Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Boot script modified, please contact your vendor


  • This topic is locked This topic is locked
2 replies to this topic

#1 hockeymidget8

hockeymidget8

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 22 December 2015 - 02:10 PM

Hello.

 

This is a continuation of the following thread from the "Am I Infected" forum

http://www.bleepingcomputer.com/forums/t/598870/boot-script-modified-please-contact-your-vendor/

 

I am still getting detected files messages from my antivirus programs whenever I start my computer

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015
Ran by Kyle (administrator) on KYLE (22-12-2015 13:49:36)
Running from C:\Users\Kyle\Downloads
Loaded Profiles: Kyle (Available Profiles: Kyle)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
() C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe
() C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(SPEEDbit) C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(VMware) C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(SPEEDbit) C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe
(Dropbox, Inc.) C:\Users\Kyle\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Google Inc.) C:\Users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe
(wifimouse.necta.us) C:\Program Files (x86)\MouseServer\MouseServer.exe
(Pushbullet inc) C:\Program Files (x86)\Pushbullet\pushbullet.exe
(Dropbox, Inc.) C:\Users\Kyle\AppData\Roaming\Dropbox\bin\Dropbox.exe
(EldoS Corporation) C:\Program Files (x86)\SFTP Net Drive\SftpNetDrive.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Pushbullet Inc) C:\Users\Kyle\AppData\Local\Pushbullet\bin\pushbullet_client.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Spotify Ltd) C:\Users\Kyle\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Gibson Ridge Software) C:\Program Files (x86)\GRLevelX\GRLevel3_2\grlevel3.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Deluge Team) C:\Program Files (x86)\Deluge\deluge.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Users\Kyle\Downloads\SecurityCheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Joyent, Inc) C:\Windows\Prey\versions\1.5.0\bin\node.exe
(Fork, Ltd.) C:\Windows\Prey\versions\1.5.0\node_modules\triggers\bin\lightevt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945656 2015-09-04] (Synaptics Incorporated)
HKLM\...\Run: [VMware Netlink 3 HV Install Utility] => C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe [70080 2015-06-16] ()
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-13] (Flexera Software LLC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [602624 2009-03-12] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2020192 2014-06-25] (Wondershare)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707496 2014-06-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2015-04-08] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2015-04-08] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [JunosPulse] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2538328 2015-05-24] (Juniper Networks, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2015-09-03] (Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-827596808-4003253821-3032749543-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-827596808-4003253821-3032749543-1002\...\Run: [Spotify Web Helper] => C:\Users\Kyle\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-13] (Spotify Ltd)
HKU\S-1-5-21-827596808-4003253821-3032749543-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-827596808-4003253821-3032749543-1002\...\Run: [SpeedBitVideoAccelerator] => C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe [1517736 2014-11-08] (SPEEDbit)
HKU\S-1-5-21-827596808-4003253821-3032749543-1002\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-827596808-4003253821-3032749543-1002\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2014-09-19] ()
HKU\S-1-5-21-827596808-4003253821-3032749543-1002\...\Run: [Dropbox Update] => C:\Users\Kyle\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.)
HKU\S-1-5-21-827596808-4003253821-3032749543-1002\...\Run: [Google Update] => C:\Users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-827596808-4003253821-3032749543-1002\...\Run: [MouseServer] => C:\Program Files (x86)\MouseServer\MouseServer.exe [244224 2015-07-28] (wifimouse.necta.us)
HKU\S-1-5-21-827596808-4003253821-3032749543-1002\...\Run: [Spotify] => C:\Users\Kyle\AppData\Roaming\Spotify\Spotify.exe [8387696 2015-12-13] (Spotify Ltd)
HKU\S-1-5-21-827596808-4003253821-3032749543-1002\...\Run: [Pushbullet] => C:\Program Files (x86)\Pushbullet\pushbullet.exe [345600 2015-07-01] (Pushbullet inc)
HKU\S-1-5-21-827596808-4003253821-3032749543-1002\...\Run: [GoogleChromeAutoLaunch_4D99E0C0654F17BEAD4FE562E57A92D1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [799560 2015-12-11] (Google Inc.)
HKU\S-1-5-21-827596808-4003253821-3032749543-1002\...\MountPoints2: {375faef0-342c-11e5-bf0d-a0481ccfb1be} - "E:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Kyle\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Kyle\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Kyle\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00ExpanDriveExt1] -> {C955792B-31A0-4791-9DDE-0A9A57411C16} => C:\Program Files (x86)\ExpanDrive\ExpanDriveOverlays.x64.dll No File
ShellIconOverlayIdentifiers: [00ExpanDriveExt2] -> {C955792C-31A0-4791-9DDE-0A9A57411C16} => C:\Program Files (x86)\ExpanDrive\ExpanDriveOverlays.x64.dll No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Kyle\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Kyle\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Kyle\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [00ExpanDriveExt1] -> {C955792B-31A0-4791-9DDE-0A9A57411C16} => C:\Program Files (x86)\ExpanDrive\ExpanDriveOverlays.x64.dll No File
ShellIconOverlayIdentifiers-x32: [00ExpanDriveExt2] -> {C955792C-31A0-4791-9DDE-0A9A57411C16} => C:\Program Files (x86)\ExpanDrive\ExpanDriveOverlays.x64.dll No File
ShellIconOverlayIdentifiers-x32: [01InsyncSynced] -> {79168b3f-9ed7-4209-a2ef-835c56a4c0dc} =>  No File
ShellIconOverlayIdentifiers-x32: [02InsyncSyncing] -> {8896d747-f2a9-4527-928d-df152fdf73d7} =>  No File
ShellIconOverlayIdentifiers-x32: [03InsyncError] -> {06E10739-B8D0-41A4-B4A1-A9A4220003B2} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\Kyle\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SFTP Net Drive Free.lnk [2015-01-17]
ShortcutTarget: SFTP Net Drive Free.lnk -> C:\Program Files (x86)\SFTP Net Drive\SftpNetDrive.exe (EldoS Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5-x64 09 C:\WINDOWS\system32\wlidnsp.dll [76288 2015-07-10] (Microsoft Corporation)
Winsock: Catalog5-x64 10 C:\WINDOWS\system32\wlidnsp.dll [76288 2015-07-10] (Microsoft Corporation)
Hosts: 127.0.0.1 nlsk.neulion.com
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{0A9A606E-FB27-4874-8CEE-A0A7CCD977B1}: [DhcpNameServer] 129.82.103.78 129.82.103.91
Tcpip\..\Interfaces\{513567c3-b0bc-4b40-8d21-4d2768b8a1e2}: [DhcpNameServer] 66.1.32.132 66.1.36.132
Tcpip\..\Interfaces\{6d8dd44a-b54f-4d3e-b5b2-28304bfcd113}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c424e80f-9ebc-4a96-8c34-feb70dd32608}: [NameServer] 208.67.222.222,75.75.76.76
Tcpip\..\Interfaces\{c424e80f-9ebc-4a96-8c34-feb70dd32608}: [DhcpNameServer] 75.75.76.76 75.75.75.75
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-827596808-4003253821-3032749543-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-827596808-4003253821-3032749543-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-827596808-4003253821-3032749543-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-22] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-22] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-13] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-13] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-827596808-4003253821-3032749543-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\ndlrwz8b.default
FF SelectedSearchEngine: Yahoo!
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2014-12-11] (Adobe Systems, Inc.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-04-08] (Citrix Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll [2012-07-18] (Nuance Communications Inc.)
FF Plugin HKU\S-1-5-21-827596808-4003253821-3032749543-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-827596808-4003253821-3032749543-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Kyle\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-827596808-4003253821-3032749543-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kyle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-30] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-12-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-12-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-12-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-12-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-12-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Kyle\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-02-19] (Cisco WebEx LLC)
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012-07-18] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.engin.umich.edu/caen","hxxp://www.umich.edu/~sites/ccs"
CHR Profile: C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Cast) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-12-17]
CHR Extension: (Adblock Plus) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-27]
CHR Extension: (Pushbullet) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-12-19]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2015-12-22]
CHR Extension: (Google Search) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (imgur Extension by Metronomik) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao [2015-12-19]
CHR Extension: (Google Calendar) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-14]
CHR Extension: (Tools for Google Maps™) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljpanecjjlonmoiofelcmkkpojcalcb [2015-11-27]
CHR Extension: (Google Sheets) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Shield For Chrome ) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gceighgadbamgchioaofojlblndjcggh [2014-01-29]
CHR Extension: (Google Docs Offline) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (AdBlock) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-05]
CHR Extension: (TeX for Gmail) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjnmclkoadjdljnfmbnnhaahilafoeji [2015-10-20]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2015-10-14]
CHR Extension: (Wolfram
Alpha (Official)) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp [2014-01-06]
CHR Extension: (Dropbox) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-06-30]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-02-19]
CHR Extension: (Chrometana - Redirect Bing Somewhere Better) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaicbfmipfpfpjmlbpejaoaflfdnabnc [2015-08-07]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-01-03]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07]
CHR Extension: (Google Maps) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-20]
CHR Extension: (Lazarus: Form Recovery) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2014-10-05]
CHR Extension: (Boomerang for Gmail) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2015-08-11]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-04-23]
CHR Extension: (AdSweep) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\milkhonmecplandlkfbjplfbdenjlkmp [2013-12-30]
CHR Extension: (Google Hangouts) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-12-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29]
CHR Extension: (Better History) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb [2015-12-19]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2015-11-27]
CHR Extension: (LongURL) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\oldnehmjgfcannmkgkojafngdkhfkdpd [2013-12-30]
CHR Extension: (Gmail) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR HKU\S-1-5-21-827596808-4003253821-3032749543-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2012-07-18]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2015-08-07] (Microsoft Corporation)
R2 CronService; c:\WINDOWS\Prey\wpxsvc.exe [611854 2015-10-13] (Fork, Ltd.) [File not signed]
R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [226240 2015-06-16] ()
R2 ftscanmgr; C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe [6363792 2015-07-31] ()
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [777744 2015-10-29] (Garmin Ltd. or its subsidiaries)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
S2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2015-09-03] (Hewlett-Packard Development Company, L.P.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
R2 VideoAcceleratorService; C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe [298152 2014-11-08] (SPEEDbit)
R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [1156824 2015-07-31] (VMware, Inc.)
R2 vmwsprrdpwks; C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [261776 2015-05-08] (VMware)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [533208 2015-08-19] (VMware, Inc.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [228032 2014-08-08] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
S1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R1 cbfs4-0; C:\Program Files (x86)\SFTP Net Drive\cbfs4.sys [387776 2013-10-25] (EldoS Corporation)
S3 facap; C:\Windows\system32\DRIVERS\facap.sys [37888 2012-09-03] (Windows ® Win 7 DDK provider)
S1 gcquhnen; C:\WINDOWS\system32\drivers\gcquhnen.sys [55168 2015-12-20] (Microsoft Corporation)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R1 jnprns; C:\Windows\system32\DRIVERS\jnprns.sys [507192 2014-12-16] (Juniper Networks)
S4 jnprTdi_8011_56747; C:\WINDOWS\system32\Drivers\jnprTdi_8011_56747.sys [108344 2015-05-24] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\System32\drivers\jnprva.sys [30072 2014-12-16] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\System32\drivers\jnprvamgr.sys [45352 2014-12-16] (Juniper Networks, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1219200 2015-06-03] (Ralink Technology, Corp.)
S3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [42184 2015-09-04] (Synaptics Incorporated)
R3 tapklink; C:\Windows\System32\drivers\tapklink.sys [31232 2011-10-23] (Faveset LLC)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [52592 2014-06-10] (Cisco Systems, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-22 13:49 - 2015-12-22 13:51 - 00041633 _____ C:\Users\Kyle\Downloads\FRST.txt
2015-12-22 13:49 - 2015-12-22 13:49 - 00000000 ____D C:\FRST
2015-12-22 13:48 - 2015-12-22 13:48 - 02370560 _____ (Farbar) C:\Users\Kyle\Downloads\FRST64.exe
2015-12-22 13:32 - 2015-12-22 13:34 - 00000000 ____D C:\Users\Kyle\Downloads\Wayward.Pines.Season.1.720p.WEB.HD.x265.ShAaNiG
2015-12-22 13:31 - 2015-12-22 13:52 - 00000000 ____D C:\Users\Kyle\Downloads\Orange Is The New Black Season 1 Complete 480p HDTV x264 [Multi-Sub] [DexzAery]
2015-12-22 13:31 - 2015-12-22 13:47 - 00000000 ____D C:\Users\Kyle\Downloads\Gotham Season 1 HDTV.XviD[Pawulon]
2015-12-22 13:28 - 2015-12-22 13:28 - 00016148 _____ C:\WINDOWS\system32\KYLE_Kyle_HistoryPrediction.bin
2015-12-22 11:30 - 2015-12-22 13:34 - 00000000 ____D C:\Users\Kyle\Downloads\Fargo.S01.720p.HDTV.x264.ShAaNiG
2015-12-22 11:29 - 2015-12-22 11:29 - 00024639 _____ C:\Users\Kyle\Downloads\[kat.cr]fargo.season.1.720p.hdtv.x264.shaanig.torrent
2015-12-22 11:27 - 2015-12-22 11:27 - 00019216 _____ C:\Users\Kyle\Downloads\[kat.cr]wayward.pines.season.1.720p.web.hd.x265.hevc.shaanig.torrent
2015-12-22 11:18 - 2015-12-22 11:18 - 00852720 _____ C:\Users\Kyle\Downloads\SecurityCheck.exe
2015-12-22 11:17 - 2015-12-22 11:17 - 00891392 _____ (Farbar) C:\Users\Kyle\Downloads\MiniToolBox (1).exe
2015-12-22 11:15 - 2015-12-22 11:15 - 00012382 _____ C:\Users\Kyle\Downloads\[kat.cr]bobs.burgers.the.complete.season.2.720p.torrent
2015-12-21 17:00 - 2015-12-21 17:00 - 00768885 _____ C:\Users\Kyle\Downloads\Fall2015FinalReport.pdf
2015-12-20 15:04 - 2015-12-20 15:04 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gcquhnen.sys
2015-12-19 13:05 - 2015-12-19 13:05 - 00016899 _____ C:\Users\Kyle\Downloads\Copy of StudentHousingList_2016 (1).xlsx
2015-12-19 13:04 - 2015-12-19 13:04 - 00016095 _____ C:\Users\Kyle\Downloads\2016EmbassySuitesconfirmed (1).xlsx
2015-12-19 13:03 - 2015-12-19 13:03 - 00016899 _____ C:\Users\Kyle\Downloads\Copy of StudentHousingList_2016.xlsx
2015-12-19 13:03 - 2015-12-19 13:03 - 00016095 _____ C:\Users\Kyle\Downloads\2016EmbassySuitesconfirmed.xlsx
2015-12-19 12:46 - 2015-12-19 12:46 - 05111240 _____ (Piriform Ltd) C:\Users\Kyle\Downloads\spsetup129.exe
2015-12-19 12:46 - 2015-12-19 12:46 - 00000844 _____ C:\Users\Public\Desktop\Speccy.lnk
2015-12-19 12:46 - 2015-12-19 12:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2015-12-19 12:46 - 2015-12-19 12:46 - 00000000 ____D C:\Program Files\Speccy
2015-12-19 12:35 - 2015-12-19 12:35 - 00002517 _____ C:\Users\Kyle\Desktop\JRT.txt
2015-12-19 12:21 - 2015-12-19 12:21 - 01599336 _____ (Malwarebytes) C:\Users\Kyle\Downloads\JRT.exe
2015-12-19 11:50 - 2015-12-19 11:50 - 00000000 ____D C:\Users\Public\Documents\SPEEDbit
2015-12-19 11:14 - 2015-12-19 11:47 - 00000000 ____D C:\AdwCleaner
2015-12-18 17:21 - 2015-12-18 17:21 - 00000338 _____ C:\WINDOWS\Tasks\HPCeeScheduleForKyle.job
2015-12-18 11:35 - 2015-12-19 11:14 - 01740288 _____ C:\Users\Kyle\Downloads\AdwCleaner.exe
2015-12-18 11:33 - 2015-12-19 11:08 - 00000000 ____D C:\KVRT_Data
2015-12-18 11:30 - 2015-12-18 11:33 - 94839624 _____ (Kaspersky Lab ZAO) C:\Users\Kyle\Downloads\KVRT.exe
2015-12-18 11:26 - 2015-12-18 11:26 - 00000000 ___HD C:\OneDriveTemp
2015-12-17 11:59 - 2015-12-17 11:59 - 00002776 _____ C:\Users\Kyle\Downloads\FSS.txt
2015-12-17 11:58 - 2015-12-17 11:58 - 00415744 _____ (Farbar) C:\Users\Kyle\Downloads\FSS (1).exe
2015-12-17 10:27 - 2015-12-17 10:27 - 00415744 _____ (Farbar) C:\Users\Kyle\Downloads\FSS.exe
2015-12-16 19:55 - 2015-12-16 19:55 - 00016602 _____ C:\Users\Kyle\Downloads\[kat.cr]unbreakable.kimmy.schmidt.s01.season.1.webrip.480p.x264.aac.e.subs.gwc.torrent
2015-12-15 17:53 - 2015-12-15 17:54 - 09389088 _____ C:\Users\Kyle\Downloads\L7-Propositional+Inference (2).pdf
2015-12-14 17:36 - 2015-12-14 17:36 - 06071658 _____ C:\Users\Kyle\Downloads\SLS14_TornadoWall_Poster.pdf
2015-12-13 17:58 - 2015-12-13 17:58 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\GRLevelX
2015-12-13 17:57 - 2015-12-13 17:57 - 03748984 _____ ( ) C:\Users\Kyle\Downloads\gr2analyst_2_update_hi_dpi.exe
2015-12-13 14:51 - 2015-12-13 14:51 - 04468224 _____ C:\Users\Kyle\Downloads\AOSS380++Lecture15 (1).ppt
2015-12-13 13:27 - 2015-12-13 13:27 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Kyle\Downloads\iExplore.exe
2015-12-13 13:23 - 2015-12-13 13:30 - 00002864 _____ C:\Users\Kyle\Desktop\Rkill.txt
2015-12-13 13:23 - 2015-12-13 13:23 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Kyle\Downloads\rkill.exe
2015-12-13 13:23 - 2015-12-13 13:23 - 01107912 _____ (Bleeping Computer, LLC) C:\Users\Kyle\Downloads\rkill64.exe
2015-12-13 13:23 - 2015-12-13 13:23 - 00000000 ____D C:\Users\Kyle\Desktop\rkill
2015-12-13 13:22 - 2015-12-22 11:18 - 00040731 _____ C:\Users\Kyle\Downloads\MTB.txt
2015-12-13 13:21 - 2015-12-13 13:22 - 00891392 _____ (Farbar) C:\Users\Kyle\Downloads\MiniToolBox.exe
2015-12-13 13:19 - 2015-12-13 13:19 - 16469504 _____ C:\Users\Kyle\Downloads\AOSS380+Lecture16.ppt
2015-12-13 13:19 - 2015-12-13 13:19 - 04468224 _____ C:\Users\Kyle\Downloads\AOSS380++Lecture15.ppt
2015-12-11 20:23 - 2015-12-11 20:23 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-11 18:59 - 2015-12-11 18:59 - 00071324 _____ C:\Users\Kyle\Downloads\CSUAppUpdateForm.pdf
2015-12-11 18:58 - 2015-12-11 18:58 - 00071324 _____ C:\Users\Kyle\Downloads\CSUAppUpdateForm.2.pdf
2015-12-11 18:58 - 2015-12-11 18:58 - 00034752 _____ C:\Users\Kyle\Downloads\CSUAppUpdateForm.1.pdf
2015-12-11 18:41 - 2015-12-11 18:41 - 00077835 _____ C:\Users\Kyle\Downloads\GS1C.pdf
2015-12-10 18:27 - 2015-12-22 13:33 - 00000000 ____D C:\Users\Kyle\Downloads\Marvels.Jessica.Jones.Season.1.720p.WEBRiP.x265.ShAaNiG
2015-12-10 18:23 - 2015-12-10 18:23 - 00017728 _____ C:\Users\Kyle\Downloads\[kat.cr]marvels.jessica.jones.full.season.1.720p.webrip.x265.hevc.shaanig.torrent
2015-12-10 14:07 - 2015-12-20 14:49 - 00000000 ____D C:\Users\Kyle\AppData\Local\Pushbullet
2015-12-10 14:07 - 2015-12-10 14:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pushbullet
2015-12-10 14:07 - 2015-12-10 14:07 - 00000000 ____D C:\Program Files (x86)\Pushbullet
2015-12-10 14:06 - 2015-12-10 14:06 - 01737872 _____ (Pushbullet Inc ) C:\Users\Kyle\Downloads\pushbullet_installer.exe
2015-12-09 22:02 - 2015-12-09 22:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2016a
2015-12-09 22:00 - 2015-12-22 13:10 - 00000554 _____ C:\WINDOWS\Tasks\MATLAB R2016a Startup Accelerator.job
2015-12-09 22:00 - 2015-12-09 22:00 - 00003824 _____ C:\WINDOWS\System32\Tasks\MATLAB R2016a Startup Accelerator
2015-12-09 11:09 - 2015-12-09 11:10 - 00000000 ____D C:\Users\Kyle\Downloads\_temp_matlab_R2016a_Prerelease_win64
2015-12-09 11:08 - 2015-12-09 11:09 - 99272984 _____ C:\Users\Kyle\Downloads\matlab_R2016a_Prerelease_win64.exe
2015-12-08 18:18 - 2015-12-01 02:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-08 18:18 - 2015-12-01 01:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2015-12-08 18:18 - 2015-12-01 00:54 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-12-08 18:18 - 2015-12-01 00:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-12-08 18:18 - 2015-11-30 23:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-12-08 18:18 - 2015-11-25 00:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-12-08 18:18 - 2015-11-25 00:42 - 00168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2015-12-08 18:18 - 2015-11-25 00:41 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-08 18:18 - 2015-11-25 00:40 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-08 18:18 - 2015-11-25 00:33 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-08 18:18 - 2015-11-25 00:32 - 00113184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2015-12-08 18:18 - 2015-11-25 00:27 - 01366680 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-08 18:18 - 2015-11-25 00:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-12-08 18:18 - 2015-11-25 00:11 - 01532984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-08 18:18 - 2015-11-25 00:09 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-08 18:18 - 2015-11-25 00:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-08 18:18 - 2015-11-24 23:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2015-12-08 18:18 - 2015-11-24 23:49 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-08 18:18 - 2015-11-24 23:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-12-08 18:18 - 2015-11-24 23:49 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-08 18:18 - 2015-11-24 23:49 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2015-12-08 18:18 - 2015-11-24 23:48 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll
2015-12-08 18:18 - 2015-11-24 23:48 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll
2015-12-08 18:18 - 2015-11-24 23:44 - 21872640 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-08 18:18 - 2015-11-24 23:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-08 18:18 - 2015-11-24 23:37 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-08 18:18 - 2015-11-24 23:36 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-08 18:18 - 2015-11-24 23:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-12-08 18:18 - 2015-11-24 23:35 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-08 18:18 - 2015-11-24 23:35 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2015-12-08 18:18 - 2015-11-24 23:34 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-08 18:18 - 2015-11-24 23:31 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
2015-12-08 18:18 - 2015-11-24 23:30 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
2015-12-08 18:18 - 2015-11-24 23:30 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-08 18:18 - 2015-11-24 23:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2015-12-08 18:18 - 2015-11-24 23:29 - 01649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-08 18:18 - 2015-11-24 23:29 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2015-12-08 18:18 - 2015-11-24 23:28 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-08 18:18 - 2015-11-24 23:28 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-08 18:18 - 2015-11-24 23:27 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-12-08 18:18 - 2015-11-24 23:26 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-12-08 18:18 - 2015-11-24 23:26 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-08 18:18 - 2015-11-24 23:25 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-12-08 18:18 - 2015-11-24 23:25 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2015-12-08 18:18 - 2015-11-24 23:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-08 18:18 - 2015-11-24 23:23 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-08 18:18 - 2015-11-24 23:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-08 18:18 - 2015-11-24 23:22 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-08 18:18 - 2015-11-24 23:22 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-08 18:18 - 2015-11-24 23:22 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2015-12-08 18:18 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-08 18:18 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-08 18:18 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-08 18:18 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-08 18:18 - 2015-11-24 23:19 - 01795584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-12-08 18:18 - 2015-11-24 23:19 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-12-08 18:18 - 2015-11-24 23:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-08 18:18 - 2015-11-24 23:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-08 18:18 - 2015-11-24 23:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-08 18:18 - 2015-11-24 23:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2015-12-08 18:18 - 2015-11-24 23:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-08 18:18 - 2015-11-24 23:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2015-12-08 18:18 - 2015-11-24 23:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-08 18:18 - 2015-11-24 23:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-08 18:18 - 2015-11-24 23:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-08 18:18 - 2015-11-24 23:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-08 18:18 - 2015-11-24 23:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-12-08 18:18 - 2015-11-24 23:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2015-12-08 18:18 - 2015-11-24 23:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-08 18:18 - 2015-11-24 23:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-08 18:18 - 2015-11-24 23:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll
2015-12-08 18:18 - 2015-11-24 23:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-08 18:18 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-08 18:18 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-08 18:18 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-08 18:18 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-08 18:18 - 2015-11-24 21:52 - 00775312 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-08 18:18 - 2015-11-24 21:52 - 00775312 _____ C:\WINDOWS\system32\locale.nls
2015-12-08 18:17 - 2015-12-01 00:49 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-08 18:17 - 2015-12-01 00:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-06 15:43 - 2015-12-06 15:43 - 01404107 _____ C:\Users\Kyle\Downloads\Frames.zip
2015-12-02 18:41 - 2015-12-02 18:43 - 125177965 _____ C:\Users\Kyle\Downloads\The White Panda - The Pawprint.zip
2015-12-02 17:50 - 2015-12-02 17:50 - 00001491 _____ C:\Users\Kyle\Downloads\Q2-1.m
2015-12-02 04:05 - 2015-12-02 04:05 - 00000862 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-827596808-4003253821-3032749543-1002Core1d12ce08714582d.job
2015-12-01 15:09 - 2015-12-01 15:09 - 00897390 _____ C:\Users\Kyle\Downloads\Schneider_1992.pdf
2015-12-01 14:58 - 2015-12-01 14:58 - 00017239 _____ C:\Users\Kyle\Downloads\Course Project Topics and Times.pdf
2015-12-01 14:49 - 2015-12-01 14:49 - 00271576 _____ C:\WINDOWS\Minidump\120115-56375-01.dmp
2015-11-30 13:51 - 2015-11-30 13:51 - 00097892 _____ C:\Users\Kyle\Downloads\syllabus (1).pdf
2015-11-23 18:17 - 2015-11-23 18:17 - 06559760 _____ C:\Users\Kyle\Downloads\lec10.pdf
2015-11-23 18:17 - 2015-11-23 18:17 - 04929015 _____ C:\Users\Kyle\Downloads\lec11.pdf
2015-11-23 11:56 - 2015-12-15 12:02 - 00000000 ____D C:\ProgramData\TEMP
2015-11-22 23:08 - 2015-11-22 23:08 - 02382736 _____ ( ) C:\Users\Kyle\Downloads\grlevel3_2_update (4).exe
2015-11-22 14:51 - 2015-11-22 14:51 - 00000000 ____D C:\Users\Kyle\.pdfsam
2015-11-22 14:38 - 2015-11-22 14:38 - 00554573 _____ C:\Users\Kyle\Downloads\Artificial Intelligence A Modern Approach 3rd Edition-645-684.pdf
2015-11-22 14:37 - 2015-11-22 14:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge Basic
2015-11-22 14:37 - 2015-11-22 14:37 - 00000000 ____D C:\Program Files (x86)\PDF Split And Merge Basic
2015-11-22 14:34 - 2015-11-22 14:34 - 16407552 _____ C:\Users\Kyle\Downloads\pdfsam-v2_2_4.msi
2015-11-22 10:46 - 2015-11-22 10:46 - 00000000 ____D C:\Program Files\Common Files\EPSON
2015-11-22 10:45 - 2015-11-22 10:46 - 00000000 ____D C:\ProgramData\EPSON
2015-11-22 10:45 - 2015-11-22 10:45 - 00118784 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_YLMHWA.DLL
2015-11-22 10:45 - 2015-11-22 10:45 - 00083456 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_YD4BHWA.DLL
2015-11-22 10:45 - 2015-11-22 10:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-22 13:49 - 2015-07-10 04:05 - 00000000 ____D C:\Windows
2015-12-22 13:27 - 2014-11-13 21:22 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cfffb1e5df2574.job
2015-12-22 13:22 - 2013-12-30 14:46 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-22 13:15 - 2015-10-13 17:23 - 00000000 ____D C:\WINDOWS\Prey
2015-12-22 13:11 - 2015-02-03 15:15 - 00000554 _____ C:\WINDOWS\Tasks\MATLAB R2015a Startup Accelerator.job
2015-12-22 13:10 - 2015-09-09 20:34 - 00000554 _____ C:\WINDOWS\Tasks\MATLAB R2015b Startup Accelerator.job
2015-12-22 13:09 - 2014-10-10 20:09 - 00000554 _____ C:\WINDOWS\Tasks\MATLAB R2014b Startup Accelerator.job
2015-12-22 13:09 - 2014-01-12 21:56 - 00000554 _____ C:\WINDOWS\Tasks\MATLAB R2014a Startup Accelerator.job
2015-12-22 12:59 - 2014-06-08 13:50 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-22 12:52 - 2014-10-07 21:43 - 00000000 ____D C:\Program Files (x86)\Hp
2015-12-22 12:52 - 2012-08-03 19:02 - 00000000 ____D C:\SWSetup
2015-12-22 12:23 - 2015-08-07 01:21 - 00968010 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-22 12:23 - 2015-07-10 06:02 - 00000000 ____D C:\WINDOWS\INF
2015-12-22 12:21 - 2015-06-07 01:08 - 00000000 ____D C:\Users\Kyle\AppData\Local\CrashDumps
2015-12-22 12:21 - 2014-05-26 21:24 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\vlc
2015-12-22 12:19 - 2015-08-24 12:31 - 00000000 ____D C:\Users\Kyle\Documents\TV
2015-12-22 11:20 - 2015-07-10 06:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-22 11:20 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-22 01:20 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-22 01:19 - 2014-08-31 14:11 - 00000000 ____D C:\Users\Kyle\AppData\Local\Spotify
2015-12-22 01:14 - 2014-08-31 14:10 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Spotify
2015-12-21 12:17 - 2013-12-30 17:02 - 00000000 ____D C:\Users\Kyle\AppData\Local\GRLevel3_2
2015-12-20 15:05 - 2014-01-24 18:21 - 00000000 ____D C:\Users\Kyle\Documents\Youcam
2015-12-20 15:04 - 2014-11-02 18:16 - 00003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2015-12-20 14:54 - 2014-01-25 18:23 - 00000000 ___RD C:\Users\Kyle\Dropbox
2015-12-20 14:53 - 2014-01-25 18:18 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Dropbox
2015-12-20 14:53 - 2014-01-02 12:35 - 00000000 __RDO C:\Users\Kyle\SkyDrive
2015-12-20 14:52 - 2013-12-30 16:07 - 00000000 ___RD C:\Users\Kyle\Google Drive
2015-12-20 14:49 - 2013-12-30 14:46 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-20 14:48 - 2014-11-13 21:22 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfffb1e2d3edd4.job
2015-12-20 14:47 - 2015-08-07 01:23 - 00000000 ____D C:\Users\Kyle
2015-12-20 14:45 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-20 12:12 - 2013-12-30 14:39 - 00000000 ____D C:\Users\Kyle\AppData\Local\Packages
2015-12-19 14:29 - 2014-11-21 19:49 - 00000000 ____D C:\Users\Kyle\Downloads\PopcornTime
2015-12-19 11:49 - 2015-07-10 04:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-19 11:49 - 2014-12-29 18:11 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2015-12-19 11:05 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-12-18 11:24 - 2015-10-30 04:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-18 04:56 - 2015-08-07 05:14 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-18 04:47 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Registration
2015-12-18 04:45 - 2014-01-02 00:46 - 00036198 _____ C:\WINDOWS\diagwrn.xml
2015-12-18 04:45 - 2014-01-02 00:46 - 00036198 _____ C:\WINDOWS\diagerr.xml
2015-12-16 19:59 - 2015-08-24 14:10 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\deluge
2015-12-16 15:24 - 2013-12-30 14:47 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-15 16:46 - 2014-10-01 19:31 - 00000600 _____ C:\Users\Kyle\AppData\Roaming\winscp.rnd
2015-12-15 12:01 - 2014-05-15 20:20 - 00000000 ____D C:\Users\Kyle\AppData\Local\GR2Analyst_2
2015-12-13 14:38 - 2015-08-07 10:14 - 00002402 _____ C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-12 12:35 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2015-12-11 14:50 - 2015-02-07 15:24 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-11 14:49 - 2014-12-23 09:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-11 14:49 - 2014-12-23 09:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-11 14:49 - 2014-01-22 20:16 - 00001178 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-11 14:32 - 2015-07-10 07:20 - 00381104 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-11 10:26 - 2015-01-14 10:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-11 10:26 - 2015-01-14 10:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-11 05:14 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-11 05:10 - 2015-07-10 04:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-10 15:41 - 2014-01-04 14:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-10 15:40 - 2014-11-02 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-12-10 15:24 - 2015-01-14 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-10 15:18 - 2013-12-31 23:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-10 14:52 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-10 14:52 - 2013-12-31 23:16 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-09 22:00 - 2014-10-10 20:10 - 00000000 ____D C:\ProgramData\MathWorks
2015-12-09 11:12 - 2014-01-12 20:51 - 00000000 ____D C:\Users\Kyle\Downloads\MathWorks
2015-12-09 11:12 - 2014-01-12 20:51 - 00000000 ____D C:\Program Files\MATLAB
2015-12-08 22:39 - 2015-08-18 12:28 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-02 21:55 - 2014-01-16 15:29 - 00000600 _____ C:\Users\Kyle\AppData\Local\PUTTY.RND
2015-12-02 18:33 - 2014-10-19 12:07 - 00000000 ____D C:\Users\Kyle\Documents\MATLAB
2015-12-02 04:22 - 2014-11-13 21:22 - 00004004 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1cfffb1e5df2574
2015-12-02 04:22 - 2014-11-13 21:22 - 00003772 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1cfffb1e2d3edd4
2015-12-02 04:05 - 2015-09-17 16:26 - 00000862 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-827596808-4003253821-3032749543-1002Core1d0f18f8aed33ab.job
2015-12-01 14:49 - 2015-10-17 22:20 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-01 14:48 - 2014-01-24 10:36 - 167306080 _____ C:\WINDOWS\MEMORY.DMP
2015-11-30 19:32 - 2015-10-04 02:38 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-30 19:32 - 2015-10-04 02:38 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-27 19:21 - 2015-11-13 12:31 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-25 21:24 - 2013-12-30 15:34 - 00002122 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-11-25 21:24 - 2013-12-30 15:34 - 00002120 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-11-25 21:24 - 2013-12-30 15:34 - 00002110 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-11-25 21:24 - 2013-12-30 15:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-11-22 23:58 - 2014-03-22 14:12 - 00000259 _____ C:\Users\Kyle\AppData\Local\kclientgui.ini
2015-11-22 22:38 - 2013-12-30 16:55 - 00000000 ____D C:\Program Files (x86)\GRLevelX
 
==================== Files in the root of some directories =======
 
2015-03-04 18:08 - 2015-10-14 20:44 - 0000600 _____ () C:\Users\Kyle\AppData\Roaming\PUTTY.RND
2014-10-01 19:31 - 2015-12-15 16:46 - 0000600 _____ () C:\Users\Kyle\AppData\Roaming\winscp.rnd
2014-03-22 14:12 - 2015-11-22 23:58 - 0000259 _____ () C:\Users\Kyle\AppData\Local\kclientgui.ini
2014-01-16 15:29 - 2015-12-02 21:55 - 0000600 _____ () C:\Users\Kyle\AppData\Local\PUTTY.RND
2015-11-12 14:48 - 2015-11-12 14:48 - 0001650 _____ () C:\Users\Kyle\AppData\Local\recently-used.xbel
 
Files to move or delete:
====================
C:\Users\Kyle\flight.js
 
 
Some files in TEMP:
====================
C:\Users\Kyle\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpljpkfp.dll
C:\Users\Kyle\AppData\Local\Temp\Extract.exe
C:\Users\Kyle\AppData\Local\Temp\SP71716.exe
C:\Users\Kyle\AppData\Local\Temp\SP71811.exe
C:\Users\Kyle\AppData\Local\Temp\SP71829.exe
C:\Users\Kyle\AppData\Local\Temp\SP73232.exe
C:\Users\Kyle\AppData\Local\Temp\SP73248.exe
C:\Users\Kyle\AppData\Local\Temp\sqlite3.dll
C:\Users\Kyle\AppData\Local\Temp\update.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-20 02:54
 
==================== End of FRST.txt ============================
 
 
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:47 AM

Posted 23 December 2015 - 02:32 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
ShellIconOverlayIdentifiers: [00ExpanDriveExt1] -> {C955792B-31A0-4791-9DDE-0A9A57411C16} => C:\Program Files (x86)\ExpanDrive\ExpanDriveOverlays.x64.dll No File
ShellIconOverlayIdentifiers: [00ExpanDriveExt2] -> {C955792C-31A0-4791-9DDE-0A9A57411C16} => C:\Program Files (x86)\ExpanDrive\ExpanDriveOverlays.x64.dll No File
ShellIconOverlayIdentifiers-x32: [00ExpanDriveExt1] -> {C955792B-31A0-4791-9DDE-0A9A57411C16} => C:\Program Files (x86)\ExpanDrive\ExpanDriveOverlays.x64.dll No File
ShellIconOverlayIdentifiers-x32: [00ExpanDriveExt2] -> {C955792C-31A0-4791-9DDE-0A9A57411C16} => C:\Program Files (x86)\ExpanDrive\ExpanDriveOverlays.x64.dll No File
ShellIconOverlayIdentifiers-x32: [01InsyncSynced] -> {79168b3f-9ed7-4209-a2ef-835c56a4c0dc} =>  No File
ShellIconOverlayIdentifiers-x32: [02InsyncSyncing] -> {8896d747-f2a9-4527-928d-df152fdf73d7} =>  No File
ShellIconOverlayIdentifiers-x32: [03InsyncError] -> {06E10739-B8D0-41A4-B4A1-A9A4220003B2} =>  No File
Toolbar: HKU\S-1-5-21-827596808-4003253821-3032749543-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
S1 gcquhnen; C:\WINDOWS\system32\drivers\gcquhnen.sys [55168 2015-12-20] (Microsoft Corporation)
C:\Program Files (x86)\Popcorn Time
C:\WINDOWS\system32\drivers\gcquhnen.sys

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the log for my review.

I also need to see the Addition.txt file that was created by the Farbar tool.
Please post it.

How is the computer running now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:47 AM

Posted 28 December 2015 - 11:20 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users