and execute DelFix.

  • Download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Run as Administrator;
  • Check the following options :
    • Activate UAC (This option will activate the User Account Control feature).
    • Remove disinfection tools (this option will remove the tools used in the cleaning process).
    • Create registry backup (this option will create a backup from the Windows Registry).
    • Purge system restore (this option will remove all previous and possibly infected restore points, and will create a new and clean restore point of your system).
    • Reset system settings (this option will reset any system settings back to default that were changed either by us during cleansing or by malware infection).
  • Once the options mentioned above are checked, click on Run;
  • After DelFix is done running, a log will open. Please copy and paste the entire content of the output log in your next reply;

 

Please post the DelFix log and let me know if there are any issues or concerns with the computer.

 

Thank you.

 

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#17 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 09 May 2017 - 08:36 AM

Hello Android 8888;

 

There are no issues with the computer...all is well. Thank you again.  And as per you request here is the DelFix log:

 

# DelFix v1.013 - Logfile created 09/05/2017 at 10:33:41
# Updated 17/04/2016 by Xplode
# Username : Carl Russell - DESKTOP-NA3AC93
# Operating System : Windows 10 Pro  (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\Carl Russell\Downloads\FRST-OlderVersion
Deleted : C:\Users\Carl Russell\Desktop\Addition.txt
Deleted : C:\Users\Carl Russell\Desktop\SALog.txt
Deleted : C:\Users\Carl Russell\Downloads\Addition.txt
Deleted : C:\Users\Carl Russell\Downloads\adwcleaner_6.046.exe
Deleted : C:\Users\Carl Russell\Downloads\FRST.txt
Deleted : C:\Users\Carl Russell\Downloads\JRT.exe
Deleted : C:\Users\Carl Russell\Downloads\RGSA(1).exe
Deleted : C:\Users\Carl Russell\Downloads\RGSA.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #9 [Restore Point Created by FRST | 05/05/2017 14:58:37]
Deleted : RP #10 [JRT Pre-Junkware Removal | 05/05/2017 15:05:36]
Deleted : RP #11 [Installed Sophos Virus Removal Tool. | 05/05/2017 22:16:23]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 



#18 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,038 posts

Posted 09 May 2017 - 09:58 AM

Hello Carlgrus and thank you for the log.
 

Thank you again.

You're welcome! :thumbup:
 
The log indicates that DelFix ran well and performed the actions for which it was supposed to do.
 

 

 

To help keep malware off your system below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer.

Keep your Windows Operating System up-to-date.

Keep your AntiVirus program up-to-date.

Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.


Keep Malwarebytes Anti-Malware (MBAM) update and perform a regular scan to your system as it will make it harder for malware to reside on your computer.
A tutorial on using MBAM can be found here and a complete guide here

Please Note: Only the paid for version has real time capabilities.
A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available here

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure.

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here.

Please keep your programs up to date. Vulnerabilities in these programs are often exploited in order to install malware on your PC.

Run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated.

Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.

Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.

Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.

Don't click on links received in instant message programs.

A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here

For much more useful and complete information, please read the following links to fully understand PC Security and Best Practices:
How did I get infected in the first place
Answers to common security questions - Best Practices

Hopefully these steps will help to keep you error and malware free. If you run into more difficulty, we will certainly do what we can to help.

Happy surfing and stay safe. default_cool.png

Android8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#19 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 09 May 2017 - 12:48 PM

Hello Android 8888;   I will take note of all you've said and written me.  Thank you again.  All the best.   Carl 



#20 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,038 posts

Posted 20 June 2017 - 09:35 AM

Glad we could help.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else, please begin a new topic.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.




Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!