fixlog.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-08-2016
Ran by Chris (administrator) on MOLLY (05-09-2016 10:26:18)
Running from C:\Users\Chris\Desktop
Loaded Profiles: Chris (Available Profiles: Chris)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Dassault Systèmes) C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Safer-Networking Ltd.) F:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
( ) C:\Program Files\HP\HP UT\bin\hppusg.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Safer-Networking Ltd.) F:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
() F:\Program Files\Avanquest\PowerDesk\PDHookServer.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
() F:\Program Files\Lexmark\ErrorApp\lmab1err.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
() F:\Program Files\Microsoft Office\Office\FINDFAST.EXE
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
() F:\Program Files\Microsoft Office\Office\OSA.EXE
(Avanquest Software) F:\Program Files\Avanquest\PowerDesk\pddlghlp.exe
(Safer-Networking Ltd.) F:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) F:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Users\Chris\AppData\Local\Temp\baa3-a1b4-b569-fe48\uninstall.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [5995152 2012-10-28] (Realtek Semiconductor)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46952 2012-02-01] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [30568 2012-02-01] (Nuance Communications, Inc.)
HKLM\...\Run: [QuickFinder Scheduler] => f:\Program Files\Corel\WordPerfect Office X6\Programs\QFSCHD160.EXE [155592 2012-10-31] (Corel Corporation)
HKLM\...\Run: [HPUsageTracking] => C:\Program Files\HP\HP UT\bin\hppusg.exe [36864 2007-05-03] ( )
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [150208 2014-04-20] (IvoSoft)
HKLM\...\Run: [SDTray] => F:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5343664 2015-07-20] (Acronis)
HKLM\...\Run: [AcronisTibMounterMonitor] => C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [691056 2015-07-20] (Acronis International GmbH)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [408872 2014-08-14] (Acronis)
HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\Run: [PDHookServer] => F:\Program Files\Avanquest\PowerDesk\PDHookServer.exe [60416 2012-12-14] ()
HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\Run: [LMab1err] => F:\Program Files\Lexmark\ErrorApp\lmab1err.exe [645296 2012-08-07] ()
HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\Run: [Spybot-S&D Cleaning] => F:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-18\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
AppInit_DLLs: C:\Windows\system32\FileMonitor32.dll => C:\Windows\system32\FileMonitor32.dll [107520 2012-12-14] ()
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk [2013-10-28]
ShortcutTarget: Microsoft Find Fast.lnk -> F:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk [2013-10-28]
ShortcutTarget: Office Startup.lnk -> F:\Program Files\Microsoft Office\Office\OSA.EXE ()
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dialog Helper.lnk [2013-10-25]
ShortcutTarget: Dialog Helper.lnk -> F:\Program Files\Avanquest\PowerDesk\pddlghlp.exe (Avanquest Software)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 135.19.0.18 70.80.0.66
Tcpip\..\Interfaces\{61A2128C-D99C-413E-B4E8-292F8A12B08D}: [DhcpNameServer] 192.168.0.1 135.19.0.18 70.80.0.66
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\asmcms8v.default-1472575210563
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> F:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> F:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> F:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> F:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Extension: (Print Edit) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\asmcms8v.default-1472575210563\extensions\printedit@DW-dev.xpi [2016-08-30]
FF Extension: (WOT) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\asmcms8v.default-1472575210563\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-09-03]
FF Extension: (Adblock Plus) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\asmcms8v.default-1472575210563\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-08-30]
FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
StartMenuInternet: FIREFOX.EXE - F:\Program Files\Mozilla Firefox\firefox.exe
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [859456 2014-08-14] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3996664 2015-07-31] (Acronis)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [277616 2012-12-14] (Intel Corporation)
R2 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [95232 2015-01-14] (Dassault Systèmes) [File not signed]
S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [1074480 2015-03-01] (Flexera Software LLC)
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-01-02] (Hewlett-Packard Co.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [462048 2012-04-20] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2255128 2015-08-04] (IBM Corp.)
R2 SDScannerService; F:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; F:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; F:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [6847712 2014-09-13] (Acronis)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-13] (Microsoft Corporation)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [214304 2015-03-25] (Acronis International GmbH)
R3 HPFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [9344 2006-04-04] (Hewlett Packard) [File not signed]
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [15680 2012-05-20] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [350016 2012-05-20] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [793920 2012-05-20] (Intel Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-02] (Intel Corporation)
R1 RapportCerberus_1507065; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1507065.sys [555000 2015-09-01] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [292280 2015-08-04] (IBM Corp.)
R0 RapportHades; C:\Windows\System32\Drivers\RapportHades.sys [70168 2015-08-04] (IBM Corp.)
R0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [223000 2015-08-04] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [349816 2015-08-04] (IBM Corp.)
R1 SDHookDriver; F:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
R2 tib; C:\Windows\System32\DRIVERS\tib.sys [685160 2015-07-31] (Acronis International GmbH)
R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [184136 2015-07-31] (Acronis International GmbH)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-05 10:26 - 2016-09-05 10:26 - 00015939 _____ C:\Users\Chris\Desktop\FRST.txt
2016-09-05 10:25 - 2016-09-05 10:26 - 00000000 ____D C:\FRST
2016-09-05 10:24 - 2016-09-05 10:24 - 01747968 _____ (Farbar) C:\Users\Chris\Desktop\FRST.exe
2016-09-05 10:07 - 2016-09-05 10:25 - 00000000 ____D C:\EEK
2016-09-05 09:31 - 2016-09-05 09:32 - 248386808 _____ C:\Users\Chris\Desktop\EmsisoftEmergencyKit.exe
2016-09-05 09:16 - 2016-09-05 09:16 - 00001238 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-09-05 09:16 - 2016-09-05 09:16 - 00000000 ____D C:\Users\Chris\AppData\Local\VS Revo Group
2016-09-05 09:16 - 2016-09-05 09:16 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-09-05 09:16 - 2016-09-05 09:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-09-05 09:16 - 2016-09-05 09:16 - 00000000 ____D C:\Program Files\VS Revo Group
2016-09-05 09:16 - 2009-12-30 11:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2016-09-05 09:14 - 2016-09-05 09:14 - 11374528 _____ (VS Revo Group ) C:\Users\Chris\Desktop\RevoUninProSetup.exe
2016-09-03 22:18 - 2016-09-03 22:18 - 00000836 _____ C:\DelFix.txt
2016-09-01 15:59 - 2016-09-01 15:59 - 00000000 ____D C:\Users\Chris\AppData\Local\ESET
2016-09-01 15:17 - 2016-09-01 15:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-31 12:38 - 2016-08-31 12:38 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MOLLY-Windows-7-Professional-(32-bit).dat
2016-08-31 12:37 - 2016-08-31 12:37 - 00002189 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-08-31 12:37 - 2016-08-31 12:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-08-31 12:37 - 2016-08-31 12:37 - 00000000 ____D C:\Program Files\Tweaking.com
2016-08-31 12:34 - 2016-08-31 12:37 - 00018956 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2016-08-31 12:32 - 2016-08-31 12:32 - 05575304 _____ (Tweaking.com) C:\Users\Chris\Desktop\tweaking.com_registry_backup_setup.exe
2016-08-30 12:40 - 2016-08-30 12:40 - 00000000 ____D C:\Users\Chris\Desktop\Old Firefox Data
2016-08-30 12:11 - 2016-09-05 09:27 - 00000000 ____D C:\ProgramData\yes
2016-08-25 21:50 - 2016-08-25 21:50 - 00000000 _____ C:\Windows\Textart.INI
2016-08-19 07:03 - 2016-07-08 11:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-10 16:00 - 2016-08-02 10:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-10 16:00 - 2016-08-02 02:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-10 16:00 - 2016-08-02 02:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-10 16:00 - 2016-08-02 01:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-10 16:00 - 2016-08-02 01:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-10 16:00 - 2016-08-02 01:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-10 16:00 - 2016-08-02 01:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-10 16:00 - 2016-08-02 01:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-10 16:00 - 2016-08-02 01:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-10 16:00 - 2016-08-02 01:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-10 16:00 - 2016-08-02 01:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-10 16:00 - 2016-08-02 01:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-10 16:00 - 2016-08-02 01:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-10 16:00 - 2016-08-02 01:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-10 16:00 - 2016-08-02 01:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-10 16:00 - 2016-08-02 01:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-10 16:00 - 2016-08-02 01:41 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-10 16:00 - 2016-08-02 01:36 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-10 16:00 - 2016-08-02 01:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-10 16:00 - 2016-08-02 01:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-10 16:00 - 2016-08-02 01:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-10 16:00 - 2016-08-02 01:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-10 16:00 - 2016-08-02 01:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-10 16:00 - 2016-08-02 01:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-10 16:00 - 2016-08-02 01:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-10 16:00 - 2016-08-02 01:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-10 16:00 - 2016-08-02 01:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-10 16:00 - 2016-08-02 01:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-10 16:00 - 2016-08-02 01:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-10 16:00 - 2016-08-02 01:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-10 16:00 - 2016-08-02 01:14 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-10 16:00 - 2016-08-02 01:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-10 16:00 - 2016-08-02 00:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-10 16:00 - 2016-08-02 00:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-10 16:00 - 2016-08-02 00:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-10 16:00 - 2016-07-08 11:22 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-10 16:00 - 2016-07-08 11:22 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-10 16:00 - 2016-07-08 11:16 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-10 16:00 - 2016-07-08 11:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-10 16:00 - 2016-07-08 11:16 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-10 16:00 - 2016-07-08 11:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-10 16:00 - 2016-07-08 11:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-10 16:00 - 2016-07-08 11:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-10 16:00 - 2016-07-08 11:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-10 16:00 - 2016-07-08 11:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-10 16:00 - 2016-07-08 11:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-10 16:00 - 2016-07-08 11:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-10 16:00 - 2016-07-08 11:16 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-10 16:00 - 2016-07-08 11:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-10 16:00 - 2016-07-08 11:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-10 16:00 - 2016-07-08 11:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-10 16:00 - 2016-07-08 11:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-10 16:00 - 2016-07-08 10:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-10 16:00 - 2016-07-08 10:53 - 02399232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-10 16:00 - 2016-07-08 10:51 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-10 16:00 - 2016-07-08 10:51 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-10 16:00 - 2016-07-08 10:51 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-10 16:00 - 2016-07-08 10:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-10 16:00 - 2016-07-08 10:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-10 16:00 - 2016-07-08 10:50 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-05 10:15 - 2013-10-11 22:28 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-05 10:14 - 2013-11-25 10:56 - 00000000 ____D C:\Users\Chris\AppData\Roaming\ClassicShell
2016-09-05 09:59 - 2016-03-15 11:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-05 09:13 - 2010-11-20 17:01 - 00795074 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-05 09:13 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\inf
2016-09-05 09:11 - 2009-07-14 00:34 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-05 09:11 - 2009-07-14 00:34 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-05 09:06 - 2013-10-11 22:28 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-05 09:06 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-05 09:06 - 1997-07-11 00:00 - 00022701 ____H C:\Windows\system32\FFASTLOG.TXT
2016-09-03 14:43 - 2016-04-03 23:32 - 00016444 _____ C:\Users\Chris\Documents\PDF_Log.txt
2016-09-03 01:36 - 2009-07-14 00:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-09-03 00:33 - 2013-11-17 23:41 - 00000000 ____D C:\Users\Chris\Documents\My Scans
2016-09-02 22:48 - 2013-11-03 15:00 - 00000000 ____D C:\Users\Chris\AppData\Local\CutePDF Writer
2016-09-02 19:30 - 2013-10-22 18:58 - 00000000 ____D C:\Users\Chris\AppData\Local\CrashDumps
2016-08-31 22:42 - 2015-09-22 01:33 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-08-31 22:39 - 2013-10-24 14:36 - 00000749 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-08-31 22:39 - 2013-10-24 14:36 - 00000749 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-08-31 22:39 - 2013-10-11 20:27 - 00001164 _____ C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-08-31 22:39 - 2009-07-13 22:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-08-30 13:17 - 2009-07-13 22:04 - 00453324 ____R C:\Windows\system32\Drivers\etc\hosts.20160831-123042.backup
2016-08-27 11:07 - 2013-10-24 14:36 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-08-24 12:30 - 2009-07-13 22:04 - 00453324 ____R C:\Windows\system32\Drivers\etc\hosts.20160830-131752.backup
2016-08-20 15:35 - 2014-02-01 01:20 - 00000000 ____D C:\Users\Chris\AppData\Roaming\HpUpdate
2016-08-19 08:00 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
2016-08-17 12:30 - 2009-07-13 22:04 - 00453324 ____R C:\Windows\system32\Drivers\etc\hosts.20160824-123043.backup
2016-08-10 16:13 - 2009-07-14 00:33 - 00545640 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-10 16:04 - 2013-10-12 16:40 - 00000000 ____D C:\Windows\system32\MRT
2016-08-10 16:01 - 2013-10-12 16:40 - 144884648 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-10 12:30 - 2009-07-13 22:04 - 00453324 ____R C:\Windows\system32\Drivers\etc\hosts.20160817-123042.backup
==================== Files in the root of some directories =======
2015-08-01 10:23 - 2015-08-01 10:23 - 0000059 _____ () C:\Users\Chris\AppData\Roaming\StringRegExpGUIPattern.dat
2013-11-17 23:27 - 2013-11-17 23:27 - 0000093 _____ () C:\Users\Chris\AppData\Local\fusioncache.dat
2013-10-23 09:20 - 2015-09-19 10:24 - 0007607 _____ () C:\Users\Chris\AppData\Local\resmon.resmoncfg
2013-11-17 22:48 - 2015-05-25 11:35 - 0001453 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
C:\Users\Chris\AppData\Local\Temp\libeay32.dll
C:\Users\Chris\AppData\Local\Temp\msvcr120.dll
C:\Users\Chris\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-09-05 10:04
==================== End of FRST.txt ============================