• Welcome to Free PC Help, a free PC Help forum to get help with your computer problems.

    Free PC Help is a community that offers free computer help and support for all users, all ages, worldwide.

    In order to start asking questions or contribute on someone else's post you will first need to register. Don't worry - it's quick and easy and once you have registered you will have instant access to the entire forum.

    If you do decide to join the forums you will not have the option to send Private Messages [ PMs ] or add a Signature until you have made 5 posts or more. This is an attempt to try to stop Spammers using the PM system or adding links to their Signature.

  • Due to the complexity and risks involved our formally trained malware staff will be the only ones allowed to help with malware removal advice. Thank you.

Getting PopUps from watchtvnow.com

Skyclad

FPCH Member
Joined
Aug 30, 2016
Messages
49
PC Experience
Some Experience
#1
Hello to all my friends at PCHelp!
I'm hoping you can help me with something that appears to be malware that keeps popping up on my computer.. It shows up in a small window in the bottom right had of my monitor usually when I log on, but can happen at any time.. It is from a locale called watchtvnow.com, and it's all over Google.. I've read how to get rid of it via several links, but opted to see if you guys could help me out on this one.. You have always taken care of my problems in the past, so hoping you can help with this one as well.. I would like to mention that I do have Malwarebytes, but it is the free edition.. In most of the links I read, the first thing they said to do was run MBAM, and once the malware is found you can delete or quarantine it that way.. Problem is, the Malwarebytes I have says everything is clean.. Please advise!
Thanks in advance for any help on this!
PS I'm running Microsoft Security Essentials as an AV and have had no issues until lately.. Wondering if I need to get an upgrade on my antivirus...
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Messages
4,528
Location
Midlands, UK
PC Experience
Very Experienced
#2
Hi Skyclad,

I'm sure we can sort this out for you.
Please download the following program and post the 2 reports asked for.

Note:
There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

If you are unsure what you're system bit type is..... click Here for help.

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    YO62v3X.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • When the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

Thanks
 

Skyclad

FPCH Member
Joined
Aug 30, 2016
Messages
49
PC Experience
Some Experience
#3
Hello Starbuck and thanks for getting back on this.. Find attached the info you requested.. Hoping this will tell the tale...!
Thanks again...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07.01.2019
Ran by Mike (administrator) on HOME (07-01-2019 16:38:09)
Running from C:\Users\Mike\Downloads
Loaded Profiles: Mike (Available Profiles: Mike & HP_OWNER)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1387389289\ee\aolsoftware.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1387389289\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [Cobian Backup 11] => C:\Program Files (x86)\Cobian Backup 11\Cobian.exe [720896 2013-03-07] (Luis Cobian, CobianSoft)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKU\S-1-5-21-4197961188-714576266-808560349-1000\...\Run: [Google Update] => C:\Users\Mike\AppData\Local\Google\Update\1.3.33.23\GoogleUpdateCore.exe [605992 2018-12-17] (Google Inc.)
HKU\S-1-5-21-4197961188-714576266-808560349-1000\...\RunOnce: [CleanUp!] => C:\Users\Mike\Desktop\Cleanup.exe [315392 2015-03-24] (Steven R. Gould)
HKU\S-1-5-21-4197961188-714576266-808560349-1000\...\MountPoints2: {7782d33e-6747-11e3-95c9-806e6f6e6963} - D:\Setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2018-09-20] (Adobe Systems, Inc.)
Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Cartridge Alerts - HP OfficeJet 3830 series.lnk [2019-01-05]
ShortcutTarget: Monitor Cartridge Alerts - HP OfficeJet 3830 series.lnk -> C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPStatusBL.dll (HP Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{1E0DDCFC-1E76-4B24-A563-377693E78DF2}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{30240170-2754-43C0-8F1E-C67D1234ECC7}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{BFFEA40B-4E9A-4941-BD74-162078A16799}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Internet Explorer:
==================
HKU\S-1-5-21-4197961188-714576266-808560349-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.kadaza.com/
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll => No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-4197961188-714576266-808560349-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)

FireFox:
========
FF DefaultProfile: fcovtdlu.default-1503001169035
FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\fcovtdlu.default-1503001169035 [2018-10-09]
FF Homepage: Mozilla\Firefox\Profiles\fcovtdlu.default-1503001169035 -> hxxp://www.kadaza.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-02-26] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4197961188-714576266-808560349-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-4197961188-714576266-808560349-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default [2019-01-07]
CHR Extension: (Slides) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-25]
CHR Extension: (Docs) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-25]
CHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-20]
CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-20]
CHR Extension: (Sea Cliffs) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpokehhbejeciipobnhjkhhflnmpidkf [2019-01-05]
CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-20]
CHR Extension: (Sheets) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-25]
CHR Extension: (Google Docs Offline) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-12]
CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-20]
CHR Extension: (Chrome Media Router) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-08]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.AULL7JPKOAZNRFMN4VMN37U7VU - C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [292736 2013-01-17] (Puran Software) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE1200w764.sys [1254464 2011-03-29] (Broadcom Corporation)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [261032 2019-01-05] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-07 16:38 - 2019-01-07 16:38 - 000013174 _____ C:\Users\Mike\Downloads\FRST.txt
2019-01-07 16:33 - 2019-01-07 16:33 - 002424832 _____ (Farbar) C:\Users\Mike\Downloads\FRST64.exe
2019-01-07 14:00 - 2019-01-07 14:00 - 012902928 _____ C:\Users\Mike\Downloads\TotalAV_Setup.exe
2019-01-02 09:33 - 2019-01-02 09:33 - 000195089 _____ C:\Users\Mike\Desktop\Why Americans Get Socialism and Capitalism Backwards.html
2019-01-02 09:33 - 2019-01-02 09:33 - 000000000 ____D C:\Users\Mike\Desktop\Why Americans Get Socialism and Capitalism Backwards_files
2018-12-27 21:38 - 2018-12-27 21:38 - 000298753 _____ C:\Users\Mike\Desktop\SmokingBasicsEcourse2017.pdf
2018-12-27 14:04 - 2018-12-27 14:20 - 000000000 ____D C:\Users\Mike\Desktop\FunnyBS
2018-12-27 13:23 - 2019-01-05 09:26 - 000261032 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-12-27 12:21 - 2018-12-27 12:21 - 000003556 _____ C:\Windows\System32\Tasks\HPCustParticipation HP OfficeJet 3830 series
2018-12-27 12:21 - 2018-12-27 12:21 - 000002236 _____ C:\Users\Public\Desktop\HP OfficeJet 3830 series.lnk
2018-12-27 12:21 - 2018-12-27 12:21 - 000001991 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2018-12-27 12:21 - 2018-12-27 12:21 - 000001173 _____ C:\Users\Public\Desktop\Shop for Supplies - HP OfficeJet 3830 series.lnk
2018-12-27 12:21 - 2018-12-27 12:21 - 000000000 ____D C:\ProgramData\Visan
2018-12-27 12:21 - 2018-12-27 12:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2018-12-27 12:21 - 2018-12-27 12:21 - 000000000 ____D C:\ProgramData\HP Photo Creations
2018-12-27 12:21 - 2018-12-27 12:21 - 000000000 ____D C:\Program Files (x86)\HP Photo Creations
2018-12-27 12:21 - 2017-03-27 12:54 - 000840328 ____N (HP Inc.) C:\Windows\system32\HPDiscoPME511.dll
2018-12-27 12:20 - 2018-12-27 12:21 - 000000000 ____D C:\Program Files (x86)\HP
2018-12-27 12:20 - 2018-12-27 12:20 - 000000000 ____D C:\Program Files\HP
2018-12-27 12:19 - 2018-12-27 12:47 - 000000000 ____D C:\ProgramData\HP
2018-12-27 09:38 - 2018-12-27 12:48 - 000000000 ____D C:\Users\Mike\AppData\Local\HP
2018-12-22 07:07 - 2018-12-31 16:43 - 000000000 ____D C:\Users\Mike\Desktop\Winter18
2018-12-20 04:41 - 2018-12-14 18:06 - 000397088 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-12-20 04:41 - 2018-12-14 17:14 - 000348760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-12-20 04:41 - 2018-12-14 02:09 - 025736704 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-12-20 04:41 - 2018-12-14 02:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-12-20 04:41 - 2018-12-14 02:01 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-12-20 04:41 - 2018-12-14 01:51 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-12-20 04:41 - 2018-12-14 01:49 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-12-20 04:41 - 2018-12-14 01:49 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-12-20 04:41 - 2018-12-14 01:49 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-12-20 04:41 - 2018-12-14 01:48 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-12-20 04:41 - 2018-12-14 01:48 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-12-20 04:41 - 2018-12-14 01:42 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-12-20 04:41 - 2018-12-14 01:41 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-12-20 04:41 - 2018-12-14 01:39 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-12-20 04:41 - 2018-12-14 01:38 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-12-20 04:41 - 2018-12-14 01:38 - 000790016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-12-20 04:41 - 2018-12-14 01:38 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-12-20 04:41 - 2018-12-14 01:38 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-12-20 04:41 - 2018-12-14 01:36 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-12-20 04:41 - 2018-12-14 01:33 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-12-20 04:41 - 2018-12-14 01:30 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-12-20 04:41 - 2018-12-14 01:24 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-12-20 04:41 - 2018-12-14 01:24 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-12-20 04:41 - 2018-12-14 01:23 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-12-20 04:41 - 2018-12-14 01:21 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-12-20 04:41 - 2018-12-14 01:20 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-12-20 04:41 - 2018-12-14 01:18 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-12-20 04:41 - 2018-12-14 01:17 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-12-20 04:41 - 2018-12-14 01:09 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-12-20 04:41 - 2018-12-14 01:06 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-12-20 04:41 - 2018-12-14 01:06 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-12-20 04:41 - 2018-12-14 01:05 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-12-20 04:41 - 2018-12-14 01:04 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-12-20 04:41 - 2018-12-14 01:02 - 015284736 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-12-20 04:41 - 2018-12-14 00:58 - 020280832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-12-20 04:41 - 2018-12-14 00:57 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-12-20 04:41 - 2018-12-14 00:51 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-12-20 04:41 - 2018-12-14 00:45 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-12-20 04:41 - 2018-12-14 00:41 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-12-20 04:41 - 2018-12-14 00:41 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-12-20 04:41 - 2018-12-14 00:40 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-12-20 04:41 - 2018-12-14 00:40 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-12-20 04:41 - 2018-12-14 00:39 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-12-20 04:41 - 2018-12-14 00:38 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-12-20 04:41 - 2018-12-14 00:35 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-12-20 04:41 - 2018-12-14 00:35 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-12-20 04:41 - 2018-12-14 00:34 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-12-20 04:41 - 2018-12-14 00:34 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-12-20 04:41 - 2018-12-14 00:33 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-12-20 04:41 - 2018-12-14 00:33 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-12-20 04:41 - 2018-12-14 00:32 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-12-20 04:41 - 2018-12-14 00:26 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-12-20 04:41 - 2018-12-14 00:23 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-12-20 04:41 - 2018-12-14 00:22 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-12-20 04:41 - 2018-12-14 00:22 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-12-20 04:41 - 2018-12-14 00:20 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-12-20 04:41 - 2018-12-14 00:19 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-12-20 04:41 - 2018-12-14 00:19 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-12-20 04:41 - 2018-12-14 00:18 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-12-20 04:41 - 2018-12-14 00:18 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-12-20 04:41 - 2018-12-14 00:14 - 013681152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-12-20 04:41 - 2018-12-14 00:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-12-20 04:41 - 2018-12-14 00:11 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-12-20 04:41 - 2018-12-14 00:11 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-12-20 04:41 - 2018-12-14 00:10 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-12-20 04:41 - 2018-12-13 23:58 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-12-20 04:41 - 2018-12-13 23:54 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-12-20 04:41 - 2018-12-13 23:52 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-12-17 14:56 - 2018-12-17 14:56 - 000130797 _____ C:\Users\Mike\Desktop\Apparel – Kona Brewing.html
2018-12-17 14:56 - 2018-12-17 14:56 - 000000000 ____D C:\Users\Mike\Desktop\Apparel – Kona Brewing_files
2018-12-12 17:07 - 2018-12-12 17:07 - 005012020 _____ C:\Users\Mike\Desktop\8ccec5_a7d4fac1eb6548b18ef2e56205fa7e47.pdf
2018-12-11 22:21 - 2018-12-05 20:39 - 003227648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-12-11 22:21 - 2018-11-28 16:02 - 014635520 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-12-11 22:21 - 2018-11-28 16:02 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2018-12-11 22:21 - 2018-11-28 16:02 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2018-12-11 22:21 - 2018-11-28 16:02 - 000005632 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2018-12-11 22:21 - 2018-11-28 16:02 - 000005632 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2018-12-11 22:21 - 2018-11-28 15:50 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2018-12-11 22:21 - 2018-11-28 15:50 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-12-11 22:21 - 2018-11-28 15:38 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2018-12-11 22:21 - 2018-11-28 15:38 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2018-12-11 22:21 - 2018-11-28 15:38 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2018-12-11 22:21 - 2018-11-11 11:19 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-12-11 22:21 - 2018-11-11 11:02 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-12-11 22:21 - 2018-11-11 11:01 - 005551848 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-12-11 22:21 - 2018-11-11 11:01 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-12-11 22:21 - 2018-11-11 11:01 - 000366824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-12-11 22:21 - 2018-11-11 11:01 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-12-11 22:21 - 2018-11-11 11:01 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-12-11 22:21 - 2018-11-11 11:00 - 001664360 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-12-11 22:21 - 2018-11-11 10:58 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-12-11 22:21 - 2018-11-11 10:58 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-12-11 22:21 - 2018-11-11 10:58 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-12-11 22:21 - 2018-11-11 10:58 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-12-11 22:21 - 2018-11-11 10:58 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-12-11 22:21 - 2018-11-11 10:58 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-12-11 22:21 - 2018-11-11 10:58 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-12-11 22:21 - 2018-11-11 10:58 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-12-11 22:21 - 2018-11-11 10:58 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-12-11 22:21 - 2018-11-11 10:58 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-12-11 22:21 - 2018-11-11 10:58 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-12-11 22:21 - 2018-11-11 10:58 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-12-11 22:21 - 2018-11-11 10:58 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-12-11 22:21 - 2018-11-11 10:58 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-12-11 22:21 - 2018-11-11 10:58 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-12-11 22:21 - 2018-11-11 10:58 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-12-11 22:21 - 2018-11-11 10:58 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-12-11 22:21 - 2018-11-11 10:58 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-12-11 22:21 - 2018-11-11 10:58 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-12-11 22:21 - 2018-11-11 10:58 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-12-11 22:21 - 2018-11-11 10:58 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-12-11 22:21 - 2018-11-11 10:58 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-12-11 22:21 - 2018-11-11 10:58 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-12-11 22:21 - 2018-11-11 10:58 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-12-11 22:21 - 2018-11-11 10:58 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:49 - 004054760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-12-11 22:21 - 2018-11-11 10:49 - 003960040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-12-11 22:21 - 2018-11-11 10:47 - 001314104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-12-11 22:21 - 2018-11-11 10:45 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-12-11 22:21 - 2018-11-11 10:45 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-12-11 22:21 - 2018-11-11 10:45 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-12-11 22:21 - 2018-11-11 10:45 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2018-12-11 22:21 - 2018-11-11 10:45 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-12-11 22:21 - 2018-11-11 10:45 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-12-11 22:21 - 2018-11-11 10:45 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-12-11 22:21 - 2018-11-11 10:45 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-12-11 22:21 - 2018-11-11 10:45 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-12-11 22:21 - 2018-11-11 10:45 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-12-11 22:21 - 2018-11-11 10:45 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-12-11 22:21 - 2018-11-11 10:45 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-12-11 22:21 - 2018-11-11 10:45 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-12-11 22:21 - 2018-11-11 10:45 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-12-11 22:21 - 2018-11-11 10:45 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-12-11 22:21 - 2018-11-11 10:45 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-12-11 22:21 - 2018-11-11 10:45 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-12-11 22:21 - 2018-11-11 10:45 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-12-11 22:21 - 2018-11-11 10:44 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-12-11 22:21 - 2018-11-11 10:44 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-12-11 22:21 - 2018-11-11 10:44 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-12-11 22:21 - 2018-11-11 10:44 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-12-11 22:21 - 2018-11-11 10:44 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-12-11 22:21 - 2018-11-11 10:44 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-12-11 22:21 - 2018-11-11 10:44 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:44 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:44 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:44 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:44 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:44 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:44 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:25 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-12-11 22:21 - 2018-11-11 10:25 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-12-11 22:21 - 2018-11-11 10:25 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-12-11 22:21 - 2018-11-11 10:24 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-12-11 22:21 - 2018-11-11 10:20 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-12-11 22:21 - 2018-11-11 10:20 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-12-11 22:21 - 2018-11-11 10:19 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-12-11 22:21 - 2018-11-11 10:19 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-12-11 22:21 - 2018-11-11 10:16 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-12-11 22:21 - 2018-11-11 10:16 - 000160768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-12-11 22:21 - 2018-11-11 10:16 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-12-11 22:21 - 2018-11-11 10:15 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-12-11 22:21 - 2018-11-11 10:15 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-12-11 22:21 - 2018-11-11 10:15 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-12-11 22:21 - 2018-11-11 10:15 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-12-11 22:21 - 2018-11-11 10:15 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-12-11 22:21 - 2018-11-11 10:15 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-12-11 22:21 - 2018-11-11 10:15 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-12-11 22:21 - 2018-11-11 10:15 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-12-11 22:21 - 2018-11-11 10:15 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-12-11 22:21 - 2018-11-11 10:15 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-12-11 22:21 - 2018-11-11 10:14 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-12-11 22:21 - 2018-11-11 10:13 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:13 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:13 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-12-11 22:21 - 2018-11-11 10:13 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-12-11 22:21 - 2018-11-08 10:58 - 002009600 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-12-11 22:21 - 2018-11-08 10:58 - 001889280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-12-11 22:21 - 2018-11-08 10:58 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-12-11 22:21 - 2018-11-08 10:58 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2018-12-11 22:21 - 2018-11-08 10:43 - 001391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-12-11 22:21 - 2018-11-08 10:43 - 001241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2018-12-11 22:21 - 2018-11-08 10:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2018-12-11 22:21 - 2018-11-08 10:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2018-12-11 22:21 - 2018-11-05 22:36 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-12-11 22:21 - 2018-11-05 22:20 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-12-11 22:21 - 2018-10-06 10:03 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-12-11 22:21 - 2018-10-06 09:59 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-12-11 22:21 - 2018-10-06 09:59 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-12-11 22:21 - 2018-10-06 09:58 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-12-11 22:21 - 2018-10-06 09:58 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-12-11 22:21 - 2018-10-06 09:58 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-12-11 22:21 - 2018-10-06 09:50 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-12-11 22:21 - 2018-10-06 09:44 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-12-11 22:21 - 2018-10-06 09:44 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-12-11 22:21 - 2018-10-06 09:43 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-12-11 22:21 - 2018-10-06 09:43 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-12-11 22:21 - 2018-10-06 09:16 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-07 16:38 - 2017-01-23 15:01 - 000000000 ____D C:\FRST
2019-01-07 16:37 - 2009-07-13 22:45 - 000028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-01-07 16:37 - 2009-07-13 22:45 - 000028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-01-05 20:06 - 2017-04-23 21:37 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-01-05 18:15 - 2018-09-14 04:42 - 000000000 ____D C:\Users\Mike\Desktop\Black Sabbath
2019-01-05 11:18 - 2017-06-08 18:51 - 000000000 ____D C:\Users\Mike\Desktop\WordWaiting
2019-01-05 09:29 - 2009-07-13 23:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-05 09:29 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2019-01-05 09:28 - 2017-01-19 18:07 - 000000000 ____D C:\Users\Mike\Desktop\PicFaves18
2019-01-05 09:23 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-03 16:59 - 2013-12-17 21:53 - 000000000 ____D C:\Users\Mike\Documents\Wikipedia
2019-01-01 14:16 - 2013-12-17 21:34 - 000000000 ____D C:\Users\Mike\Documents\Italy
2018-12-30 09:10 - 2013-12-17 11:27 - 000000000 ____D C:\Users\Mike
2018-12-30 07:30 - 2013-12-17 21:35 - 000000000 ____D C:\Users\Mike\Documents\Menus
2018-12-27 14:22 - 2016-02-27 18:24 - 000000000 ____D C:\Users\Mike\Desktop\Tweed1
2018-12-27 14:20 - 2013-12-27 09:43 - 000000000 ____D C:\Users\Mike\Desktop\RecipesNow
2018-12-27 13:22 - 2013-12-17 16:09 - 000065552 _____ C:\Users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
2018-12-27 13:21 - 2009-07-13 22:45 - 000300424 _____ C:\Windows\system32\FNTCACHE.DAT
2018-12-21 03:55 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\rescache
2018-12-18 10:18 - 2018-10-16 13:09 - 000000000 ____D C:\Users\Mike\Desktop\Fall '18
2018-12-17 14:36 - 2016-07-28 15:54 - 000003504 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000UA1d1e91a93f23e27
2018-12-17 14:36 - 2016-07-28 15:54 - 000003232 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000Core1d1e91a936c6a61
2018-12-16 02:45 - 2018-10-08 06:26 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-12-12 13:36 - 2016-02-20 11:59 - 000002408 _____ C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-12 13:36 - 2016-02-20 11:59 - 000002371 _____ C:\Users\Mike\Desktop\Google Chrome.lnk
2018-12-12 03:08 - 2013-12-17 19:48 - 000773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-12-12 03:07 - 2013-12-17 12:03 - 000000000 ____D C:\Windows\system32\MRT
2018-12-12 03:04 - 2013-12-17 12:03 - 137260640 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-12-10 16:04 - 2013-12-17 11:55 - 000592616 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2013-12-24 14:36 - 2013-12-24 14:36 - 000000136 _____ () C:\Users\Mike\AppData\Roaming\mbam.context.scan
2013-12-23 08:43 - 2013-12-23 14:27 - 000004608 _____ () C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-01-03 00:57

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07.01.2019
Ran by Mike (07-01-2019 16:39:24)
Running from C:\Users\Mike\Downloads
Windows 7 Professional Service Pack 1 (X64) (2013-12-17 17:27:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4197961188-714576266-808560349-500 - Administrator - Disabled)
Guest (S-1-5-21-4197961188-714576266-808560349-501 - Limited - Disabled)
HP_OWNER (S-1-5-21-4197961188-714576266-808560349-1001 - Administrator - Enabled) => C:\Users\HP_OWNER
Mike (S-1-5-21-4197961188-714576266-808560349-1000 - Administrator - Enabled) => C:\Users\Mike

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
AOL Toolbar (HKLM-x32\...\AOL Toolbar) (Version: - AOL Inc.)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.00 - Canon Inc.)
Canon MG3500 series On-screen Manual (HKLM-x32\...\Canon MG3500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG3500 series User Registration (HKLM-x32\...\Canon MG3500 series User Registration) (Version: - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CleanUp! (HKLM-x32\...\CleanUp!) (Version: - )
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version: - )
Google Chrome (HKU\S-1-5-21-4197961188-714576266-808560349-1000\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Earth (HKLM-x32\...\{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}) (Version: 7.0.3.8542 - Google)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP OfficeJet 3830 series Basic Device Software (HKLM\...\{165CDB14-4CD3-4D4D-A38A-3FF93FAAFD5C}) (Version: 40.11.1119.1786 - HP Inc.)
HP OfficeJet 3830 series Help (HKLM-x32\...\{1FCCD112-2F27-463D-8C36-1D5C29A3BB3E}) (Version: 35.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Product Improvement Study for HP OfficeJet 3830 series (HKLM\...\{F1E13468-92EB-4AB7-8F1C-CC09A286C9B9}) (Version: 40.11.1119.1786 - HP Inc.)
Puran Defrag 7.6 (HKLM\...\Puran Defrag_is1) (Version: - Puran Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\Mike\AppData\Local\Google\Chrome\Application\71.0.3578.98\notification_helper.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [PuranDefrag] -> {E23C9C4A-0F55-40e2-A47F-93DCB54DF04D} => C:\Windows\system32\PuranDefrag.dll [2012-12-13] (Puran Software)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [PuranDefrag] -> {E23C9C4A-0F55-40e2-A47F-93DCB54DF04D} => C:\Windows\system32\PuranDefrag.dll [2012-12-13] (Puran Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [PuranDefrag] -> {E23C9C4A-0F55-40e2-A47F-93DCB54DF04D} => C:\Windows\system32\PuranDefrag.dll [2012-12-13] (Puran Software)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07A0926D-3B93-4542-A293-9D93B3E1751C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000UA => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-20] (Google Inc.)
Task: {166C76E8-C829-4F8D-966A-99994EE32692} - System32\Tasks\HPCustParticipation HP OfficeJet 3830 series => C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPCustPartic.exe [2017-03-27] (HP Inc.)
Task: {2790EBF7-9F22-4842-BCF2-591079FAAB66} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000UA1d1e91a93f23e27 => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-20] (Google Inc.)
Task: {83893AD3-3975-4766-87E6-FE0BD841FBFC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {90ED12DA-F53C-4114-B5D3-4B12FE1121AD} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {97D0ACD3-7B8B-4AA9-B335-660342A4CCF2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000Core1d1e91a936c6a61 => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-20] (Google Inc.)
Task: {A6F662DE-561D-4DA5-8C9B-AF7EDE21550A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000Core => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-20] (Google Inc.)
Task: {B0BAD826-55FF-4D0D-BA85-3A7C89BCE42B} - System32\Tasks\{623394EB-E332-4EE6-87FC-185678DA9EE3} => C:\Windows\system32\pcalua.exe -a "C:\ProgramData\AOL Downloads\SUD4624\waol-0.4346.19.1.exe" -d C:\Users\Mike\Desktop
Task: {C25D5070-BB51-4587-B189-2AE097F66BE4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-10] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000Core.job => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000UA.job => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-10-08 06:26 - 2018-12-16 02:45 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-12-12 13:36 - 2018-12-11 23:11 - 005237216 _____ () C:\Users\Mike\AppData\Local\Google\Chrome\Application\71.0.3578.98\libglesv2.dll
2018-12-12 13:36 - 2018-12-11 23:11 - 000117216 _____ () C:\Users\Mike\AppData\Local\Google\Chrome\Application\71.0.3578.98\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2015-09-22 15:49 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4197961188-714576266-808560349-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Corporation)
FirewallRules: [{C3E8EF01-3391-440D-8E60-7DFA4FFB6252}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe (AOL Inc.)
FirewallRules: [{99BF0AA0-61CC-4402-91DD-688187EF1C2C}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe (AOL Inc.)
FirewallRules: [{507D92DA-D18F-456B-8580-CF4D7D3D4C34}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe (AOL Inc.)
FirewallRules: [{6F25575C-4239-41E2-AF88-A8E4837B1FE8}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe (AOL Inc.)
FirewallRules: [{9ECD1C4E-7353-4D91-AE28-3F5E0B6F6894}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1387389289\ee\aolsoftware.exe (AOL Inc.)
FirewallRules: [{4E7E02DE-3224-4EEB-B741-CD4BCE906F97}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1387389289\ee\aolsoftware.exe (AOL Inc.)
FirewallRules: [{934581BF-C000-4943-A1A9-8D708C0DAC5D}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe (AOL Inc.)
FirewallRules: [{3617D4CB-7140-499B-8EF7-6114519D869E}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe (AOL Inc.)
FirewallRules: [{F500CF40-7A91-41A3-AF7B-C3C6A51D14AC}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe (AOL Inc.)
FirewallRules: [{43A258A9-3E67-4B57-971F-C5F555144649}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe (AOL Inc.)
FirewallRules: [{80476B99-EE1F-4C04-A3EF-3BD08D4FB9DF}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe (AOL Inc.)
FirewallRules: [{489929A1-B33D-450F-9710-BBC963D0F529}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe (AOL Inc.)
FirewallRules: [{06DFBD27-BEA0-49DF-9B1C-DB89A93EB606}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe (AOL Inc.)
FirewallRules: [{8B5C5F96-14EA-4F12-9D95-8B28902D0B10}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe (AOL Inc.)
FirewallRules: [{54A0577E-3E4F-4E17-A785-666F27081CBF}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe (AOL Inc.)
FirewallRules: [{D10B1CEC-C576-4E4A-A262-C61C93C61591}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe (AOL Inc.)
FirewallRules: [{48B5CAF3-443C-435D-B13D-92C41E118353}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe (AOL Inc.)
FirewallRules: [{02E4057D-CA37-4B4A-AFDA-1209DE386279}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe (AOL Inc.)
FirewallRules: [{8AF77200-EAEE-46C8-886A-9584425FB642}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe (AOL Inc.)
FirewallRules: [{88D1214E-2B23-4A42-AD05-5F9BB4E4824C}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe (AOL Inc.)
FirewallRules: [{D080DA85-6382-47D7-AB8E-BD03A8676BA5}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1387389289\ee\aolsoftware.exe (AOL Inc.)
FirewallRules: [{84AB735B-D1AA-41CF-A172-F1CDF3B02D67}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1387389289\ee\aolsoftware.exe (AOL Inc.)
FirewallRules: [{EABF4886-EBCB-439E-BCC4-51D532737B94}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe (AOL Inc.)
FirewallRules: [{8A159DB4-5EB9-4714-AF31-A1E0E954D74F}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe (AOL Inc.)
FirewallRules: [{79A1C0C6-DEA7-45B5-831B-B01DB292203D}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe (AOL Inc.)
FirewallRules: [{47F41458-5C50-4009-BC73-121478D3BF8D}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe (AOL Inc.)
FirewallRules: [{DC881B37-D9F3-4E8B-B374-E8F09B6F17D4}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe (AOL Inc.)
FirewallRules: [{3CCB0AFC-552C-47BF-921C-21E84C782125}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe (AOL Inc.)
FirewallRules: [{13C79176-45D2-49E0-A01A-047B42F2A1CD}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe (AOL Inc.)
FirewallRules: [{0DD3A617-96B7-481D-AE9B-C4120FC44844}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe (AOL Inc.)
FirewallRules: [{883D8B11-2CDA-4848-8E6A-FDA27359ACD5}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\aolbrowser.exe (AOL Inc.)
FirewallRules: [{A6A724BC-3293-4F09-BAC8-1980D2D9FEAA}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\aolbrowser.exe (AOL Inc.)
FirewallRules: [{3F4722D1-3B44-4D4A-897A-4399C7F87769}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.0\waol.exe (AOL Inc.)
FirewallRules: [{E9658CBE-25EC-4ECD-A959-F1498392F780}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.0\waol.exe (AOL Inc.)
FirewallRules: [{8E051556-1681-4B46-BF41-11651985A308}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.1\waol.exe (AOL Inc.)
FirewallRules: [{686645B1-A3D8-4D97-8E46-64585B91A100}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.1\waol.exe (AOL Inc.)
FirewallRules: [{887AFAF5-9173-4281-BFE1-92FE5FAF4090}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe (AOL Inc.)
FirewallRules: [{DECA53EA-D174-47CE-9CAB-A82A113B469D}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe (AOL Inc.)
FirewallRules: [{673BBE0F-0A84-41B4-A041-830CF5F49039}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxApplications.exe (HP Inc.)
FirewallRules: [{8DAE8A70-66CD-4796-A7B1-719AE81870E9}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\DigitalWizards.exe (HP Inc.)
FirewallRules: [{3E12EF65-E10A-40BD-95EB-73CCD50ED46B}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\SendAFax.exe (HP Inc.)
FirewallRules: [{296C7251-8195-41E1-A4F9-217BE632EEF3}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxPrinterUtility.exe (HP Inc.)
FirewallRules: [{7A98E836-0958-4CD5-B880-D2A811CB97D1}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\DeviceSetup.exe (HP Inc.)
FirewallRules: [{60295DE4-8E2F-442E-A566-EBD61A8A00D9}] => (Allow) LPort=5357
FirewallRules: [{5C206BAE-2864-42B0-B225-EC66D7180A14}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc.)
FirewallRules: [TCP Query User{1A801913-446A-4E62-B980-44B9A13700A9}C:\users\mike\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\mike\appdata\local\google\chrome\application\chrome.exe (Google Inc.)
FirewallRules: [UDP Query User{4305BD67-FCAD-435E-ADC5-A0C4972B7473}C:\users\mike\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\mike\appdata\local\google\chrome\application\chrome.exe (Google Inc.)
FirewallRules: [{49E188DD-8E4D-4D6A-9D5F-0A4891A91205}] => (Block) C:\users\mike\appdata\local\google\chrome\application\chrome.exe (Google Inc.)
FirewallRules: [{EE3D6B0A-5F25-405A-BA1C-CAAB50E82E98}] => (Block) C:\users\mike\appdata\local\google\chrome\application\chrome.exe (Google Inc.)

==================== Restore Points =========================

27-12-2018 11:49:06 Windows Update
30-12-2018 13:34:16 Windows Update
03-01-2019 00:01:23 Windows Update
06-01-2019 00:46:09 Windows Update

==================== Faulty Device Manager Devices =============

Name: WAN Miniport (ATW) #2
Description: WAN Miniport (ATW)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: America Online, Inc.
Service: wanatw
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/07/2019 04:00:03 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005).

Error: (01/06/2019 09:00:02 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005).

Error: (01/06/2019 02:00:03 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005).

Error: (01/05/2019 07:00:01 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005).

Error: (01/04/2019 12:00:02 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005).

Error: (01/03/2019 05:00:03 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005).

Error: (01/02/2019 10:00:03 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005).

Error: (01/02/2019 03:00:02 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005).


System errors:
=============
Error: (01/06/2019 03:00:48 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a45\??\C:\Windows\AppCompat\Programs\Amcache.hve

Error: (01/06/2019 12:11:42 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a45\??\C:\Windows\AppCompat\Programs\Amcache.hve

Error: (01/05/2019 09:28:24 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (01/05/2019 09:26:15 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (01/05/2019 09:23:00 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:42:43 AM on ‎1/‎5/‎2019 was unexpected.

Error: (12/28/2018 03:28:21 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a45\??\C:\Windows\AppCompat\Programs\Amcache.hve

Error: (12/27/2018 11:43:20 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a45\??\C:\Windows\AppCompat\Programs\Amcache.hve

Error: (12/27/2018 01:19:04 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2017-08-09 03:21:10.763
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{74F44B93-3ABC-47E0-A787-F9B7D736E8E1}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-10-01 23:16:15.220
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

Date: 2016-10-01 23:16:15.217
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source:Signature Update Folder
Signature Type:AntiSpyware
Update Type:Delta
Current Engine Version:
Previous Engine Version:
Error code:0x80070002
Error description:The system cannot find the file specified.

CodeIntegrity:
===================================

Date: 2014-10-15 00:27:41.501
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 00:27:41.501
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 00:27:41.501
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 00:27:41.454
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 00:27:41.454
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 00:27:41.454
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 00:27:41.438
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 00:27:41.438
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Phenom(tm) 8650 Triple-Core Processor
Percentage of memory in use: 58%
Total physical RAM: 5630.49 MB
Available physical RAM: 2349.92 MB
Total Virtual: 11259.13 MB
Available Virtual: 7994.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:355.19 GB) NTFS

\\?\Volume{7782d33a-6747-11e3-95c9-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 94549454)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

Attachments

Last edited by a moderator:

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Messages
4,528
Location
Midlands, UK
PC Experience
Very Experienced
#4
Hi Skyclad,

I added the reports to your post because they're a lot easier to read and check that way.

Step 1
Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\Mike\Downloads .
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

HbL7sAI.png

The tool will make a log in Download folder (Fixlog.txt). Please post this in your next reply.

Step 2
Please reset all browsers to their original settings.

To Reset Firefox
  • At the top of the Firefox window, click the Help menu and select Troubleshooting Information
  • Click the Reset Firefox… button in the upper-right corner of the Troubleshooting Information page.
  • To continue, click Reset Firefox in the confirmation window that opens.
  • Firefox will close and be reset. When it's done, a window will list the information that was imported.
  • Click Finish and Firefox will open.
Note:
After the reset is finished, your old Firefox profile information will be placed on your desktop in a folder named "Old Firefox Data." If the reset didn't fix your problem you can restore some of the information not saved by copying files to the new profile that was created.
If you don't need this folder any longer, you should delete it as it contains sensitive information.

The reset feature works by creating a new profile folder for you while saving your most important data.

Firefox will try to keep the following data:


    • Bookmarks

    • Browsing history

    • Passwords

    • Cookies

    • Web form auto-fill information

    • Personal dictionary

--------------------

Reset IE back to the defaults.
  • Close any Internet Explorer or Windows Explorer windows that are currently open.
  • Open Internet Explorer by clicking the Start button, and then clicking Internet Explorer.
  • Click the Tools button, and then click Internet Options.
  • Click the Advanced tab, and then click Reset.
  • Select the Delete personal settings check box if you would like to remove browsing history, search providers, Accelerators, home pages, and InPrivate Filtering data.
  • In the Reset Internet Explorer Settings dialog box, click Reset.
  • When Internet Explorer finishes applying default settings, click Close, and then click OK.
  • Close Internet Explorer.
  • Your changes will take effect the next time you open Internet Explorer.

-----------------

To reset Google Chrome
  • Click the Menu option button at the top right of the Google Chrome screen
  • Select Settings.
  • Click Show advanced settings and find the "Reset browser settings” section.
  • Click Reset browser settings.
  • In the dialogue that appears, click Reset. Note: When the "Help make Google Chrome better by reporting the current settings" tick box is selected you are anonymously sending Google your Chrome settings.
    Reporting these settings allows us to analyse trends and work to prevent future unwanted settings changes.

Resetting your browser settings will impact the settings below:

Default search engine and saved search engines will be reset and to their original defaults.
Homepage button will be hidden and the URL that you previously set will be removed.
Default startup tabs will be cleared. The browser will show a new tab when you startup or continue where you left off if you're on a Chromebook.
New Tab page will be empty unless you have a version of Chrome with an extension that controls it. In that case your page may be preserved.
Pinned tabs will be unpinned.
Content settings will be cleared and reset to their installation defaults.
Cookies and site data will be cleared.
Extensions and themes will be disabled.

Step 3
Please download RogueKiller Anti-malware (Free) onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on RogueKiller Anti-malware to install the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Select Accept the User Agreement then continue to click Next then finally click Install
  • Click Finish
    .
  • When the program opens..... click Scan

    xlaNP72.png
  • Click Start Scan

    tJMzjQd.png

    kKWieQ3.png
  • Double check anything found and tick to select items to be removed

    xlG6ZkU.png
  • Click Remove Selected
  • When the items have been removed.... Click Open Report >> Open TXT.
  • Copy and paste that report into your next reply.

In your next reply, please submit:
Fixlog.txt
RogueKiller report

Also give me an update on the system.


Thanks.
 

Attachments

Last edited:

Skyclad

FPCH Member
Joined
Aug 30, 2016
Messages
49
PC Experience
Some Experience
#5
Hello Starbuck...
I'm having a bit of a problem here (which I'm honestly a bit embarrassed about.......hence the private message...) with regard to the destination of things that are downloaded. After clicking the fix button once (in step one), there is no fixlog file on desktop (and I cannot find the download folder).. Obviously, it's been awhile since I've delved into this realm.....:/ If you would, please advise on where the download folder is, and for all future downloads how I could set it up so they will go to desktop.. Thanks, and sorry for the trivial questions on my part...
Mike
 

Skyclad

FPCH Member
Joined
Aug 30, 2016
Messages
49
PC Experience
Some Experience
#6
I'm hoping this is what you are asking for, as I'm very rusty these days on following exact instructions.. Thankfully, that is due to nothing significant going wrong here for so long.. Once again, I appreciate all your help Starbuck!! Awaiting further instructions...

RogueKiller Anti-Malware V13.0.21.0 (x64) [Jan 7 2019] (Free) by Adlice Software
mail : Contact - Adlice Software
Website : RogueKiller Anti-Malware Free Download - Official Website
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : Mike [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Standard Scan, Delete -- Date : 2019/01/11 13:05:18 (Duration : 00:47:51)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD} -- [%localappdata%\Google\Chrome\Application\71.0.3578.98\notification_helper.exe] -> Deleted
[PUP.Gen1 (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\MetaStream -- -> Deleted
[PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-4197961188-714576266-808560349-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -- -> Replaced (1)
[PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-4197961188-714576266-808560349-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -- -> Replaced (1)
[PUP.Gen1 (Potentially Malicious)] Viewpoint -- %programdata%\Viewpoint -> Deleted
[PUP.Gen1 (Potentially Malicious)] Viewpoint -- %programfiles(x86)%\Viewpoint -> Deleted
[PUP.Gen1 (Potentially Malicious)] Viewpoint -- %programfiles(x86)%\Viewpoint -> Found
 

Attachments

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Messages
4,528
Location
Midlands, UK
PC Experience
Very Experienced
#7
Hi Skyclad,

The reports look ok.
Are you still getting the popups from 'watchtvnow' ?
 

Skyclad

FPCH Member
Joined
Aug 30, 2016
Messages
49
PC Experience
Some Experience
#8
Hi Starbuck..
I got a couple of popups earlier, but decided to restart and then see what happens.. So far no popps, but I am still in the monitoring phase.. Will be watching this for awhile and hopefully things will be clear after the reboot.. Will definitely be in touch to let you know what is going on.. As usual, I thank you for your help...!
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Messages
4,528
Location
Midlands, UK
PC Experience
Very Experienced
#9
Yes that sounds good, give it a couple of days and then let me know the outcome.
 
Joined
Aug 30, 2016
Messages
49
PC Experience
Some Experience
#10
Hi Starbuck.....
Well, I'm afraid the popups are still there.. More of a nuisance than anything else right now, so not a priority item (I know you are busy with many others).. I would like to get rid of these though at some point.. Just get back in touch whenever is convenient for you to look into this again.... Thanks....!
Skyclad
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Messages
4,528
Location
Midlands, UK
PC Experience
Very Experienced
#13
Hi Skyclad,

It is definitely when the browser is running.
Ok, according to the FRST report you use Chrome as your default browser.
Have you tried running Firefox or IE to see if these popups still occur?

If these popups only occur when the browser is running, there must be an extension or an addon that is causing it.
Let's see if running Chrome in safe mode will put a stop to these.

Running Chrome in safe mode will disable all add-ons & extensions.

Click the Menu button in the top-right corner of the window
Select More Tools and then Extensions.

chromesafe.png

Uncheck all the Enabled check boxes and restart the browser.

If this stops the popups..... you will need to enable the extensions one at a time until you find the one that is causing the problem.
Let me know how this goes, also if the problem occurs when using Firefox or IE.
 
Joined
Aug 30, 2016
Messages
49
PC Experience
Some Experience
#14
Hello Starbuck...
It appears the problem is with Chrome.. I ran Firefox all afternoon yesterday and there was no popups at all..! So, I just accessed the "Extensions" page, and unticked the ones that showed up there.. There was also an option for "details" and "remove".. Do I remove these at this point or is this the part about ticking on back on at a time to ultimately delete with the remove button..? I'm thinking that is what you're indicating, but want to make sure that's the case and the buttons described above are where I delete or remove the problem.. Let me know when convenient.. Thanks as always!
S
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Messages
4,528
Location
Midlands, UK
PC Experience
Very Experienced
#15
Hi Skyclad,

Yes, turn off all extensions and addons using the slide button. (slide it to the left to turn off)

googleext.PNG

When everything is turned off, try surfing with Chrome.
If there's no popups, turn on the the first extension....... surf with Chrome again.
Keep doing this until the popups start.
Then you will know that the last extension activated is the culprit.
This is the one that you remove ( using the remove button).