Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ESET SS9 reporting strainge ICMP ping content


  • Please log in to reply
21 replies to this topic

#1 Protopia

Protopia

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 23 June 2016 - 01:34 PM

Mod Edit: Moved to Malware Removal Logs ~~ boopme

ESET is telling me that some process is sending ICMP Ping packets with non-standard payload and is a sign of malware.
 
But I can't find anything odd - and as you will see from the HJT log below, I am omewhat paranoid about security - so perhas someone else might be able to fin dsomething pls.
 
HJT
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 19:09:32, on 23/06/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18347)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Paul\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Evernote\EvernoteClipper.exe
C:\ProgramData\MEGAsync\MEGAsync.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe
C:\Users\Paul\AppData\Local\Pushbullet\bin\pushbullet_client.exe
C:\Users\Paul\AppData\Local\Temp\pushbullet_watchdog.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Shareaza\Shareaza.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\qBittorrent\qbittorrent.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\Windows\SysWOW64\notepad.exe
C:\Temp\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\EvernoteIE.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [ITSecMng] "%ProgramFiles(x86)%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" /START
O4 - HKLM\..\Run: [Raptr] "C:\Program Files (x86)\Raptr\raptrstub.exe" --startup
O4 - HKLM\..\Run: [adm_tray.exe] "C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [NetworkIndicator] C:\Program Files\NetworkIndicator\NetworkIndicator.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AppEx Accelerator UI] C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h
O4 - HKCU\..\Run: [NetDrive] "C:\Program Files (x86)\NetDrive\netdrive.exe" -tray
O4 - HKCU\..\Run: [LMab1err] C:\Program Files\Lexmark\ErrorApp\LMab1err.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Paul\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [Pushbullet] "C:\Program Files (x86)\Pushbullet\pushbullet.exe" -show false
O4 - HKCU\..\Run: [Google Update] "C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MusicManager] "C:\Users\Paul\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
O4 - HKCU\..\Run: [KiesPDLR.exe] C:\Users\Paul\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [GoogleContactSync] "C:\Program Files (x86)\GO Contact Sync Mod\GOContactSync.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files (x86)\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [qBittorrent] "C:\Program Files (x86)\qBittorrent\qbittorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\EvernoteClipper.exe
O4 - Startup: MEGAsync.lnk = C:\ProgramData\MEGAsync\MEGAsync.exe
O4 - Global Startup: Activity Indicator 1-C.lnk = C:\Program Files (x86)\Activity Indicator 1.1.4.29\Activity Indicator 1.1.4.29.exe
O4 - Global Startup: Activity Indicator 2-D.lnk = C:\Program Files (x86)\Activity Indicator 1.1.4.29\Activity Indicator 1.1.4.29.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O4 - Global Startup: Task Manager.lnk = C:\Windows\System32\taskmgr.exe
O4 - Global Startup: What's my computer doing.lnk = C:\Program Files (x86)\What's my computer doing\WhatsMyComputerDoing.exe
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files (x86)\Shareaza\RazaWebHook64.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\EvernoteIERes\NewNote.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O15 - Trusted Zone: http://www.eastdevonalliance.org.uk
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1438848534630
O17 - HKLM\System\CCS\Services\Tcpip\..\{A52F1C01-1082-4FCA-8AD5-301EEF2E9AAD}: NameServer = 212.159.13.49,212.159.6.9,212.159.13.50,212.159.6.10,8.8.8.8,8.8.4.4,209.244.0.3,209.244.0.4,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{F56438CC-4E56-4191-B64B-1EF2A041844F}: NameServer = 212.159.13.49,212.159.6.9,212.159.13.50,212.159.6.10,8.8.8.8,8.8.4.4,209.244.0.3,209.244.0.4,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O20 - AppInit_DLLs: prio32.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AllShare Framework DMS - Samsung - C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Windows\System32\GFNEXSrv.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kiwi Syslog Server - Kiwi Enterprises - C:\Program Files (x86)\SolarWinds\Kiwi Syslog Server\Syslogd_Service.exe
O23 - Service: Kaspersky Security Scan Service (kss) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
O23 - Service: lmab_device -   - C:\Windows\system32\LMabcoms.exe
O23 - Service: Malwarebytes Anti-Exploit Service (MbaeSvc) - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NetDrive Service (ndsvc) - Bdrive Inc. - C:\Program Files (x86)\NetDrive\ndsvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Prio Service (prio_svc) - Unknown owner - C:\Program Files\Prio\prio_svc.exe
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung Link Service - Samsung Electronics Co.,Ltd - C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP2b\RpcAgentSrv.exe
O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - Unknown owner - C:\Users\Paul\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: ToolTipFixer - NeoSmart Technologies - C:\Program Files (x86)\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 20890 bytes
 
Thanks.
 
Paul

Edited by boopme, 23 June 2016 - 01:51 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:32 PM

Posted 25 June 2016 - 08:27 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs.

Let me know what problems persists.

===

p.s.
HijackThis is no longer supported.
I suggest your remove via the Control panel > Programs > Programs and Features Applet.
Use the Farbar tool from now on to report problems.
<<<>>>

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:32 PM

Posted 02 July 2016 - 08:19 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:32 PM

Posted 31 July 2016 - 10:37 AM

This topic has been re-opened at the request of the person who originally posted.

#5 Protopia

Protopia
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 31 July 2016 - 11:08 AM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 31/07/2016
Scan Time: 3:34pm
Logfile: malwarebytes log.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.07.31.03
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Paul
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 388785
Time Elapsed: 1 hr, 0 min, 55 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

# AdwCleaner v5.201 - Logfile created 31/07/2016 at 15:33:29
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-31.2 [Server]
# Operating system : Windows 10 Pro  (X64)
# Username : Paul - C850D
# Running from : C:\Temp\adwcleaner_5.201.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [606 bytes] - [31/07/2016 15:33:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [678 bytes] ##########


#6 Protopia

Protopia
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 31 July 2016 - 11:12 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016

Ran by Paul (administrator) on C850D (31-07-2016 15:57:08)

Running from C:\Temp

Loaded Profiles: Paul &  (Available Profiles: Paul & Administrator)

Platform: Windows 10 Pro Version 1511 (X64) Language: English (United Kingdom)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

() C:\Windows\System32\GFNEXSrv.exe

(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe

(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe

(NeoSmart Technologies) C:\Program Files (x86)\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe

(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Samsung Electronics Co.,Ltd) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe

( SolarWinds Inc) C:\Program Files (x86)\SolarWinds\Kiwi Syslog Server\Syslogd_Service.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

(Bdrive Inc.) C:\Program Files (x86)\NetDrive\ndsvc.exe

(Samsung Electronics Co.,Ltd) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe

(Microsoft Corporation) C:\Windows\System32\mqsvc.exe

(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe

() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe

(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

(SoftPerfect Research) C:\Program Files\SoftPerfect RAM Disk\ramdiskws.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe

(Samsung Electronics Co.,Ltd) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe

(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe

(ITSamples.com) C:\Program Files\NetworkIndicator\NetworkIndicator.exe

(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe

(Bdrive Inc.) C:\Program Files (x86)\NetDrive\netdrive.exe

( ) C:\Program Files\Lexmark\ErrorApp\lmab1err.exe

(Google Inc.) C:\Users\Paul\AppData\Local\Programs\Google\MusicManager\MusicManager.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(WebGear Ltd, New Zealand + Create Software + Stru.be + saller.NET + Big-R) C:\Program Files (x86)\GO Contact Sync Mod\GOContactSync.exe

(Shareaza Development Team) C:\Program Files (x86)\Shareaza\Shareaza.exe

() C:\Program Files (x86)\qBittorrent\qbittorrent.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

(Limbo Software Solutions) C:\Program Files (x86)\Activity Indicator 1.1.4.29\Activity Indicator 1.1.4.29.exe

(Limbo Software Solutions) C:\Program Files (x86)\Activity Indicator 1.1.4.29\Activity Indicator 1.1.4.29.exe

(Intuit Limited.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

(Intuit Limited.) C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE

(Acronis) C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

(Dropbox, Inc.) C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe

(Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\EvernoteClipper.exe

(Mega Limited) C:\ProgramData\MEGAsync\MEGAsync.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

(Pushbullet Inc) C:\Users\Paul\AppData\Local\Pushbullet\bin\pushbullet_client.exe

(Pushbullet Inc) C:\Users\Paul\AppData\Local\Temp\pushbullet_watchdog.exe

(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe

(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

( ) C:\Windows\System32\lmabcoms.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6965.41051.0_x64__8wekyb3d8bbwe\HxTsr.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-22] (TOSHIBA Corporation)

HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-03-22] (SRS Labs, Inc.)

HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2012-02-24] (TOSHIBA Corporation)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [462400 2011-02-12] (Acronis)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)

HKLM\...\Run: [RAMDiskForWorkstations] => C:\Program Files\SoftPerfect RAM Disk\RAMDiskWS.exe [5850320 2015-02-04] (SoftPerfect Research)

HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [615144 2016-03-09] (Samsung Electronics Co.,Ltd)

HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)

HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-05-23] (Raptr, Inc)

HKLM-x32\...\Run: [adm_tray.exe] => C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe [466768 2011-02-24] (Acronis)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2016-06-23] (Adobe Systems Inc.)

HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-06-02] (Malwarebytes Corporation)

HKLM-x32\...\Run: [SystemExplorerAutoStart] => "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY

HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-03-17] (Intuit Inc. All rights reserved.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)

HKLM\...\Policies\Explorer: [NoThumbnailCache] 1

HKLM\...\Policies\Explorer: [DisableThumbnailCache] 1

HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0

HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0

HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Run: [NetworkIndicator] => C:\Program Files\NetworkIndicator\NetworkIndicator.exe [367616 2014-12-13] (ITSamples.com)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Run: [NetDrive] => C:\Program Files (x86)\NetDrive\netdrive.exe [3587072 2013-02-25] (Bdrive Inc.)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Run: [LMab1err] => C:\Program Files\Lexmark\ErrorApp\LMab1err.exe [582312 2010-08-03] ( )

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Run: [Dropbox Update] => C:\Users\Paul\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-05-15] (Dropbox, Inc.)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Run: [Pushbullet] => C:\Program Files (x86)\Pushbullet\pushbullet.exe [64000 2014-12-21] (Pushbullet inc)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Run: [Google Update] => C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-07-25] (Google Inc.)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Run: [MusicManager] => C:\Users\Paul\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-08-13] (Google Inc.)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-29] (Skype Technologies S.A.)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Run: [GoogleContactSync] => C:\Program Files (x86)\GO Contact Sync Mod\GOContactSync.exe [2094592 2015-11-01] (WebGear Ltd, New Zealand + Create Software + Stru.be + saller.NET + Big-R)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Run: [Shareaza] => C:\Program Files (x86)\Shareaza\Shareaza.exe [4988416 2015-10-04] (Shareaza Development Team)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Run: [qBittorrent] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe [15855104 2016-07-20] ()

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23496872 2016-05-17] (Google)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Policies\system: [NoDispAppearancePage] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Policies\Explorer: [NoThumbnailCache] 1

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Policies\Explorer: [DisableThumbnailCache] 1

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Policies\Explorer: [NoPreviewPane] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Policies\Explorer: [NoTrayContextMenu] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Policies\Explorer: [NoSetTaskbar] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Policies\Explorer: [NoViewContextMenu] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Policies\Explorer: [NoWinkeys] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Policies\Explorer: [HideClock] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Policies\Explorer: [HideSCANetwork] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Policies\Explorer: [HideSCAVolume] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\MountPoints2: {00777c23-cd80-11e4-8b8d-806e6f6e6963} - "R:\Setup.exe" 

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\MountPoints2: {63f52434-4cfa-11e6-ba1e-4c72b96f3c36} - "E:\setup.exe" 

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NetworkIndicator] => C:\Program Files\NetworkIndicator\NetworkIndicator.exe [367616 2014-12-13] (ITSamples.com)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NetDrive] => C:\Program Files (x86)\NetDrive\netdrive.exe [3587072 2013-02-25] (Bdrive Inc.)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LMab1err] => C:\Program Files\Lexmark\ErrorApp\LMab1err.exe [582312 2010-08-03] ( )

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Dropbox Update] => C:\Users\Paul\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-05-15] (Dropbox, Inc.)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Pushbullet] => C:\Program Files (x86)\Pushbullet\pushbullet.exe [64000 2014-12-21] (Pushbullet inc)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-07-25] (Google Inc.)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MusicManager] => C:\Users\Paul\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-08-13] (Google Inc.)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-29] (Skype Technologies S.A.)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleContactSync] => C:\Program Files (x86)\GO Contact Sync Mod\GOContactSync.exe [2094592 2015-11-01] (WebGear Ltd, New Zealand + Create Software + Stru.be + saller.NET + Big-R)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Shareaza] => C:\Program Files (x86)\Shareaza\Shareaza.exe [4988416 2015-10-04] (Shareaza Development Team)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [qBittorrent] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe [15855104 2016-07-20] ()

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23496872 2016-05-17] (Google)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispAppearancePage] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoThumbnailCache] 1

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableThumbnailCache] 1

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoPreviewPane] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayContextMenu] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetTaskbar] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewContextMenu] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoWinkeys] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayItemsDisplay] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideClock] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideSCANetwork] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideSCAVolume] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {00777c23-cd80-11e4-8b8d-806e6f6e6963} - "R:\Setup.exe" 

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {63f52434-4cfa-11e6-ba1e-4c72b96f3c36} - "E:\setup.exe" 

HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)

AppInit_DLLs: prio.dll => No File

ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)

ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)

ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-07-19] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-07-19] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-07-19] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-07-19] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-07-19] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-07-19] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-07-19] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-07-19] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-07-21] ()

ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-07-21] ()

ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-07-21] ()

ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2016-07-21] ()

ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2016-07-21] ()

ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2016-07-21] ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Activity Indicator 1-C.lnk [2015-03-13]

ShortcutTarget: Activity Indicator 1-C.lnk -> C:\Program Files (x86)\Activity Indicator 1.1.4.29\Activity Indicator 1.1.4.29.exe (Limbo Software Solutions)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Activity Indicator 2-D.lnk [2015-03-13]

ShortcutTarget: Activity Indicator 2-D.lnk -> C:\Program Files (x86)\Activity Indicator 1.1.4.29\Activity Indicator 1.1.4.29.exe (Limbo Software Solutions)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-07-04]

ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Limited.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-07-04]

ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE (Intuit Limited.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-03-20]

ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Task Manager.lnk [2015-03-13]

ShortcutTarget: Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation)

Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-07-19]

ShortcutTarget: Dropbox.lnk -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-12-15]

ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2015-06-28]

ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited)

GroupPolicy: Restriction - Chrome <======= ATTENTION

GroupPolicyScripts: Restriction <======= ATTENTION

GroupPolicyScripts\User: Restriction <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 212.159.6.10 8.8.4.4

Tcpip\..\Interfaces\{a52f1c01-1082-4fca-8ad5-301eef2e9aad}: [NameServer] 212.159.13.49,212.159.6.9,212.159.13.50,212.159.6.10,8.8.8.8,8.8.4.4,209.244.0.3,209.244.0.4,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20

Tcpip\..\Interfaces\{a52f1c01-1082-4fca-8ad5-301eef2e9aad}: [DhcpNameServer] 212.159.6.10 8.8.4.4

Tcpip\..\Interfaces\{e0fa1de7-b27d-4089-ab33-8682cd7e2866}: [DhcpNameServer] 192.168.0.1

 

Internet Explorer:

==================

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs

SearchScopes: HKU\S-1-5-21-842475166-3683424370-3109751953-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-26] (Oracle Corporation)

BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-26] (Oracle Corporation)

BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)

BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)

BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-26] (Oracle Corporation)

BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\EvernoteIE.dll [2016-03-25] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-26] (Oracle Corporation)

BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)

BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)

Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)

IE Session Restore: HKU\S-1-5-21-842475166-3683424370-3109751953-1000 -> is enabled.

IE Session Restore: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> is enabled.

DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab

DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1438848534630

Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll [2016-06-23] (Intuit, Inc.)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

 

FireFox:

========

FF ProfilePath: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925

FF Session Restore: -> is enabled.

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()

FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-26] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-26] (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()

FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2015-12-21] ( Sanford L.P.)

FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-26] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-26] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)

FF Plugin HKU\S-1-5-21-842475166-3683424370-3109751953-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)

FF Plugin HKU\S-1-5-21-842475166-3683424370-3109751953-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)

FF Plugin HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)

FF Plugin HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)

FF Extension: EPUBReader - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2016-02-17]

FF Extension: Illuminations for Developers - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\extensions\sroussey@illumination-for-developers.com.xpi [2016-02-17]

FF Extension: Console² - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe80}.xpi [2016-04-28]

FF Extension: CodeBurner for Firebug - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\extensions\firebug@tools.sitepoint.com.xpi [2016-04-28]

FF Extension: CSS Reloader - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\extensions\cssreloader@kenneth.io.xpi [2016-04-28]

FF Extension: CSS Usage - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\extensions\csscoverage@spaghetticoder.org.xpi [2016-04-28]

FF Extension: Adblock Plus Pop-up Addon - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\extensions\adblockpopups@jessehakanen.net.xpi [2016-04-28]

FF Extension: Disconnect - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\extensions\2.0@disconnect.me.xpi [2016-04-28]

FF Extension: NoScript - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-28]

FF Extension: BetterPrivacy - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2016-07-25]

FF Extension: Tab Mix Plus - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-07-25]

FF Extension: ImTranslator - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2016-07-25]

FF Extension: ColorfulTabs - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2016-07-25]

FF Extension: SYSTRAN - Translator and Dictionary - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\Extensions\@firefox-addons-translation.xpi [2016-06-27]

FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\Extensions\elemhidehelper@adblockplus.org.xpi [2016-06-27]

FF Extension: Firebug - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\Extensions\firebug@software.joehewitt.com.xpi [2016-06-27]

FF Extension: FireStorage Plus! - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\Extensions\firestorageplus@nickbelhomme.com.xpi [2016-04-28]

FF Extension: English (GB) Language Pack - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2016-06-27]

FF Extension: British English Dictionary (Marco Pinto) - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\Extensions\marcoagpinto@mail.telepac.pt [2016-06-27]

FF Extension: Prevent Tab Overflow - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\Extensions\noverflow@sdrocking.com.xpi [2016-04-28]

FF Extension: Session Manager - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2016-03-19]

FF Extension: Adblock Plus - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]

FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-07-18]

 

Chrome: 

=======

CHR HomePage: Default -> about:blank

CHR DefaultSearchKeyword: Default -> t

CHR Session Restore: Default -> is enabled.

CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.903\_platform_specific\win_x64\widevinecdmadapter.dll (Google Inc.)

CHR Plugin: (Shockwave Flash) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\PepperFlash\22.0.0.209\pepflashplayer.dll ()

CHR Profile: C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Translate) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-06-19]

CHR Extension: (Google Slides) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-18]

CHR Extension: (Flash Video Downloader) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2016-07-31]

CHR Extension: (Google Docs) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-18]

CHR Extension: (Google Drive) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-19]

CHR Extension: (Browse Queue) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apjemfcjhjmbbamfdoimecdchmmmofhb [2016-06-19]

CHR Extension: (Web Developer) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2016-07-22]

CHR Extension: (YouTube) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-18]

CHR Extension: (OneTab) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-06-18]

CHR Extension: (uBlock Origin) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-07-02]

CHR Extension: (PHP Ninja Manual) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbhjjdhmgeibgdccjfoliooccomjcab [2016-06-19]

CHR Extension: (Tab Manager) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coonecdghnepgiblpccbbihiahajndda [2016-07-22]

CHR Extension: (imgInfo) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppcfjomiccbijjegfcplbgcdjbhkdch [2016-06-18]

CHR Extension: (Simple Dictation) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\diondlbenfmpcapnbegmodfdgmnnpgln [2016-06-19]

CHR Extension: (Tab Remover for iGoogle Chrome) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlibebadhejgpjggjfijjgnomljihpeb [2016-06-19]

CHR Extension: (Clacks Tracker - GNU Terry Pratchett) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\doejbfelimoioogdhmkbembmbjcciepk [2016-06-19]

CHR Extension: (XV — XML Viewer) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocglpgjdpaefaedpblffpeebgmgddk [2016-06-18]

CHR Extension: (Adobe Acrobat) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-06-20]

CHR Extension: (ARC Welder) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\emfinbmielocnlhgmfkkmkngdoccbadn [2016-06-20]

CHR Extension: (Google Sheets) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-18]

CHR Extension: (SYSTRAN - Translator and Dictionary) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbpijldifkdlmfiadjhoekaenlabngob [2016-07-22]

CHR Extension: (HTTPS Everywhere) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-07-22]

CHR Extension: (Google Docs Offline) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-20]

CHR Extension: (AdBlock) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-31]

CHR Extension: (Google Tasks Panel) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmjdflobmjpeohnoefalpjeocgpdeffo [2016-06-19]

CHR Extension: (TinEye Reverse Image Search) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2016-06-19]

CHR Extension: (Protect My Choices) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgloanjhdcenjgiafkpbehddcnonlic [2016-07-22]

CHR Extension: (Music Player for Google Drive) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfeekfpnjbdmelcapngdgkjnhgijjkh [2016-06-18]

CHR Extension: (Referer Control) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkcfpcejkafcihlgbojoidoihckciin [2016-06-19]

CHR Extension: (Appspector) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\homgcnaoacgigpkkljjjekpignblkeae [2016-06-19]

CHR Extension: (Web Developer Checklist) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\iahamcpedabephpcgkeikbclmaljebjp [2016-06-19]

CHR Extension: (Search the current site) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\jliolpcnkmolaaecncdfeofombdekjcp [2016-07-02]

CHR Extension: (Speed Dial 2) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2016-06-19]

CHR Extension: (Cookie Manager) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbnfbcpkiaganjpcanopcgeoehkleeck [2016-06-19]

CHR Extension: (Autodesk Homestyler) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2016-06-18]

CHR Extension: (Window Resizer) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkelicaakdanhinjdeammmilcgefonfh [2016-06-19]

CHR Extension: (The Great Suspender) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2016-06-18]

CHR Extension: (The Secret of Grisly Manor) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpaadcbfeeiehmjlfbgpafdjbeikhgff [2016-06-18]

CHR Extension: (Evernote Web) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2016-06-18]

CHR Extension: (gLinks) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\leanhbopikglhiejeckmchmobphcpphm [2016-06-18]

CHR Extension: (Stop Autoplay for YouTube.) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdfnbpkmkkdhgidgcpdkgpdlfjcgnnh [2016-06-18]

CHR Extension: (Lazarus: Form Recovery) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2016-06-19]

CHR Extension: (App Runtime for Chrome (Beta)) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaihdlpglflfgpfjcifdjdjcckigekc [2016-06-19]

CHR Extension: (Session Manager) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc [2016-06-18]

CHR Extension: (Google Dictionary (by Google)) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-06-19]

CHR Extension: (PHP Docs-to-go) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlilmganaobieaclflbciblffhaagnip [2016-06-18]

CHR Extension: (Ghostery) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-06-19]

CHR Extension: (Google Play Books) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2016-06-18]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-18]

CHR Extension: (Personal Blocklist (by Google)) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2016-06-19]

CHR Extension: (TabCloud) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof [2016-06-23]

CHR Extension: (Better History) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb [2016-06-18]

CHR Extension: (CSS Viewer) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\omofllbfhlganmbmnnkneakndffbgkci [2016-06-19]

CHR Extension: (SpeakIt!) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgeolalilifpodheeocdmbhehgnkkbak [2016-06-19]

CHR Extension: (Evernote Web Clipper) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-07-02]

CHR Extension: (Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-18]

CHR Extension: (RSS Feed Reader) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2016-07-03]

CHR HKU\S-1-5-21-842475166-3683424370-3109751953-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Paul\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-08-18]

CHR HKU\S-1-5-21-842475166-3683424370-3109751953-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

CHR HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Paul\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-08-18]

CHR HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-06-23]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)

R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)

S2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33520 2015-12-21] (Sanford, L.P.)

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2519904 2016-07-08] (ESET)

R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()

R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)

R2 Kiwi Syslog Server; C:\Program Files (x86)\SolarWinds\Kiwi Syslog Server\Syslogd_Service.exe [9867264 2015-09-23] ( SolarWinds Inc) [File not signed]

R2 lmab_device; C:\Windows\system32\LMabcoms.exe [1048576 2012-09-28] ( ) [File not signed]

R2 lmab_device; C:\Windows\SysWOW64\LMabcoms.exe [593920 2012-09-28] ( ) [File not signed]

R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-06-02] (Malwarebytes Corporation)

S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)

R2 ndsvc; C:\Program Files (x86)\NetDrive\ndsvc.exe [2789376 2013-02-25] (Bdrive Inc.) [File not signed]

S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37504 2016-05-10] (The OpenVPN Project)

R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]

S2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2016-06-23] (Intuit) [File not signed]

S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-09-29] (Intuit Inc.) [File not signed]

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)

R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [623848 2016-03-09] (Samsung Electronics Co.,Ltd)

S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP2b\RpcAgentSrv.exe [73200 2015-07-06] (SiSoftware) [File not signed]

R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197264 2016-06-14] (Sandboxie Holdings, LLC)

R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-04-19] (Secunia)

R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-04-19] (Secunia)

R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-08] (Synaptics Incorporated)

R3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)

R2 ToolTipFixer; C:\Program Files (x86)\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe [61952 2008-10-14] (NeoSmart Technologies) [File not signed]

R2 TosCoSrv; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [580608 2012-02-02] (TOSHIBA Corporation) [File not signed]

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [23240 2016-02-26] (Advanced Micro Devices, Inc.)

R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102400 2016-02-26] (Advanced Micro Devices)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264552 2016-07-08] (ESET)

R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [199680 2016-07-08] (ESET)

R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2016-07-08] (ESET)

R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [142976 2016-02-02] (ESET)

R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [198096 2016-07-08] (ESET)

R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [53384 2016-07-08] (ESET)

R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84800 2016-07-08] (ESET)

S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()

S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2014-11-18] ()

R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-06-02] ()

S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()

S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()

S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-31] (Malwarebytes)

R3 ndfs; C:\Program Files (x86)\NetDrive\ndfs.sys [63712 2013-02-01] (Bdrive Inc.)

R3 NETGEARUHOST; C:\Windows\System32\drivers\NETGEARUHOST.sys [16384 2007-03-08] (SerComm)

R3 NETGEARUHUB; C:\Windows\System32\drivers\NETGEARUHUB.sys [40960 2007-03-08] (SerComm)

R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()

S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()

R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )

U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [777944 2016-01-13] (Realsil Semiconductor Corporation)

S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [413912 2015-12-22] (Realsil Semiconductor Corporation)

R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3749888 2015-10-30] (Realtek Semiconductor Corporation                           )

S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP2b\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware)

R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-06-14] (Sandboxie Holdings, LLC)

S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [11616 2000-08-23] () [File not signed]

R1 SPVDPort; C:\Windows\System32\drivers\spvdbus.sys [92152 2014-09-04] ()

R1 SPVVEngine; C:\Windows\system32\Drivers\spvve.sys [340984 2014-09-04] ()

R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45720 2015-12-31] (Toshiba Corporation)

R3 UBQBTUSB; C:\Windows\System32\Drivers\UBQBTUSB.sys [45360 2015-10-07] (Canon i-tech, Inc.)

R1 VBoxNetAdp; C:\Windows\System32\drivers\VBoxNetAdp6.sys [119712 2016-07-18] (Oracle Corporation)

R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [192864 2016-07-18] (Oracle Corporation)

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

U3 idsvc; no ImagePath

U3 wpcsvc; no ImagePath

 

========================== Drivers MD5 =======================

 

C:\Windows\System32\drivers\1394ohci.sys DF1C3D7E6C7929AD83BE22852B5B08CB

C:\Windows\System32\drivers\3ware.sys 2C5B3035B86770ADD2FE9BFBAF5B35A4

C:\Windows\System32\drivers\ACPI.sys 469441BAE3FF8A16826FC62C51EF5E18

C:\Windows\System32\Drivers\acpiex.sys 7EADED8087C392876521F7EBCE846EF4

C:\Windows\System32\drivers\acpipagr.sys C498887123327CDFD73A05E7A2780920

C:\Windows\System32\drivers\acpipmi.sys C8DBE6EFFCF014CAA010B9BDDAC833EC

C:\Windows\System32\drivers\acpitime.sys 17039DBEB3B7B9ADCDB4B4533AA9771F

C:\Windows\System32\drivers\ADP80XX.SYS F7D0CD345D2DA42E7042ABCD73662403

C:\Windows\system32\drivers\afd.sys 70148EFA9A562E7185B75BBE7D376BF7

C:\Windows\System32\drivers\agp440.sys 870F1A2C936F92B5D053DF7EC75B352F

C:\Windows\System32\DRIVERS\ahcache.sys 3DF7751D5DC6525E7DC6617FBB45054F

C:\Windows\System32\drivers\amdk8.sys B70F0F2F54B4A4DB6E9C830454752F5A

C:\Windows\System32\drivers\amdkmafd.sys 83ADF64C5BEAC0A065D7D2811E9A79CA

C:\Windows\system32\DRIVERS\atikmdag.sys ABEE0FFECDF1C1DDBE063B2D0CB9F95D

C:\Windows\system32\DRIVERS\atikmpag.sys C14D7E5F24381BC8F333C4EB77892400

C:\Windows\System32\drivers\amdppm.sys 35E890482C9728DD5C552B85DA8A5AB2

C:\Windows\System32\drivers\amdsata.sys 5B30BCFE6E02E45D3EE268FF001BC5E0

C:\Windows\System32\drivers\amdsbs.sys F20B30F35A5C7888441B4DCA001ECF8E

C:\Windows\System32\drivers\amdxata.sys AFE838D7576C581D6483529621AB10CC

C:\Windows\System32\drivers\amd_sata.sys EBECBA1E37CE98BA2BD64A22A788DAC5

C:\Windows\System32\drivers\amd_xata.sys 7F1B42E70FAE147B14B28B83E003F039

C:\Windows\System32\drivers\appid.sys EDDB0D726DBECDFC1DBCC6DB464E5A13

C:\Windows\system32\DRIVERS\appexDrv.sys CF6E96336D3B247AB48F28CC570B83D8

C:\Windows\System32\drivers\arcsas.sys E3FE8F610B1CC12BC3B2E6BC43DC97E2

C:\Windows\System32\drivers\asyncmac.sys 5E00748A1AD246CAECBBB7553BED36CC

C:\Windows\System32\drivers\atapi.sys 492B99D2E3D5D7BFD5F0AE1BE7BD37DD

C:\Windows\system32\drivers\AtihdWT6.sys 4A90468E458443382578EF66CDB4A0FD

C:\Windows\System32\drivers\bxvbda.sys 6447BA6FA709514B6C803D159B4C7D1E

C:\Windows\System32\drivers\BasicDisplay.sys B4AC08B1D04D0CE085435E5CD0E663C5

C:\Windows\System32\drivers\BasicRender.sys 25B5BB369DEE2BAE4BF459C978FF9035

C:\Windows\System32\drivers\BazisVirtualCDBus.sys 326E77EA6E9BF27C7CD2837D65DB96C7

C:\Windows\System32\drivers\bcmfn.sys 3F5523DCEFE42B385659C5CB46A6B810

C:\Windows\System32\drivers\bcmfn2.sys 0B750A6A6D847E73CA48ADD7A0F5A393

C:\Windows\System32\Drivers\Beep.sys 5A88834AEE15D97695FAE0837B73B3E4

C:\Windows\System32\DRIVERS\bowser.sys DA2C6F7ACE392193C424FEA975C5BFFB

C:\Windows\System32\drivers\BthAvrcpTg.sys CAEC7BC11AF69A181AF7932E636E09E4

C:\Windows\System32\drivers\bthhfenum.sys 5F2B4B32E986C058525D3BA2A475A16C

C:\Windows\System32\drivers\BthHFHid.sys 5406289E8AE2CB52FC408154E0A64BA7

C:\Windows\System32\drivers\bthmodem.sys A76F20CCCA31895A1DA78A875E50F946

C:\Windows\System32\drivers\buttonconverter.sys BF89BDBA5D3A0B4256D3F6FC8D31880D

C:\Windows\System32\drivers\capimg.sys C24C27FDF93B85A4EFCF25F830253AA2

C:\Windows\System32\DRIVERS\cdfs.sys 7F9C7226D743B232907ED2537B8A574F

C:\Windows\System32\drivers\cdrom.sys 82D97776BF982AA143BDC7DFB5054EA8

C:\Windows\System32\drivers\circlass.sys 0505C1D991D0F9D47F3353BB98597C7E

C:\Windows\System32\drivers\CLFS.sys 8B4B39C507ABA09AAFE8E3932D1B392C

C:\Windows\System32\drivers\CmBatt.sys 95832B049E2833B9F5189823CDF946C7

C:\Windows\System32\Drivers\cng.sys 309E3CFC5309CECD9317A69990716A87

C:\Windows\System32\DRIVERS\cnghwassist.sys 58D640BC2294C71BDE0953F12D4B432F

C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys 14F9883588398A1BDE49C75098C75DE6

C:\Windows\System32\drivers\condrv.sys 02B8E49148DE5E0A2F6FDF28CE94A6AC

C:\Windows\System32\drivers\csc.sys 5D578EAAFB6FD4F59523E5878B541296

C:\Windows\System32\drivers\dam.sys 2619DC483579DB9FE804044C1ADFFD1A

C:\Windows\System32\Drivers\dfsc.sys 935823F79CBEDB91637B63D37E3A5A36

C:\Windows\System32\drivers\disk.sys 4904B152E4942BF700F2D73228B4D477

C:\Windows\System32\drivers\dmvsc.sys 0197AE4B9790A4E73751CACFAA480126

C:\Windows\system32\DRIVERS\drmkaud.sys 25FA06D3B49D6ADF8E874FFCDCD76B50

C:\Windows\System32\drivers\dxgkrnl.sys 97BFC3BD9F910B24EB956FF3387C71CF

C:\Windows\System32\DRIVERS\eamonm.sys B4B52D2D4976FB06C53DCC6F476EAE2F

C:\Windows\System32\drivers\evbda.sys 491275B864B704B54EC08168344E0F38

C:\Windows\System32\DRIVERS\edevmon.sys 9ADE38E33B121243C848D74BE70A6B25

C:\Windows\System32\DRIVERS\ehdrv.sys 2072E5C612C0C178A1E725433EB4E7EB

C:\Windows\System32\drivers\EhStorClass.sys CEF108FCE06892CFA5F1B49527D4BF49

C:\Windows\System32\drivers\EhStorTcgDrv.sys 5B1EAAE3001A7A320C106FC3859F4111

C:\Windows\System32\DRIVERS\ekbdflt.sys 70350E9D75CE4479AA1A046887F11519

C:\Windows\System32\DRIVERS\epfw.sys D0268AFCBE7E16A30D4C7A0D91526BD1

C:\Windows\system32\DRIVERS\EpfwLWF.sys 6B19C4B37E06E275D9AE54F06B1DEAAA

C:\Windows\System32\DRIVERS\epfwwfp.sys 75815E12D7B8209BD26E8DC4E6708A4F

C:\Windows\system32\epmntdrv.sys 1B677389760689A11241884C700B48E0

C:\Windows\SysWOW64\epmntdrv.sys D238D6B4D5BCFCF244D2F2286BC1DC16

C:\Windows\System32\drivers\errdev.sys 7A2705148A4BB3CA255F81624338B461

C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys 67FA5ECD5A643CFCEF30DF4DD263CFA5

C:\Windows\system32\EuGdiDrv.sys 08C997734B2CECE882656BB2855E6E76

C:\Windows\SysWOW64\EuGdiDrv.sys 886CDC85E0B6C9AC2547F919E5B224A3

C:\Windows\System32\Drivers\exfat.sys DFE8A33FBCF6F38182631A4D6097B92D

C:\Windows\System32\Drivers\fastfat.sys C330883C06E2D4CE4F6982F048265D37

C:\Windows\System32\drivers\fdc.sys 9D299AE86D671488926126A84DF77BFD

C:\Windows\System32\drivers\filecrypt.sys 8F2523C9D8F1448FF2156452AF60FA00

C:\Windows\System32\drivers\fileinfo.sys 92ECCFA58C8195B8EA33ED942469D4E6

C:\Windows\System32\drivers\filetrace.sys 87C51FDD50C17882BA93E28BBABB9847

C:\Windows\System32\drivers\flpydisk.sys E99261DD76D1C9E05AF575939CAE5AC5

C:\Windows\System32\drivers\fltmgr.sys 25D7A58625E1453E40D36825DE74E4F1

C:\Windows\System32\drivers\FsDepends.sys B4175E8BE60B099686FF55CA7D692316

C:\Windows\System32\Drivers\Fs_Rec.sys CC71372CEB811A72F1DC99089C5CBF53

C:\Windows\System32\DRIVERS\fvevol.sys 50DFE05C698E9B0A63D95E3D669A105C

C:\Windows\System32\drivers\gagp30kx.sys B9981A4CB9F728B3312A3885BFAA7204

C:\Windows\System32\drivers\vmgencounter.sys 77555B11B264991DDC26872FFCF1AB97

C:\Windows\System32\drivers\genericusbfn.sys F3AC9652D88BF87BA6596CBEA28CE10F

C:\Windows\System32\Drivers\msgpioclx.sys F802FBABF0C4DF1BAA733187B2E476F5

C:\Windows\System32\drivers\gpuenergydrv.sys D011B0ADB15F4815310CE1BF4780B33E

C:\Windows\System32\drivers\HDAudBus.sys 84BC034B6BB763733C1949B7B9BAF976

C:\Windows\System32\drivers\HidBatt.sys 6B8CB114B8E64C0636EB49F7B914D1FC

C:\Windows\System32\drivers\hidbth.sys D1AD197CCDAAC0CB4819DA1D6EB17BAE

C:\Windows\System32\drivers\hidi2c.sys 64909DECCFCC6FB5D9A5BAFDCCB31FEE

C:\Windows\System32\drivers\hidinterrupt.sys F510F7B7BF61DEAAC04E65C3B65E8D59

C:\Windows\System32\drivers\hidir.sys 90F3ED42D423C942BA5EA54E2FFE7AC7

C:\Windows\System32\drivers\hidusb.sys 128DEDDD61915DBA4D451D91D21F0513

C:\Windows\System32\drivers\HpSAMD.sys FF442DCDCE1F6E9FAA9C8AD0CD1D199B

C:\Windows\System32\Drivers\ANDROIDUSB.sys F47CEC45FB85791D4AB237563AD0FA8F

C:\Windows\system32\DRIVERS\htcnprot.sys B8B1B284362E1D8135112573395D5DA5

C:\Windows\system32\DRIVERS\HtcVComV64.sys 7C7C986776D00E575BFBDE5DCBDC615D

C:\Windows\System32\drivers\HTTP.sys 63C3F74DC398A1C1A77E39DFB9C312CA

C:\Windows\System32\drivers\hwpolicy.sys CBA5E88A0F0475B7F49653BB72150BEF

C:\Windows\System32\drivers\hyperkbd.sys D668FAB4B0397B426EE3D41683B9A1C0

C:\Windows\system32\DRIVERS\HyperVideo.sys 40115A0F8E7FF9E786EBBD1D33D39AD7

C:\Windows\System32\drivers\i8042prt.sys 53FDD9E69189E546DE4740F8C4D8AB2F

C:\Windows\System32\drivers\iai2c.sys 9A2A2F3C69B9A30B6E78536F6D258BAD

C:\Windows\System32\drivers\iaLPSS2i_I2C.sys 59A20F5AD9F4AE54098154359519408E

C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F

C:\Windows\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7

C:\Windows\System32\drivers\iaStorAV.sys 6B0029A0253098CCE28EACCFDB9E7208

C:\Windows\System32\drivers\iaStorV.sys 9652E1E35A92D8C75710C17A63B15796

C:\Windows\System32\drivers\ibbus.sys FFADF691F7BF727AF5C863454A372723

C:\Windows\system32\drivers\RTKVHD64.sys CC279B89A16615B8DD13422544F6B478

C:\Windows\System32\drivers\intelide.sys ECDB27420D3A98424666904525A8562A

C:\Windows\System32\drivers\intelpep.sys 8FF1978643EFD219C5BA49690191D701

C:\Windows\System32\drivers\intelppm.sys B61B60F36E1C8022FA8166ABF0F66B07

C:\Windows\System32\drivers\ioqos.sys CA0D42029AFFC4514D295E1EF823D02D

C:\Windows\System32\DRIVERS\ipfltdrv.sys 6E3F9D95235DFC9417384080A216F310

C:\Windows\System32\drivers\IPMIDrv.sys 4F527ECB5EAB47D8EAF34A469666C469

C:\Windows\System32\drivers\ipnat.sys 9E5E8F2A1996F23B7E9687846AA81B01

C:\Windows\System32\drivers\irenum.sys C317EB660138BC9CBFE37CCDE56351AE

C:\Windows\System32\drivers\isapnp.sys 531994A6D9399D9B74BE12B5BB58A81E

C:\Windows\System32\drivers\msiscsi.sys 68D5354A4A9692EEC24664C60F47D4A2

C:\Windows\System32\drivers\kbdclass.sys 701D7DB13B0815E7076EF4CB4CE981F8

C:\Windows\System32\drivers\kbdhid.sys 884EBBDDBF5968003B40185BD96FF0E6

C:\Windows\System32\drivers\kdnic.sys 6B3A0C7902811E6372643447E41F7048

C:\Windows\System32\Drivers\ksecdd.sys 982C795DE20CED7AEDD2E7899B5D9BC1

C:\Windows\System32\Drivers\ksecpkg.sys 5DFF4CF4DF7FD11AE5A1DAD8C67619D2

C:\Windows\system32\drivers\ksthunk.sys E9BB0023D730701BB5D9839B44F5E6B5

C:\Windows\System32\drivers\lltdio.sys EC34EED89C34B27C292166B725AC7A7B

C:\Windows\System32\drivers\lsi_sas.sys 961F28D879D345BFA50AF51285C90F2E

C:\Windows\System32\drivers\lsi_sas2i.sys 6BFB8D1B3407518BE06B6F81F92FA0F5

C:\Windows\System32\drivers\lsi_sas3i.sys BE0E47988D78F731DEC2C0CB03E765CB

C:\Windows\System32\drivers\lsi_sss.sys F99BF02BE9219986817BF094981EEB18

C:\Windows\system32\drivers\luafv.sys 2FCF837196082864F66CFD9CAB256275

C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys 78488AF2AB2111D67B3C4044707A519B

C:\Windows\System32\drivers\megasas.sys 2ED29B635F35E31A1C0D3DDB7DD2AD03

C:\Windows\System32\drivers\megasr.sys 22E3CB85870879CBAE13C5095A8B12E3

C:\Windows\System32\drivers\mlx4_bus.sys D41920FBFFF2BBCBBC69A5B383AD022E

C:\Windows\system32\drivers\mmcss.sys 64BD0C87064EA20C2D3DC4199F9C239C

C:\Windows\System32\drivers\modem.sys 8D4B46FA84A3A3702EDADD37FAC6EDBA

C:\Windows\System32\drivers\monitor.sys 78FEC1BDB168370F131BFBFEA0A04E9D

C:\Windows\System32\drivers\mouclass.sys D1CC0833CFBC4222A95CAA5D0C8C78FF

C:\Windows\System32\drivers\mouhid.sys C2E05EC6B80BCF5AE362DA873E1BCE64

C:\Windows\System32\drivers\mountmgr.sys D5B7668A8F6C67C51FA5C6C513396D6C

C:\Windows\System32\drivers\mpsdrv.sys 5FBCB85D127BE21E3A9DAF11A13C00EA

C:\Windows\System32\drivers\mqac.sys 2B9A1FF2450BAF7A795941BE471F16EF

C:\Windows\system32\drivers\mrxdav.sys BF6CA7EA5ECD6CF72D3D76652A9B8280

C:\Windows\System32\DRIVERS\mrxsmb.sys 0B3B0C1D86050355676640488FA897D3

C:\Windows\System32\DRIVERS\mrxsmb10.sys 1A490555FD330CA2764D89191177C867

C:\Windows\System32\DRIVERS\mrxsmb20.sys 0F47A6C09F0A7FB5513D322A2B9BE4EC

C:\Windows\System32\drivers\bridge.sys A4411C522D41707D5BCA817A5BB9E30B

C:\Windows\System32\Drivers\Msfs.sys D123343DDB02E372B02BF2C4293F835F

C:\Windows\System32\drivers\msgpiowin32.sys B3358F380BA3F29F56BE0F7734C24D5F

C:\Windows\System32\drivers\mshidkmdf.sys B2044D5D125F249680508EC0B2AAEFAC

C:\Windows\System32\drivers\mshidumdf.sys 36ABE7FC80BED4FE44754AE5CFB51432

C:\Windows\System32\drivers\msisadrv.sys 59307FEAFC9E72EEEC56B7FD7D294F4C

C:\Windows\system32\DRIVERS\MSKSSRV.sys E9457EDFEBC774199F907395C6D09CA2

C:\Windows\System32\drivers\mslldp.sys C85D79735641D27C5821C35ECDDC2334

C:\Windows\system32\DRIVERS\MSPCLOCK.sys EF75184B64356850D0F04D049C253526

C:\Windows\system32\DRIVERS\MSPQM.sys 543933D166C618E7588EA77707EC1683

C:\Windows\System32\Drivers\MsRPC.sys 182711E9DDF70121A20EBB61B2DFB9E8

C:\Windows\System32\drivers\mssmbios.sys E887FFDD6734C496407E9219225CB6FF

C:\Windows\system32\DRIVERS\MSTEE.sys 83A2AB75951000D681FABDB80C07AEFC

C:\Windows\System32\drivers\MTConfig.sys 4FA0483896FC16583851EFB733FCB083

C:\Windows\System32\Drivers\mup.sys 60F88248608315E13391C2F1C3B4473F

C:\Windows\System32\drivers\mvumis.sys 218705233D02776AE4D19CC37D985C1B

C:\Windows\System32\DRIVERS\nwifi.sys 549DFD8240CF20BFBD88AD9D89325DBF

C:\Windows\System32\drivers\ndfltr.sys B57CE307DA101C739885B7CC0678077F

C:\Program Files (x86)\NetDrive\ndfs.sys 7CCA9D3F1BA2172B8CB7558737404E15

C:\Windows\System32\drivers\ndis.sys E582DA849A58524E645545FB68B6625D

C:\Windows\System32\drivers\ndiscap.sys 202260E7CDD731A32AF62ABD1ABEE008

C:\Windows\System32\drivers\NdisImPlatform.sys A1D473D0CF10561F29B58EA7C5412A92

C:\Windows\System32\DRIVERS\ndistapi.sys 1A0AE283B8DE6BB76412A0F8213D45AC

C:\Windows\System32\drivers\ndisuio.sys A74EE2D2C0BFF5EC3A6185791868C4CA

C:\Windows\System32\drivers\NdisVirtualBus.sys 32A9BD1342640D48AD85C8B3E812B984

C:\Windows\System32\drivers\ndiswan.sys 6A6A8CF5EE61801375A38EBB871D4057

C:\Windows\System32\DRIVERS\ndiswan.sys 6A6A8CF5EE61801375A38EBB871D4057

C:\Windows\System32\DRIVERS\NDProxy.sys 50AEF8EF0064A91ABB08D858D039C9DE

C:\Windows\System32\drivers\Ndu.sys 883A36E2FF7FA3E1281CB575579FE3AF

C:\Windows\System32\drivers\netbios.sys 026618ECF6C4BEBDCB7885D42EC0DBE4

C:\Windows\System32\DRIVERS\netbt.sys C03E926B0E7D66D68994067231DC3246

C:\Windows\System32\drivers\NETGEARUHOST.sys 5167CA339A8A36FEC32B03EC8FDBBF64

C:\Windows\System32\drivers\NETGEARUHUB.sys A6068421D3A33255F9D77DFDE29C8416

C:\Windows\System32\drivers\netvsc.sys 2BB62723C835F75F0C7C9E6A736881FB

C:\Windows\System32\Drivers\Npfs.sys 465DC580170CD844206D7E3EF1DBF2A1

C:\Windows\System32\drivers\npsvctrig.sys 29395C214D2CD4C81F73166AB988A797

C:\Windows\System32\drivers\nsiproxy.sys 2871225495F832A8C8A7DD1A17EDB3DC

C:\Windows\System32\Drivers\NTFS.sys 19BD8A88AAC580592668B070AC0727D9

C:\Windows\System32\Drivers\Null.sys 6DBD703320484C37CEA9E4E2D266A8CE

C:\Windows\System32\drivers\nvraid.sys 604D27CC38CC23493F218D0BB834B3FF

C:\Windows\System32\drivers\nvstor.sys 8B50D897657AB4A15FD9E251BBF7D107

C:\Windows\System32\drivers\nv_agp.sys 31F990B2B6B91E9D7A667405CE12FCB1

C:\Windows\System32\drivers\parport.sys 7D0FC96264C0F8F2C1321E33E8EB646C

C:\Windows\System32\drivers\partmgr.sys D330D74B5F99309B5CCA30AE41C57CDE

C:\Windows\System32\drivers\pci.sys EF94E21C3220AE3F8539542EC0B3FF06

C:\Windows\System32\drivers\pciide.sys 2B4D98DF0CA57FB9536DBC80D2449D1F

C:\Windows\System32\drivers\pcmcia.sys F4D5793BF2E58AF15C6CF2FEEF9E73EB

C:\Windows\System32\drivers\pcw.sys 22A53744CEEADFFFD33BA010FAD95229

C:\Windows\System32\drivers\pdc.sys 67B9684B8272D5EBD1CCBB1DBD425EC8

C:\Windows\System32\drivers\peauth.sys E2F8376F9731D12A009C522036C6073A

C:\Windows\System32\drivers\percsas2i.sys 1398A85E59698067CBBE1D66A9C13ADF

C:\Windows\System32\drivers\percsas3i.sys 35F7C7AD709D909D618D9EDF987FC3ED

C:\Windows\System32\DRIVERS\pgeffect.sys 91111CEBBDE8015E822C46120ED9537C

C:\Windows\System32\drivers\raspptp.sys 5BA6B9AD03B81546BA64E488C4EF9D17

C:\Windows\System32\drivers\processr.sys 21AECFF3EB5748CBE12538A2500EFDE5

C:\Windows\System32\drivers\pacer.sys 596FB6C5A72F34B7566930985E543806

C:\Windows\System32\DRIVERS\psi_mf.sys FB46E9A827A8799EBD7BFA9128C91F37

C:\Windows\System32\pwdrvio.sys C32ECB99AD25E9A04F01C8665DF29EF8

C:\Windows\system32\pwdspio.sys D619356B955EEFA642F5FF72755E8B3C

C:\Windows\system32\drivers\qwavedrv.sys CFBA9C976CBF6796E5DC39EF59984021

C:\Windows\System32\DRIVERS\rasacd.sys 7B2AD8C55217B514C14281AB97B4E21D

C:\Windows\System32\drivers\AgileVpn.sys E15A9CE1E2E7D1C8DF97A4FC1FFE6289

C:\Windows\System32\drivers\rasl2tp.sys E3C82823B22463BC38AA4F8ADA852624

C:\Windows\System32\drivers\raspppoe.sys 3369023EB5790A75BA7DABA14B75D922

C:\Windows\System32\drivers\rassstp.sys 1E32A8CD65C4AD0A827CFEB13034DA29

C:\Windows\System32\DRIVERS\rdbss.sys 2B648363E4C5E34B469C58596F377DD9

C:\Windows\System32\drivers\rdpbus.sys D0221C13960E274CC539D72D5A842ED0

C:\Windows\System32\drivers\rdpdr.sys 1DC2CC74B51E4DC4CD5A20C1021E4010

C:\Windows\System32\drivers\rdpvideominiport.sys 177DF954D0DEC0465A380C75F6E7F65F

C:\Windows\System32\drivers\rdyboost.sys 5D1680871054D2B0B8A971BC8AB3B837

C:\Windows\System32\Drivers\ReFSv1.sys 341E6830DA70F65730300DAB4CB0B490

C:\Windows\System32\drivers\rspndr.sys 0AC5FCDC29ED97ECDEF1276425EE2059

C:\Windows\System32\drivers\rt640x64.sys FBEFF38DE03450E03E6CD9E8E37A8C74

C:\Windows\System32\DRIVERS\Rtlh64.sys D74FE7DFA031FA2C6F96A26123814D3D

C:\Windows\system32\Drivers\RtsUer.sys AE4607D7C7AA83A863BFA214483E8EE4

C:\Windows\System32\drivers\rtwlane_13.sys 82ABD9D5B96E8EDC1155CFAC55AECE85

C:\Windows\System32\drivers\vms3cap.sys 044890BB0D6CF1E23C1087234D320509

C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP2b\WNt600x64\Sandra.sys 5EFBBFCC6ADAC121C8E2FE76641ED329

C:\Program Files\Sandboxie\SbieDrv.sys ECADB026023BF6E200A552E4EA700F47

C:\Windows\System32\drivers\sbp2port.sys 530F797129776AA7E81994783A97E2AD

C:\Windows\System32\DRIVERS\scfilter.sys 9B6B1D4DB35A3D9BEAF023BC95E1F49D

C:\Windows\System32\drivers\sdbus.sys 1CDA6D0A2345AA589949AE9C83853913

C:\Windows\System32\drivers\sdstor.sys DE6D7DC78D956928F59F7415A0F41E13

C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS F42E27F7556153A33E7BAF7B2E01A43D

C:\Windows\System32\drivers\SerCx.sys 67585C295FF2D221679E376B68893B35

C:\Windows\System32\drivers\SerCx2.sys B8C4852CBCAAC1374C08EC7445443824

C:\Windows\System32\drivers\serenum.sys D3A103944A8FCD78FD48B2B19092790C

C:\Windows\System32\drivers\serial.sys 249A563C48DFD9E42A37587653E003BB

C:\Windows\System32\drivers\sermouse.sys 0F5B43074AE731D2C6F061241C9D84A6

C:\Windows\System32\drivers\sfloppy.sys D9FE59276BD56A9643C32D5FACE2F251

C:\Windows\System32\drivers\SiSRaid2.sys ABBE803FE0BDAE0E5BE74DDEFBE62F23

C:\Windows\System32\drivers\sisraid4.sys 6043DF55CFE3C7ACF477645FA64DEA98

C:\Windows\System32\drivers\spaceport.sys 1A6CB30F0EFC1632E6F1B852CA892583

C:\Windows\System32\drivers\SpbCx.sys E1C158F6C00359278727A2CEE5D2ED71

C:\Windows\System32\drivers\spvdbus.sys 8D4923C859EC5D6A4623077AF6A90CA4

C:\Windows\system32\Drivers\spvve.sys 964AE070BB488DDCB0C99535E8A044D1

C:\Windows\System32\DRIVERS\srv.sys BE88248427A6AA548A904FD867667F70

C:\Windows\System32\DRIVERS\srv2.sys 2568B86F6A50D254324CB89022CA9EFC

C:\Windows\System32\DRIVERS\srvnet.sys 6E520D6B16EA8AE23D1F81C1194F00C8

C:\Windows\System32\drivers\stexstor.sys CCDA497C880AD16D87EDFAEFCFB2EDF5

C:\Windows\System32\drivers\storahci.sys BF8EA6FC3358C2F69678E3E94F764F84

C:\Windows\System32\drivers\vmstorfl.sys 32FF460DA8C1F370F5C08B7654899B73

C:\Windows\System32\drivers\stornvme.sys CC21DB3EF619B9480FE31A4EFE92CBEB

C:\Windows\System32\drivers\storqosflt.sys 390B8A75768E2689586539C224520895

C:\Windows\System32\drivers\storufs.sys 770A92D9D3A0BF61C97C3AFCB36847D9

C:\Windows\System32\drivers\storvsc.sys 736A2418E3E7F3DB3CF6EB0A55D1D581

C:\Windows\System32\drivers\swenum.sys BD98B0225BCD49E8A62F4F8EE1D1F613

C:\Windows\System32\drivers\Synth3dVsc.sys CAE4B27B469C583131EA5AAE622F5D76

C:\Windows\system32\DRIVERS\SynTP.sys 95FFE1C1C55B2E9CE45CCC7CFE25D2C3

C:\Windows\System32\drivers\tap0901.sys D765F43CBEA72D14C04AF3D2B9C8E54B

C:\Windows\System32\drivers\tcpip.sys CF63BF6AAEDF721E37F9E216FD321B8E

C:\Windows\System32\drivers\tcpip.sys CF63BF6AAEDF721E37F9E216FD321B8E

C:\Windows\System32\drivers\tcpipreg.sys 17F37EC9042D84561C550620643D9A85

C:\Windows\System32\DRIVERS\tdcmdpst.sys FD542B661BD22FA69CA789AD0AC58C29

C:\Windows\system32\DRIVERS\tdx.sys 91D3F2A6253EF83EFBD7903028F58C4D

C:\Windows\System32\drivers\terminpt.sys E730D0EB1B84EBC98423FC8D285EDBC0

C:\Windows\System32\drivers\Thotkey.sys 32CF9A095F11EF3B27E5DF9B3343FC27

C:\Windows\System32\drivers\tpm.sys 87B9ABB965F7AF987D52791F0DD1663D

C:\Windows\System32\drivers\TsUsbFlt.sys 48E828C66AB016E48F2CB4DD585315FD

C:\Windows\System32\drivers\TsUsbGD.sys 267C76EE60736EA5A1811A53FA02AABE

C:\Windows\System32\drivers\TVALZ_O.SYS 6A2A692F6A987D8C3BF758CA5A225BD1

C:\Windows\System32\drivers\uagp35.sys 42C546414F80BD6C0137FC3A106F8A69

C:\Windows\System32\drivers\uaspstor.sys 1686DBC81748B096232B15F16C302985

C:\Windows\System32\Drivers\UBQBTUSB.sys 6A38C1AB152525644CE86C48F050E3BF

C:\Windows\System32\Drivers\UcmCx.sys 82D3B1F4D80057826AA649D78147DE36

C:\Windows\System32\drivers\UcmUcsi.sys 1C95F7CE37D9EFB90EBE987A9712356C

C:\Windows\System32\drivers\ucx01000.sys AED081772091C98173905E2DF28C223B

C:\Windows\System32\drivers\udecx.sys DCA34A111C29E4578DF2B8CEA3C7CDBD

C:\Windows\System32\DRIVERS\udfs.sys 718A956AE00CE086F381044AB66CC29C

C:\Windows\System32\drivers\UEFI.sys BA760F8E66428BA9FF1E8BFBC6248136

C:\Windows\System32\drivers\ufx01000.sys 05DD22294A4F3F89E52351C7721E6D2C

C:\Windows\System32\drivers\UfxChipidea.sys 2B1DABA97DDF5365FC66EE7DEDD86A13

C:\Windows\System32\drivers\ufxsynopsys.sys 2A87EA182EA333D79AA0B03833EA67F2

C:\Windows\System32\drivers\uliagpkx.sys 6DE78C04BF32ECA7AF3064F53687C9A5

C:\Windows\System32\drivers\umbus.sys 67D1E0E6E4D5D33AF0AEF0E33B4DA0F4

C:\Windows\System32\drivers\umpass.sys 11680607944A719EF20E0E740785712A

C:\Windows\System32\drivers\urschipidea.sys 2410A0C20D21A25E6C01979FA886BE90

C:\Windows\System32\drivers\urscx01000.sys 6E59CE43B6BA5AA1ADCF36A4DBBB92BB

C:\Windows\System32\drivers\urssynopsys.sys E8A59FA109A22FC07E44BDFCC9727DBD

C:\Windows\System32\drivers\usbccgp.sys D8A44550ECE102B6443F5D54DCE7DAB3

C:\Windows\System32\drivers\usbcir.sys 66B3D22DAB5312FF238ABF5C6D9F8FAB

C:\Windows\System32\drivers\usbehci.sys 3E4F20DB902D2E2914F3FF3DB9772200

C:\Windows\System32\DRIVERS\usbfilter.sys 5A4AC5D05A7C97C68596416C05D6F2B4

C:\Windows\System32\drivers\usbhub.sys 41F7F00D76904416EF1F9EFA1A4C37A2

C:\Windows\System32\drivers\UsbHub3.sys E7463CE8579A0418A98BE9BE42C647D7

C:\Windows\System32\drivers\usbohci.sys DAB35CCA86F5FBE77D870A40089BC4A1

C:\Windows\System32\drivers\usbprint.sys 21162F65C7756AAECAEBED9E67D0A5FE

C:\Windows\System32\drivers\usbser.sys 4AAD6547953D373A1EB5B2DF583D868B

C:\Windows\System32\drivers\USBSTOR.SYS 8949F77132A4F8F3BA17C6727099F002

C:\Windows\System32\drivers\usbuhci.sys 8B3E458A8851F9A3B2109B1680EE1159

C:\Windows\System32\Drivers\usbvideo.sys 4B13B61CBB9CC3CB373C60B930D648F5

C:\Windows\System32\drivers\USBXHCI.SYS 9E9D58F5E1702955B2F4D62996F80E8E

C:\Windows\system32\DRIVERS\VBoxDrv.sys B99756F6517B54AAF762420874D6F10B

C:\Windows\System32\drivers\VBoxNetAdp6.sys 4253313F443C178BC264324577840F37

C:\Windows\system32\DRIVERS\VBoxNetLwf.sys 52F491257ACDA1F4F579B86A55459DCD

C:\Windows\system32\DRIVERS\VBoxUSBMon.sys A622354ADE1DD20B586255E167F7AA32

C:\Windows\System32\drivers\vdrvroot.sys E1BE37312785A71862516F66B3FD24CE

C:\Windows\System32\drivers\VerifierExt.sys E42C0F2850735FF9D908B9DB581E6314

C:\Windows\System32\drivers\vhdmp.sys EC15FD6A28757793E2DA394CD94ABD52

C:\Windows\System32\drivers\vhf.sys D0C9632C350F46786643A069251BC249

C:\Windows\System32\drivers\vmbus.sys E886CB75DA2B6EB35469EF10135624C7

C:\Windows\System32\drivers\VMBusHID.sys 46D2EC27820EC0F798F85821E53C2942

C:\Windows\System32\drivers\volmgr.sys B9265F47E7A354BAAA0AF5CBA3F8F7CE

C:\Windows\System32\drivers\volmgrx.sys BEE9C8B72AB752B794F69C2B9B3678AA

C:\Windows\System32\drivers\volsnap.sys E1F91A727A04C9F8199D04FF3BBBF63C

C:\Windows\System32\drivers\vpci.sys F7B1B1101271E31F43CC76E890704F51

C:\Windows\System32\drivers\vsmraid.sys D48ED0A08BD2FD25A833E6AC99623091

C:\Windows\System32\drivers\vstxraid.sys 6990D4AFDF545669D4E6C232F26DE1FB

C:\Windows\System32\drivers\vwifibus.sys 1EE11F0508C58EF081F4176E66D6970B

C:\Windows\System32\drivers\vwififlt.sys 938E4EF58E42D252B742B0E243011B90

C:\Windows\System32\drivers\vwifimp.sys 3BE5AAC930447FD18D4A8255A2FEC95C

C:\Windows\System32\drivers\wacompen.sys 00C27B64C758C111E5D78A70DE6CA2B6

C:\Windows\System32\DRIVERS\wanarp.sys 8CB53620B2C2F0641DD7563EA0FDF491

C:\Windows\System32\DRIVERS\wanarp.sys 8CB53620B2C2F0641DD7563EA0FDF491

C:\Windows\system32\drivers\WdBoot.sys 069D3D6E20AD753B34FCE856F0436869

C:\Windows\System32\drivers\Wdf01000.sys 6CC727E94CD84E9720FDCDA8089CABCC

C:\Windows\system32\drivers\WdFilter.sys E3E97151A1D1E87BB2D5371F66C5F169

C:\Windows\System32\DRIVERS\wdiwifi.sys 2BC2E99623119521EEF7910A11D0FDE0

C:\Windows\System32\Drivers\WdNisDrv.sys 07B043160399AF4009054E2EA3464BF4

C:\Windows\System32\drivers\wfplwfs.sys C11272713719922DE5711094333BD166

C:\Windows\System32\drivers\wimmount.sys EF536C54AB9281FDC4E83B07279FCFC4

C:\Windows\System32\drivers\WindowsTrustedRT.sys D8966A76408107224C6013993135DD78

C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys 8B102A7B6CE326FD4208CC7C2D183343

C:\Windows\System32\drivers\winmad.sys 4A53441C1C4D2878BEF27E381138BB2D

C:\Windows\System32\drivers\WinUSB.SYS 260907CE034FE327AC99BDA4153AB22F

C:\Windows\System32\drivers\winverbs.sys 40A3E8D729F458B2C9A8BD9380FF83D5

C:\Windows\System32\drivers\wmiacpi.sys 8F010BF65238F3F822D22BA12831796E

C:\Windows\System32\Drivers\Wof.sys 2A9650FCC696DB28E45EA8B33B99B8E6

C:\Windows\System32\DRIVERS\wpcfltr.sys 22C52D7EE7C7D0E02C8EFD8CAE8E3A71

C:\Windows\System32\drivers\WpdUpFltr.sys 1C08E424CBDD5065BB7266F8C048C1B1

C:\Windows\system32\drivers\ws2ifsl.sys 638B43D39A3D0B47024555CF1095E6F1

C:\Windows\System32\drivers\WSDPrint.sys F517CB0182B1DA5C0E0FC6B548FF60CC

C:\Windows\System32\drivers\WudfPf.sys A928F25CB62232F413EE655352856E10

C:\Windows\System32\drivers\WUDFRd.sys A932391623D5CEC4EF4A2A17D3CEBFCD

C:\Windows\system32\DRIVERS\WUDFRd.sys A932391623D5CEC4EF4A2A17D3CEBFCD

C:\Windows\system32\DRIVERS\WUDFRd.sys A932391623D5CEC4EF4A2A17D3CEBFCD

C:\Windows\System32\drivers\xboxgip.sys F279536122B83FD0D8E158AA753E1B7C

C:\Windows\System32\drivers\xinputhid.sys DA0807D87A62D076C29C4E30F1E84F46

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Files in the root of some directories =======

 

2016-07-09 13:12 - 2016-07-09 13:13 - 0045756 __RSH () C:\Program Files (x86)\DLS8Uninstall.log

2015-04-10 08:18 - 2015-04-10 08:18 - 0000046 _____ () C:\Users\Paul\AppData\Roaming\Camdata.ini

2015-04-10 08:18 - 2015-04-10 08:18 - 0000408 _____ () C:\Users\Paul\AppData\Roaming\CamLayout.ini

2015-04-10 08:18 - 2015-04-10 08:18 - 0000408 _____ () C:\Users\Paul\AppData\Roaming\CamShapes.ini

2015-04-10 08:18 - 2015-04-10 08:18 - 0004518 _____ () C:\Users\Paul\AppData\Roaming\CamStudio.cfg

2016-06-29 12:16 - 2016-06-29 13:54 - 0000139 _____ () C:\Users\Paul\AppData\Roaming\NWNToolPrefs.txt

2015-03-13 18:46 - 2016-06-30 08:38 - 0004702 _____ () C:\Users\Paul\AppData\Roaming\prio.ini

2015-08-24 16:55 - 2015-08-24 18:31 - 14548992 _____ () C:\Users\Paul\AppData\Roaming\Sandra.mdb

2015-10-13 22:46 - 2015-10-13 22:48 - 0006144 _____ () C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2016-06-03 20:20 - 2016-06-03 20:20 - 0000036 _____ () C:\Users\Paul\AppData\Local\housecall.guid.cache

2015-07-17 17:45 - 2016-04-21 00:26 - 0000600 _____ () C:\Users\Paul\AppData\Local\PUTTY.RND

2016-07-26 15:52 - 2016-07-26 15:52 - 0000218 _____ () C:\Users\Paul\AppData\Local\recently-used.xbel

2015-11-10 22:32 - 2015-11-10 22:32 - 0007601 _____ () C:\Users\Paul\AppData\Local\Resmon.ResmonCfg

2016-06-03 22:11 - 2016-06-03 22:11 - 0000010 _____ () C:\Users\Paul\AppData\Local\sponge.last.runtime.cache

2016-07-04 15:08 - 2016-07-04 15:08 - 0019535 _____ () C:\ProgramData\empty.ico

2015-03-19 09:37 - 2016-06-22 18:28 - 0028173 _____ () C:\ProgramData\lmab.log

 

Some files in TEMP:

====================

C:\Users\Paul\AppData\Local\Temp\jre-8u101-windows-au.exe

C:\Users\Paul\AppData\Local\Temp\pushbullet_watchdog.exe

C:\Users\Paul\AppData\Local\Temp\SandboxieInstall.exe

C:\Users\Paul\AppData\Local\Temp\SkypeSetup.exe

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2016-07-31 08:57

 

==================== End of FRST.txt ============================



#7 Protopia

Protopia
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 31 July 2016 - 11:26 AM

Can't seem to attach a file so here is Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016

Ran by Paul (2016-07-31 16:00:47)

Running from C:\Temp

Windows 10 Pro Version 1511 (X64) (2016-07-04 07:46:06)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-842475166-3683424370-3109751953-500 - Administrator - Disabled) => C:\Users\Administrator

DefaultAccount (S-1-5-21-842475166-3683424370-3109751953-503 - Limited - Disabled)

Guest (S-1-5-21-842475166-3683424370-3109751953-501 - Limited - Disabled)

Paul (S-1-5-21-842475166-3683424370-3109751953-1000 - Administrator - Enabled) => C:\Users\Paul

Will (S-1-5-21-842475166-3683424370-3109751953-1029 - Limited - Enabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: ESET Smart Security 9.0.318.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: ESET Smart Security 9.0.381.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

12Pay Payroll (HKLM-x32\...\{6068706F-E0F0-4C94-9994-205FDE65EE8F}) (Version: 1.17.27 - 12Pay Ltd)

Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis)

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated)

Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.17 - Adobe Systems)

Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)

Adobe PDF iFilter 11 for 64-bit platforms (HKLM\...\{BA5C0CC3-421B-4AE5-9370-1650D1941F30}) (Version: 11.0.00 - Adobe)

AllShare Framework DMS (HKLM\...\{83232C27-8C3F-44A5-9EB2-BB7161228ADD}) (Version: 1.3.23 - Samsung)

Amazon Kindle (HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)

Amazon Kindle (HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)

AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)

AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)

Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)

Betternet for Windows (HKLM-x32\...\{2E77104D-96E1-4A9C-86F2-C7CF4C70EB35}) (Version: 3.6.0.0 - Betternet Technologies Inc.)

BioWare Premium Module: Neverwinter Nights - Infinite Dungeons (HKLM-x32\...\Neverwinter Nights - Infinite Dungeons) (Version:  - BioWare Corp.)

BioWare Premium Module: Neverwinter Nights - Kingmaker (HKLM-x32\...\Neverwinter Nights - Kingmaker) (Version:  - BioWare Corp.)

BioWare Premium Module: Neverwinter Nights - Pirates of the Sword Coast (HKLM-x32\...\Neverwinter Nights - Pirates of the Sword Coast) (Version:  - BioWare Corp.)

BioWare Premium Module: Neverwinter Nights - ShadowGuard (HKLM-x32\...\Neverwinter Nights - ShadowGuard) (Version:  - BioWare Corp.)

BioWare Premium Module: Neverwinter Nights - Witch's Wake (HKLM-x32\...\Neverwinter Nights - Witch's Wake) (Version:  - BioWare Corp.)

BioWare Premium Module: Neverwinter Nights - Wyvern Crown of Cormyr (HKLM-x32\...\Neverwinter Nights - Wyvern Crown of Cormyr) (Version:  - BioWare Corp.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

calibre 64bit (HKLM\...\{9152084E-DEE6-4908-93D0-DC2227FEACB5}) (Version: 2.62.0 - Kovid Goyal)

CamStudio Lossless Codec v1.5 (HKLM-x32\...\camcodec) (Version: 1.5 - CamStudio)

CamStudio version 2.7 (HKLM-x32\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)

Catalyst Control Center Next Localization BR (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization CHS (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization CHT (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization CS (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization DA (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization DE (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization EL (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization ES (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization FI (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization FR (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization HU (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization IT (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization JA (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization KO (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization NL (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization NO (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization PL (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization RU (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization SV (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization TH (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization TR (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)

ComicRack v0.9.176 (HKLM\...\ComicRack) (Version: v0.9.176 - cYo Soft)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Devart Code Compare  4.1.78 (HKLM\...\CodeCompare_is1) (Version: 4.1.78 - Devart)

DiskCheckup v3.3 (HKLM-x32\...\DiskCheckup_is1) (Version: 3.3.1000 - PassMark Software)

Doom 3 (HKLM-x32\...\InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}) (Version: 1.00.0000 - Activision)

Doom 3 (x32 Version: 1.00.0000 - Activision) Hidden

Dropbox (HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Dropbox) (Version: 7.3.29 - Dropbox, Inc.)

Dropbox (HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 7.3.29 - Dropbox, Inc.)

DShield Universal Firewall Client (HKLM-x32\...\ST6UNST #1) (Version:  - )

DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)

DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.5.3.1897 - Sanford, L.P.)

EaseUS Partition Master 10.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)

EasyBCD 2.3 (HKLM-x32\...\EasyBCD) (Version: 2.3 - NeoSmart Technologies)

ESET Smart Security (HKLM\...\{11994064-51F2-45DF-A83E-539B4BFE3F5A}) (Version: 9.0.318.0 - ESET, spol. s r.o.)

Evernote v. 5.9.9 (HKLM-x32\...\{CC4235DA-F2CA-11E5-8B13-005056951CAD}) (Version: 5.9.9.9915 - Evernote Corp.)

FBReader for Windows (HKLM-x32\...\FBReader for Windows) (Version:  - )

FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )

FileZilla Client 3.19.0 (HKLM-x32\...\FileZilla Client) (Version: 3.19.0 - Tim Kosse)

FinePrint (HKLM\...\FinePrint) (Version: 8.25 - FinePrint Software, LLC)

foobar2000 v1.3.9 (HKLM-x32\...\foobar2000) (Version: 1.3.9 - Peter Pawlowski)

FreeFileSync 7.2 (HKLM-x32\...\FreeFileSync) (Version: 7.2 - www.FreeFileSync.org)

get_iplayer 4.9 (HKLM-x32\...\get_iplayer) (Version: 4.9 - infradead.org)

GitHub (HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\5f7eb300e2ea4ebf) (Version: 3.0.17.0 - GitHub, Inc.)

GitHub (HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\5f7eb300e2ea4ebf) (Version: 3.0.17.0 - GitHub, Inc.)

GnuWin32: GetText version 0.14.4 (HKLM-x32\...\GetText-0.14.4_is1) (Version: 0.14.4 - GnuWin32)

GO Contact Sync Mod (HKLM-x32\...\{23CB2F31-83CD-4BBC-A0ED-3B7895252D82}) (Version: 3.9.13 - WebGear Ltd, New Zealand + Create Software + Stru.be + saller.NET + Big-R)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.82 - Google Inc.)

Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden

Graboid Video (HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Graboid Video 5.2.1.0) (Version: 5.2.1.0 - Graboid Inc.)

Graboid Video (HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Graboid Video 5.2.1.0) (Version: 5.2.1.0 - Graboid Inc.)

Graboid Video (x32 Version: 5.2.1.0 - Graboid Inc.) Hidden

Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version:  - HDS)

Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)

HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)

HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.72.3 - HTC)

ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)

InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)

IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)

Isoplex (HKLM-x32\...\{9BE6C54A-9A43-4F7B-85F8-F5610BE07873}) (Version: 1.0.0 - Isoplex)

Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)

Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)

Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Kiwi Syslog Server 9.5.0  (Service Edition) (HKLM-x32\...\Kiwi Syslog Server) (Version: 9.5.0  (Service Edition) - hxxp://www.kiwisyslog.com)

K-Lite Codec Pack 9.3.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.3.0 - )

LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version:  - Audacity Team)

LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )

Lexmark Software Uninstall (HKLM\...\Lexmark_HostCD) (Version:  - Lexmark International, Inc.)

Malwarebytes Anti-Exploit version 1.8.1.2563 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2563 - Malwarebytes)

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

MediaInfo 0.7.75 (HKLM\...\MediaInfo) (Version: 0.7.75 - MediaArea.net)

MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)

MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)

Microsoft Office Labs Search Commands (HKLM-x32\...\{C6ACC864-52AE-44D9-8AAA-20C69AD43267}) (Version: 1.5.0.6 - Microsoft Office Labs)

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Sounds (HKLM-x32\...\{10CE1EA2-12E9-11D3-825E-00C04F6843FE}) (Version: 1.0.0.0 - Microsoft Corp)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (HKLM-x32\...\Microsoft Visual C++ 2008 Express Edition with SP1 - ENU) (Version:  - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)

Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{90A80D89-A0E4-33C1-B13D-B93CB3496867}.KB945140) (Version: 1 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}) (Version: 6.1.5288.17011 - Microsoft Corporation)

Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (HKLM\...\{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}) (Version: 3.5.30729 - Microsoft Corporation)

Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (HKLM\...\{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}) (Version: 6.1.5295.17011 - Microsoft Corporation)

MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)

mIRC (HKLM-x32\...\mIRC) (Version: 7.29 - mIRC Co. Ltd.)

Monkey's Audio (HKLM-x32\...\Monkey's Audio_is1) (Version:  - )

Morefunc (HKLM-x32\...\Morefunc) (Version:  - )

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mozilla Firefox 47.0 (x64 en-US) (HKLM\...\Mozilla Firefox 47.0 (x64 en-US)) (Version: 47.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0 - Mozilla)

MP3 Diags (HKLM-x32\...\MP3Diags) (Version:  - )

Mp3tag v2.72 (HKLM-x32\...\Mp3tag) (Version: v2.72 - Florian Heidenreich)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

Music Manager (HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\MusicManager) (Version:  - Google, Inc.)

Music Manager (HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MusicManager) (Version:  - Google, Inc.)

MusicBee 2.4 (HKLM-x32\...\MusicBee) (Version: 2.4 - Steven Mayall)

MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.3.2 - MusicBrainz)

NetDrive (HKLM-x32\...\NetDrive) (Version: 1.3.4.0 - Bdrive Inc.)

Network Activity Indicator for Windows 7 - 8.1 (HKLM-x32\...\NetworkIndicator_is1) (Version: 1.7 - ITSamples.com)

Neverwinter Nights (HKLM-x32\...\{7C503E58-B2BC-11D5-978A-0050BA84F5F7}) (Version:  - )

nGlide 1.05 (HKLM-x32\...\nGlide) (Version: 1.05 - Zeus Software)

NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )

Nmap 6.49BETA1 (HKLM-x32\...\Nmap) (Version:  - )

Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)

OpenAL (HKLM-x32\...\OpenAL) (Version:  - )

OpenVPN 2.3.11-I601  (HKLM\...\OpenVPN) (Version: 2.3.11-I601 - )

OpenVPN 2.3.11-I601  (HKLM-x32\...\OpenVPN) (Version: 2.3.11-I601 - )

Oracle VM VirtualBox 5.0.26 (HKLM\...\{257A247A-9BC8-4506-B4EC-F4A725976174}) (Version: 5.0.26 - Oracle Corporation)

paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)

PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version:  - )

pdfFactory Pro (HKLM\...\pdfFactory Pro) (Version: 5.25 - FinePrint Software, LLC)

Premium Sound HD (HKLM\...\{3007FF9F-5B2C-41FF-8BFC-08BF25DB2681}) (Version: 1.12.1800 - SRS Labs, Inc.)

Puran File Recovery 1.2 (HKLM\...\Puran File Recovery_is1) (Version:  - Puran Software)

Pushbullet version 312 (HKLM-x32\...\{7578F204-49E7-4830-B051-14C23F408BFE}_is1) (Version: 312 - Pushbullet Inc)

PyQt GPL v4.11.3 for Python v2.7 (x32) (HKLM-x32\...\PyQt GPL v4.11.3 for Python v2.7 (x32)) (Version: 4.11.3 - )

Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation)

qBittorrent 3.3.6 (HKLM-x32\...\qBittorrent) (Version: 3.3.6 - The qBittorrent project)

QuickBooks (x32 Version: 25.0.4010.2506 - Intuit Limited) Hidden

QuickBooks Pro 2015 (HKLM-x32\...\{8F02EFA1-8F5E-4E47-A6B5-D99E4FE90271}) (Version: 25.0.4003.2506 - Intuit Limited)

QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)

Radeon RAMDisk (HKLM-x32\...\{B2E6BE54-ABAA-4D47-BA1F-D63A13ABC880}) (Version: 4.4.0.34 - Dataram, Inc.)

Raptr (HKLM-x32\...\Raptr) (Version: 5.2.1-r113066-release - Raptr, Inc)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10240.29090 - Realtek Semiconduct Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0035 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)

REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)

REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden

Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)

Registrar Registry Manager 7.70 (HKLM\...\RegistrarHome_is1) (Version:  - Resplendence Software Projects Sp.)

ReNamer (HKLM-x32\...\ReNamer_is1) (Version: 6.2.0.0 - den4b Team)

Rubberduck version 1.4.3.0 (HKLM\...\{979AFF96-DD9E-4FC2-802D-9E0C36A60D09}_is1) (Version: 1.4.3.0 - Rubberduck)

Sample Code for Programming Applications for Microsoft Office Outlook 2007 (HKLM-x32\...\{16D2EAB1-7405-45F7-A3D7-3C9A9CC0ECA9}) (Version: 1.0.0 - Microsoft)

Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)

Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden

Samsung Link 2.0.0.1603091618 (HKLM\...\8474-7877-9059-0204) (Version: 2.0.0.1603091618 - Samsung Electronics Co.,Ltd)

Sandboxie 5.12 (64-bit) (HKLM\...\Sandboxie) (Version: 5.12 - Sandboxie Holdings, LLC)

Secunia PSI (2.0.0.3003) (HKLM-x32\...\Secunia PSI) (Version:  - )

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Shareaza 2.7.9.0 (HKLM-x32\...\Shareaza_is1) (Version: 2.7.9.0 - Shareaza Development Team)

SiSoftware Sandra Lite 2015.SP2b (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2496}_is1) (Version: 21.42.2015.7 - SiSoftware)

SKTimeStamp (HKLM\...\{AAD52EF2-3EEB-489C-9F93-B0C1EC1D21A8}) (Version: 1.3.3 - Stefans Tools)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)

Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)

SoftPerfect RAM Disk 3.4.6 (HKLM\...\{33A14ED9-0340-4193-BEDB-B95BC8196182}_is1) (Version:  - SoftPerfect Research)

SoundPackager (HKLM-x32\...\SoundPackager) (Version: 1.31 - Stardock Software, Inc.)

Starship Titanic DVD (HKLM-x32\...\Starship Titanic) (Version:  - )

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)

System Explorer 7.0.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version:  - Mister Group)

TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )

ToolTipFixer 2.0 (HKLM-x32\...\ToolTipFixer) (Version: 2.0 - NeoSmart Technologies)

TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.1 - TOSHIBA CORPORATION)

TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)

TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation)

TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0020 - TOSHIBA)

TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.12 - TOSHIBA Corporation)

TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION)

TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.15.0 - TOSHIBA)

TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0023.640204 - TOSHIBA Corporation)

TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation)

TreeSize Free V3.3.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software)

Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 3.0.0 - Tweaking.com)

UltimateDefrag (HKLM-x32\...\UltimateDefrag) (Version: 4.0.98.0 - DiskTrix, Inc.)

VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version: 1.00.0000 - Intuit Inc.)

VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.)

Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)

Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)

VSSCopy version 1.0 (HKLM\...\{AB8009B0-0964-4249-ADBE-D8717FEA820C}_is1) (Version: 1.0 - Cortex I.T.)

WhoCrashed 5.03 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

WinHTTrack Website Copier 3.48-21 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.21 - HTTrack)

WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\Paul\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)

CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Paul\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\Paul\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)

CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Paul\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {009B7166-B6FD-4888-9D13-E2A4603D6B8B} - System32\Tasks\WebCron\FCH Prod J3 backup => cmd.exe /c FCH_J3_Backup.cmd

Task: {0207504D-A84D-4EB9-B279-02255F7DF69F} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe

Task: {036F9742-E388-4B71-9373-2FF079680757} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-842475166-3683424370-3109751953-1000UA => C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2015-07-25] (Google Inc.)

Task: {0793DDB3-50B7-4D70-92AC-6D1E41038FD3} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION

Task: {0B7EBBCD-3DC0-4102-B640-532D6656F798} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

Task: {0E3A52B2-858B-4F2A-AC16-4F8ADA2ECEAB} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe

Task: {0E4482D1-8FCB-425A-8A67-91BD5345C03C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe

Task: {0FDF2709-0367-4AFD-A4B0-F94CDDC38DEB} - System32\Tasks\C850D\Backup System to network => /c wbadmin.exe start backup -BackupTarget:\\Hex\Hex-NAS\Backups\C850D\System -AllCritical -include:D:\Paul\Outlook -noInheritAcl -quiet &gt; \\C850D\D$\Backups\system-network.log

Task: {11957B0B-41DC-4B07-AA90-3E70CA82F8DA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {16F2BCAA-ED96-4E28-92B4-B72EBB634A7D} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe

Task: {19C67841-85F9-4DA0-852B-D5FFD8BCCEFF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

Task: {247245C7-24EC-4B88-A613-1A61942AA68E} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe

Task: {265346B7-0B08-4C48-8D81-34FE02B05EC8} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION

Task: {27A20278-5F1E-470E-AD75-B6020AA3445D} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {284F015F-1A9E-4FB0-BB84-86F99AB919D8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

Task: {37B6D25C-2103-42B4-8ADD-C67B055E4FA9} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe

Task: {385654F1-FAB2-4A13-90D4-B3AB8DADDD1D} - System32\Tasks\Shareaza.Reduced Bandwidth.Logon => C:\Program Files (x86)\Shareaza\Shareaza.exe [2015-10-04] (Shareaza Development Team)

Task: {3974CD9B-616D-46D2-AF97-EBCDADE98F3D} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION

Task: {3B024F08-4184-4B8E-9089-74AA22CBF9C3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-842475166-3683424370-3109751953-1000Core => C:\Users\Paul\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-05-15] (Dropbox, Inc.)

Task: {3B1B4826-4122-4592-AAB3-74E6D043EE80} - System32\Tasks\Shareaza.0002 => C:\Program Files (x86)\Shareaza\Shareaza.exe [2015-10-04] (Shareaza Development Team)

Task: {3E7FFCF0-28B1-4452-9AD2-073B716D44FC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-842475166-3683424370-3109751953-1000UA => C:\Users\Paul\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-05-15] (Dropbox, Inc.)

Task: {48A8782C-B3A9-4F06-8992-9F163B8404C4} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe

Task: {4C261A89-E9B2-489E-9693-A62958F016F5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

Task: {4E30B532-1737-45B1-9DEA-A8DF58F357FB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

Task: {4FE3D5BD-B773-4A37-A6A8-A46375208E2C} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-05-03] (Advanced Micro Devices, Inc.)

Task: {52E8E002-0047-4056-AABC-6C4F568F2DDB} - System32\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task => C:\Program Files (x86)\Spybot - Search & Destroy\SDUpdate.exe

Task: {5FB7989B-7DCC-41F3-AD1A-ADFF95A3F4B2} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe

Task: {606B3408-C039-44AE-A4A1-58E02B20EEA8} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {68C12AD8-91E5-46A8-84AC-2477F5D0E5F7} - System32\Tasks\LogonScreenRotator => C:\Program Files (x86)\Logon Screen Rotator\Logon Screen Rotator.exe

Task: {69F4B34C-C49E-4F2B-BCA6-E4E72A70F2C9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe

Task: {6EB34C2F-2E1E-44C2-BB56-8D52CDB93769} - System32\Tasks\C850D\DShield submission => C:\Program Files (x86)\cvtwin\cvtwin.exe [2009-11-18] (DShield.org)

Task: {73D297F7-6F85-4F61-B72F-277B1F150B59} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe

Task: {743D3844-F28B-4F0E-918E-F89F93CC3A40} - System32\Tasks\C850D\Backup Prune Data => cmd.exe /c PruneBackups.cmd "\\Hex\Hex-NAS\Backups\C850D\Data\C850D" 2 "\\C850D\D$\Backups\data-prunebackups.log"

Task: {752DCCF4-1195-44A6-A98B-0FC6259DB62A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

Task: {760A7686-5607-41EB-AB73-498BBC77BADC} - \ConfigFree Startup Programs -> No File <==== ATTENTION

Task: {790D0C30-75D7-4777-BC20-F36FAFFC7A96} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)

Task: {7DC6C115-0C92-4BB7-96F9-11F2BD3A4CC6} - System32\Tasks\Shareaza.0001 => C:\Program Files (x86)\Shareaza\Shareaza.exe [2015-10-04] (Shareaza Development Team)

Task: {8205BFFF-425A-4FDE-8FAB-30EE898B866B} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe

Task: {847B7B9C-6399-452E-9463-096C606E3950} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe

Task: {8DE06830-167C-47DB-8B83-94744077938F} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_Paul => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [2015-08-21] (H.D.S. Hungary)

Task: {9D14A0F9-E5B8-4DEC-8518-E7774C0B463C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

Task: {A066D802-8A30-495A-BE7D-C1A4C1E38E2E} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe

Task: {A1C23E12-F824-4244-A1CA-20895B6D9816} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe

Task: {A3A65CF3-2D91-409D-9096-1F28F5C69E0B} - System32\Tasks\C850D\Sound mute => nircmd.exe

Task: {A7FFBAF6-58D1-4F38-B21D-8414CBDA667C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe

Task: {AB987572-01F9-4BC8-AA6E-997925E61B62} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)

Task: {AC6EEE18-5ED4-431E-A3FB-551ACC469E65} - System32\Tasks\WebCron\FCH Prod J2 backup => cmd.exe /c FCH_J2_Backup.cmd

Task: {AEC1630A-F3E9-48B0-B5D1-3951649A593F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {B0F614D9-4AD3-4209-A8C5-60C8FE614A8C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)

Task: {B452E104-B60A-4612-9261-489304EEA5E5} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe

Task: {B6A562FE-1105-4C6B-8627-76A6295FAEA3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

Task: {BBDCE48E-137C-4E13-9D71-F0D80FB89114} - System32\Tasks\Spybot - Search & Destroy -  Scheduled Task => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe

Task: {C06AD790-B40D-4271-89AB-8FE76061B532} - System32\Tasks\C850D\Sound unmute => nircmd.exe

Task: {C7FA5557-6580-405D-B7DF-5E9F08D5F695} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

Task: {D0C3D2FF-AF86-4889-B137-3154BB75B399} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe

Task: {D1BA2761-3D1C-44FA-925C-54E4642B6DF3} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION

Task: {D2DEAB5E-85F3-4DE5-90D1-68956F5BBCE8} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe

Task: {D5467E6E-B449-47B1-A56F-36B83EF88D68} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

Task: {D5683A9D-4C15-4E24-8A02-8B7CE28DE317} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe

Task: {DAB6629D-F63C-4BFB-88B0-586C4E994CD5} - System32\Tasks\WebCron\FCH Dev J3 backup => cmd.exe /c DEV_J3_Backup.cmd

Task: {DAEDDCE4-6927-480B-BF54-6D01CA4BAA81} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

Task: {E2CA90C6-4929-445E-BD9C-4BE3679E59FD} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION

Task: {E3F5C1AB-3A9F-4B22-9D6A-E7606BDC4E77} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-842475166-3683424370-3109751953-1000Core => C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2015-07-25] (Google Inc.)

Task: {E8F46B6B-6678-4D4F-B3FA-0F2F7EF2E7CE} - System32\Tasks\WebCron\FCH Test J3 backup => cmd.exe /c TEST_J3_Backup.cmd

Task: {F81F67D0-E161-4439-B04F-5AFBF84BE1FD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

Task: {FB56121C-AFF3-423B-88BD-A67A2E0ABD25} - System32\Tasks\C850D\Backup System to hard drive => /c wbadmin.exe start backup -BackupTarget:D: -AllCritical -include:D:\Paul\Outlook -quiet &gt; \\C850D\D$\Backups\system-local.log

Task: {FCA0C4E6-7D26-45D4-98D9-FA9BF369DA99} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-842475166-3683424370-3109751953-1000Core.job => C:\Users\Paul\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-842475166-3683424370-3109751953-1000UA.job => C:\Users\Paul\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-842475166-3683424370-3109751953-1000Core.job => C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-842475166-3683424370-3109751953-1000UA.job => C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\Shareaza.0001.job => C:\Program Files (x86)\Shareaza\Shareaza.exe

Task: C:\WINDOWS\Tasks\Shareaza.0002.job => C:\Program Files (x86)\Shareaza\Shareaza.exe

Task: C:\WINDOWS\Tasks\Shareaza.Reduced Bandwidth.Logon.job => C:\Program Files (x86)\Shareaza\Shareaza.exe

Task: C:\WINDOWS\Tasks\Spybot - Search & Destroy -  Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe

Task: C:\WINDOWS\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SDUpdate.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

Shortcut: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Development\PyQt GPL v4.11.3 for Python v2.7 (x32)\Links\eric Homepage.lnk -> hxxp://eric-ide.python-projects.org/index.html

Shortcut: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Development\PyQt GPL v4.11.3 for Python v2.7 (x32)\Links\PyQt Book.lnk -> hxxp://www.qtrac.eu/pyqtbook.html

Shortcut: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Development\PyQt GPL v4.11.3 for Python v2.7 (x32)\Links\PyQt Homepage.lnk -> hxxp://www.riverbankcomputing.com/software/pyqt/

Shortcut: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Development\PyQt GPL v4.11.3 for Python v2.7 (x32)\Links\PyQwt Homepage.lnk -> hxxp://pyqwt.sourceforge.net/

Shortcut: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Development\PyQt GPL v4.11.3 for Python v2.7 (x32)\Links\QScintilla Homepage.lnk -> hxxp://www.riverbankcomputing.com/software/qscintilla/

Shortcut: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Development\PyQt GPL v4.11.3 for Python v2.7 (x32)\Links\Qt Homepage.lnk -> hxxp://qt.digia.com/

Shortcut: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Development\PyQt GPL v4.11.3 for Python v2.7 (x32)\Links\Qwt Homepage.lnk -> hxxp://qwt.sourceforge.net/

Shortcut: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Development\PyQt GPL v4.11.3 for Python v2.7 (x32)\Documentation\Qt Documentation.lnk -> hxxp://qt-project.org/doc/qt-4.8/

Shortcut: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\NeoSmart Technologies\EasyBCD\Online Documentation.lnk -> hxxp://neosmart.net/wiki/display/EBCD/

 

ShortcutWithArgument: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Web Browsers\Chrome Apps\ARC Welder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=emfinbmielocnlhgmfkkmkngdoccbadn

ShortcutWithArgument: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Development\Microsoft Visual C++ 2008 Express Edition\Visual Studio Tools\Visual Studio 2008 Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k ""C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\vcvarsall.bat"" x86

ShortcutWithArgument: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\ARC Welder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=emfinbmielocnlhgmfkkmkngdoccbadn

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll

2015-03-14 11:55 - 2010-09-09 18:26 - 00162824 _____ () C:\Windows\System32\GFNEXSrv.exe

2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

2011-03-22 09:08 - 2011-03-22 09:08 - 00161280 _____ () C:\Program Files (x86)\NetDrive\libexpat.dll

2016-07-04 19:06 - 2016-03-09 17:18 - 00025088 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll

2016-07-04 19:06 - 2016-03-09 17:18 - 02513920 _____ () C:\Program Files\Samsung\Samsung Link\scone_proxy.dll

2016-07-04 19:06 - 2016-03-09 17:18 - 02436096 _____ () C:\Program Files\Samsung\Samsung Link\scone_stub.dll

2013-12-21 11:25 - 2013-12-21 11:25 - 00036864 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\JNIInterface.dll

2013-12-21 11:26 - 2013-12-21 11:26 - 00144384 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\ASFAPI.dll

2013-12-21 11:27 - 2013-12-21 11:27 - 00018944 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\MediaDB_Manager.dll

2013-10-22 09:52 - 2013-10-22 09:52 - 00030720 _____ () C:\WINDOWS\SYSTEM32\MediaDB64.dll

2013-10-22 09:52 - 2013-10-22 09:52 - 00908800 _____ () C:\WINDOWS\SYSTEM32\ContentDirectoryPresenter64.dll

2013-12-21 11:27 - 2013-12-21 11:27 - 00521728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\DMS_Manager.dll

2013-07-23 19:19 - 2013-07-23 19:19 - 00049152 _____ () C:\WINDOWS\SYSTEM32\boost_date_time-vc90-mt-1_47.dll

2013-07-23 19:19 - 2013-07-23 19:19 - 00016896 _____ () C:\WINDOWS\SYSTEM32\boost_system-vc90-mt-1_47.dll

2013-07-23 19:19 - 2013-07-23 19:19 - 00299520 _____ () C:\WINDOWS\SYSTEM32\boost_serialization-vc90-mt-1_47.dll

2013-07-23 19:19 - 2013-07-23 19:19 - 00058880 _____ () C:\WINDOWS\SYSTEM32\boost_thread-vc90-mt-1_47.dll

2016-07-04 08:19 - 2016-07-04 08:19 - 00669696 ____N () C:\Windows\Temp\sqlite-3.7.151-amd64-sqlitejdbc.dll

2016-07-04 19:06 - 2016-03-09 17:18 - 00049664 _____ () C:\Program Files\Samsung\Samsung Link\JniIO.dll

2016-07-13 10:25 - 2016-07-01 05:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll

2015-07-26 15:04 - 2015-04-24 01:56 - 00089088 _____ () C:\Program Files (x86)\MediaMonkey\DeskPlayer.dll

2016-07-13 10:25 - 2016-07-01 05:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll

2016-07-04 08:59 - 2016-07-04 08:59 - 00959168 _____ () C:\Users\Paul\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll

2014-05-01 15:13 - 2016-07-21 01:34 - 00592384 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll

2016-06-03 15:39 - 2016-06-03 15:39 - 00821240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe

2016-04-27 06:12 - 2016-04-27 06:12 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll

2016-07-13 10:26 - 2016-07-01 04:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll

2016-07-13 10:25 - 2016-07-01 04:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2016-07-13 10:25 - 2016-07-01 04:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2016-07-13 10:25 - 2016-07-01 04:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll

2016-07-13 10:25 - 2016-07-01 04:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

2016-06-27 16:22 - 2016-06-27 16:22 - 00052912 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll

2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2015-03-25 19:16 - 2014-09-04 15:15 - 00097784 _____ () C:\Program Files\SoftPerfect RAM Disk\vvlib.dll

2015-06-25 16:34 - 2015-06-25 16:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll

2015-06-25 16:37 - 2015-06-25 16:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll

2015-06-25 16:35 - 2015-06-25 16:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll

2015-06-25 16:38 - 2015-06-25 16:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll

2015-06-25 15:53 - 2015-06-25 15:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll

2015-06-25 15:51 - 2015-06-25 15:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll

2007-11-11 09:58 - 2007-11-11 09:58 - 00180736 _____ () C:\Program Files (x86)\NetDrive\libmcrypt.dll

2016-07-20 17:29 - 2016-07-20 17:29 - 15855104 _____ () C:\Program Files (x86)\qBittorrent\qbittorrent.exe

2012-02-24 15:35 - 2012-02-24 15:35 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll

2016-07-04 19:13 - 2016-07-04 19:16 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe

2016-07-27 18:35 - 2016-07-19 02:31 - 02366280 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.82\libglesv2.dll

2016-07-27 18:35 - 2016-07-19 02:31 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.82\libegl.dll

2015-04-13 15:43 - 2015-04-13 15:43 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll

2016-06-03 15:37 - 2016-06-03 15:37 - 00607016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll

2015-04-13 15:44 - 2015-04-13 15:44 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll

2015-04-13 15:44 - 2015-04-13 15:44 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll

2015-04-13 15:44 - 2015-04-13 15:44 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll

2015-04-13 15:45 - 2015-04-13 15:45 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll

2015-04-13 15:47 - 2015-04-13 15:47 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll

2013-07-23 19:18 - 2013-07-23 19:18 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_date_time-vc90-mt-1_47.dll

2013-07-23 19:18 - 2013-07-23 19:18 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_system-vc90-mt-1_47.dll

2013-07-23 19:18 - 2013-07-23 19:18 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_serialization-vc90-mt-1_47.dll

2013-12-11 16:46 - 2013-12-11 16:46 - 01114624 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll

2013-07-23 19:18 - 2013-07-23 19:18 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_thread-vc90-mt-1_47.dll

2013-10-24 16:53 - 2013-10-24 16:53 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMCDP.dll

2013-10-22 09:48 - 2013-10-22 09:48 - 00707072 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ContentDirectoryPresenter.dll

2013-10-24 16:53 - 2013-10-24 16:53 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\Autobackup.dll

2013-12-11 16:46 - 2013-12-11 16:46 - 00102400 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\FolderCDP.dll

2013-04-19 16:38 - 2013-04-19 16:38 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RosettaAllShare.dll

2013-02-14 19:42 - 2013-02-14 19:42 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\sqlite3.dll

2013-12-11 16:46 - 2013-12-11 16:46 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MetadataFramework.dll

2013-02-14 19:42 - 2013-02-14 19:42 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MoodExtractor.dll

2013-02-14 19:42 - 2013-02-14 19:42 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMImgExtractor.dll

2013-10-25 19:48 - 2013-10-25 19:48 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AutoChaptering.dll

2013-12-11 16:45 - 2013-12-11 16:45 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoExtractor.dll

2013-10-25 19:49 - 2013-10-25 19:49 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AudioExtractor.dll

2013-10-25 19:53 - 2013-10-25 19:53 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageExtractor.dll

2013-10-25 19:48 - 2013-10-25 19:48 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\TextExtractor.dll

2013-10-25 19:48 - 2013-10-25 19:48 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoThumb.dll

2013-02-14 19:42 - 2013-02-14 19:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexpat.dll

2013-10-25 19:48 - 2013-10-25 19:48 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ID3Driver.dll

2013-10-25 19:53 - 2013-10-25 19:53 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ThumbnailMaker.dll

2013-10-25 19:48 - 2013-10-25 19:48 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RichInfoDriver.dll

2013-12-11 16:45 - 2013-12-11 16:45 - 00134144 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoMetadataDriver.dll

2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\SECMetaDriver.dll

2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\photoDriver.dll

2013-02-14 19:42 - 2013-02-14 19:42 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll

2013-02-14 19:42 - 2013-02-14 19:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avformat-52.dll

2013-02-14 19:42 - 2013-02-14 19:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avutil-50.dll

2013-02-14 19:42 - 2013-02-14 19:42 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\swscale-0.dll

2013-02-14 19:42 - 2013-02-14 19:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\tag.dll

2013-10-25 19:48 - 2013-10-25 19:48 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libThumbnail.dll

2013-10-25 19:53 - 2013-10-25 19:53 - 01033728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageMagickWrapper.dll

2013-10-25 19:48 - 2013-10-25 19:48 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libKeyFrame.dll

2013-02-14 19:42 - 2013-02-14 19:42 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexif-12.dll.dll

2013-02-14 19:42 - 2013-02-14 19:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\us.dll

2014-03-31 22:35 - 2014-03-31 22:35 - 00270016 _____ () C:\Program Files (x86)\Windows Live\Writer\en-GB\WindowsLive.Writer.Localization.resources.dll

2014-03-31 22:35 - 2014-03-31 22:35 - 00270016 _____ () C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll

2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

2016-07-09 16:44 - 2016-07-09 16:44 - 00053760 _____ () C:\Users\Paul\AppData\Local\assembly\dl3\XOAR8QNV.6Q0\VT0K0MRM.XMZ\f3040f33\00682b5a_1c3cd101\Outlook07DymoAddIn.DLL

2016-07-09 16:43 - 2016-07-09 16:43 - 00093696 _____ () C:\Users\Paul\AppData\Local\assembly\dl3\XOAR8QNV.6Q0\VT0K0MRM.XMZ\33c41f6d\00674c64_1a3cd101\DYMO.Common.DLL

2015-08-13 21:33 - 2015-08-13 21:33 - 00117248 _____ () C:\Users\Paul\AppData\Local\Programs\Google\MusicManager\libaacdec.dll

2015-08-13 21:34 - 2015-08-13 21:34 - 00234496 _____ () C:\Users\Paul\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll

2015-08-13 21:34 - 2015-08-13 21:34 - 00253440 _____ () C:\Users\Paul\AppData\Local\Programs\Google\MusicManager\libid3tag.dll

2015-08-13 21:33 - 2015-08-13 21:33 - 00344064 _____ () C:\Users\Paul\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll

2016-06-23 10:48 - 2016-06-23 10:48 - 00689944 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\BackupLib.dll

2016-06-23 10:50 - 2016-06-23 10:50 - 00178968 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\UpgradeCenter.dll

2016-06-23 10:50 - 2016-06-23 10:50 - 00025880 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\validationinterop.dll

2014-09-29 16:28 - 2014-09-29 16:28 - 38715904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\libcef.dll

2016-06-23 10:48 - 2016-06-23 10:48 - 00661784 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\FtuEngine.dll

2016-06-23 10:49 - 2016-06-23 10:49 - 00085784 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\QBProActiveCore.dll

2016-06-23 10:49 - 2016-06-23 10:49 - 00099096 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\QBMAPILibrary.dll

2016-06-23 10:49 - 2016-06-23 10:49 - 00031512 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\QBCompressor.dll

2016-06-23 01:09 - 2016-06-23 01:09 - 00630784 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\boost_regex-vc120-mt-1_55.dll

2016-06-23 10:48 - 2016-06-23 10:48 - 00245528 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\boost_serialization-vc120-mt-1_55.dll

2016-06-23 10:50 - 2016-06-23 10:50 - 00066328 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\zlib1.dll

2016-06-23 10:48 - 2016-06-23 10:48 - 00795416 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\FeaturesBridge.dll

2016-06-23 10:49 - 2016-06-23 10:49 - 00067864 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\mbpopup.dll

2011-02-24 19:39 - 2011-02-24 19:39 - 00012128 _____ () C:\Program Files (x86)\Common Files\Acronis\DriveMonitor\Common\icudt38.dll

2016-06-20 23:22 - 2016-06-30 03:25 - 00035792 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd

2016-07-19 02:17 - 2016-06-30 03:25 - 00145864 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\pyexpat.pyd

2016-07-19 02:17 - 2016-06-30 03:26 - 00019408 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\faulthandler.pyd

2016-07-19 02:17 - 2016-06-30 03:25 - 00116688 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\pywintypes27.dll

2016-06-20 23:22 - 2016-06-30 03:25 - 00100296 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\_ctypes.pyd

2016-06-20 23:22 - 2016-06-30 03:25 - 00018888 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\select.pyd

2016-06-20 23:22 - 2016-07-19 00:10 - 00019760 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd

2016-06-20 23:22 - 2016-06-30 03:25 - 00694224 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\unicodedata.pyd

2016-07-19 02:17 - 2016-07-19 00:10 - 00020816 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd

2016-06-20 23:22 - 2016-06-30 03:26 - 00123856 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd

2016-07-19 02:17 - 2016-07-19 00:10 - 01682760 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd

2016-07-19 02:17 - 2016-07-19 00:10 - 00020808 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd

2016-07-07 03:14 - 2016-07-19 00:10 - 00021312 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd

2016-07-19 02:17 - 2016-07-19 00:10 - 00052024 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd

2016-07-19 02:17 - 2016-07-19 00:10 - 00038696 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\fastpath.pyd

2016-06-20 23:22 - 2016-06-30 03:27 - 00105928 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\win32api.pyd

2016-07-19 02:17 - 2016-06-30 03:25 - 00392144 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\pythoncom27.dll

2016-07-19 02:17 - 2016-06-30 03:27 - 00020936 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\mmapfile.pyd

2016-06-20 23:22 - 2016-06-30 03:27 - 00024528 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\win32event.pyd

2016-06-20 23:22 - 2016-06-30 03:27 - 00114640 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\win32security.pyd

2016-06-20 23:22 - 2016-07-19 00:10 - 00381752 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd

2016-06-20 23:22 - 2016-06-30 03:27 - 00124880 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\win32file.pyd

2016-07-07 03:14 - 2016-07-19 00:10 - 00025424 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd

2016-06-20 23:22 - 2016-06-30 03:27 - 00024016 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\win32clipboard.pyd

2016-06-20 23:22 - 2016-06-30 03:27 - 00175560 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\win32gui.pyd

2016-06-20 23:22 - 2016-06-30 03:27 - 00030160 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\win32pipe.pyd

2016-06-20 23:22 - 2016-06-30 03:27 - 00043472 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\win32process.pyd

2016-06-20 23:22 - 2016-06-30 03:27 - 00048592 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\win32service.pyd

2016-07-19 02:17 - 2016-07-19 00:10 - 00026456 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd

2016-06-20 23:22 - 2016-06-30 03:27 - 00057808 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\win32evtlog.pyd

2016-06-20 23:22 - 2016-06-30 03:27 - 00024016 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\win32profile.pyd

2016-07-19 02:17 - 2016-07-19 00:10 - 00246592 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd

2016-06-20 23:22 - 2016-06-30 03:27 - 00028616 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\win32ts.pyd

2016-06-20 23:22 - 2016-07-19 00:10 - 00020800 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd

2016-06-20 23:22 - 2016-07-19 00:11 - 00019776 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd

2016-06-20 23:22 - 2016-07-19 00:11 - 00020800 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd

2016-06-20 23:22 - 2016-06-30 03:25 - 00144848 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\_elementtree.pyd

2016-07-07 03:14 - 2016-06-30 03:26 - 00241104 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\_jpegtran.pyd

2016-07-19 02:17 - 2016-07-19 00:10 - 00020280 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd

2016-06-20 23:22 - 2016-07-19 00:11 - 00023376 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd

2016-06-20 23:22 - 2016-06-30 03:27 - 00350152 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\winxpgui.pyd

2016-06-20 23:22 - 2016-07-19 00:11 - 00022352 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd

2016-07-19 02:17 - 2016-07-19 00:10 - 00024392 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd

2016-07-19 02:17 - 2016-06-30 03:28 - 00036296 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\librsync.dll

2016-07-19 02:17 - 2016-07-19 00:10 - 00031568 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd

2016-07-19 02:17 - 2016-03-12 01:46 - 00293392 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll

2016-07-19 02:17 - 2016-07-19 00:10 - 00084280 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL

2016-07-19 02:17 - 2016-07-19 00:10 - 01826096 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd

2016-06-20 23:22 - 2016-06-30 03:26 - 00083912 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\sip.pyd

2016-07-19 02:17 - 2016-07-19 00:10 - 03929392 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd

2016-07-19 02:17 - 2016-07-19 00:10 - 01972016 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd

2016-07-19 02:17 - 2016-07-19 00:10 - 00531248 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd

2016-07-19 02:17 - 2016-07-19 00:10 - 00132912 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd

2016-07-19 02:17 - 2016-07-19 00:10 - 00224056 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd

2016-07-19 02:17 - 2016-07-19 00:10 - 00207672 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd

2016-07-07 03:14 - 2016-07-19 00:10 - 00020288 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\winffi.user32._winffi_user32.pyd

2016-06-20 23:22 - 2016-06-30 03:27 - 00060880 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\win32print.pyd

2016-06-20 23:22 - 2016-07-19 00:10 - 00037192 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.pyd

2016-07-07 03:14 - 2016-07-19 00:11 - 00024904 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd

2016-07-19 02:17 - 2016-07-19 00:10 - 00546096 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd

2016-07-19 02:17 - 2016-07-19 00:10 - 00357680 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd

2016-07-19 02:17 - 2016-07-19 00:10 - 00168248 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd

2016-07-19 02:17 - 2016-07-19 00:10 - 00042808 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd

2016-03-25 15:36 - 2016-03-25 15:36 - 00439480 _____ () C:\Program Files (x86)\Evernote\libxml2.dll

2016-03-25 15:36 - 2016-03-25 15:36 - 00321208 _____ () C:\Program Files (x86)\Evernote\libtidy.dll

2016-07-21 01:31 - 2016-07-21 01:31 - 00482304 _____ () C:\ProgramData\MEGAsync\libsodium.dll

2016-07-31 15:28 - 2016-07-31 15:28 - 00098816 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\win32api.pyd

2016-07-31 15:28 - 2016-07-31 15:28 - 00110080 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\pywintypes27.dll

2016-07-31 15:28 - 2016-07-31 15:28 - 00364544 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\pythoncom27.dll

2016-07-31 15:28 - 2016-07-31 15:29 - 00320512 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\win32com.shell.shell.pyd

2016-07-31 15:28 - 2016-07-31 15:28 - 00776704 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\_hashlib.pyd

2016-07-31 15:29 - 2016-07-31 15:29 - 01176576 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\wx._core_.pyd

2016-07-31 15:29 - 2016-07-31 15:29 - 00806400 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\wx._gdi_.pyd

2016-07-31 15:29 - 2016-07-31 15:29 - 00816128 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\wx._windows_.pyd

2016-07-31 15:29 - 2016-07-31 15:29 - 01067008 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\wx._controls_.pyd

2016-07-31 15:29 - 2016-07-31 15:29 - 00733184 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\wx._misc_.pyd

2016-07-31 15:28 - 2016-07-31 15:28 - 00682496 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\pysqlite2._sqlite.pyd

2016-07-31 15:28 - 2016-07-31 15:28 - 00088064 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\_ctypes.pyd

2016-07-31 15:29 - 2016-07-31 15:29 - 00119808 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\win32file.pyd

2016-07-31 15:29 - 2016-07-31 15:29 - 00108544 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\win32security.pyd

2016-07-31 15:28 - 2016-07-31 15:28 - 00007168 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\hashobjs_ext.pyd

2016-07-31 15:28 - 2016-07-31 15:28 - 00017920 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\thumbnails_ext.pyd

2016-07-31 15:28 - 2016-07-31 15:28 - 00088064 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\usb_ext.pyd

2016-07-31 15:28 - 2016-07-31 15:28 - 00012288 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\common.time34.pyd

2016-07-31 15:29 - 2016-07-31 15:29 - 00018432 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\win32event.pyd

2016-07-31 15:29 - 2016-07-31 15:29 - 00167936 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\win32gui.pyd

2016-07-31 15:28 - 2016-07-31 15:28 - 00046080 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\_socket.pyd

2016-07-31 15:28 - 2016-07-31 15:28 - 01208320 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\_ssl.pyd

2016-07-31 15:28 - 2016-07-31 15:28 - 00128512 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\_elementtree.pyd

2016-07-31 15:28 - 2016-07-31 15:28 - 00127488 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\pyexpat.pyd

2016-07-31 15:29 - 2016-07-31 15:29 - 00038912 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\win32inet.pyd

2016-07-31 15:28 - 2016-07-31 15:28 - 00036864 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\_psutil_windows.pyd

2016-07-31 15:29 - 2016-07-31 15:29 - 00525208 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\windows._lib_cacheinvalidation.pyd

2016-07-31 15:29 - 2016-07-31 15:29 - 00011264 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\win32crypt.pyd

2016-07-31 15:29 - 2016-07-31 15:29 - 00077312 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\wx._html2.pyd

2016-07-31 15:28 - 2016-07-31 15:28 - 00027136 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\_multiprocessing.pyd

2016-07-31 15:28 - 2016-07-31 15:28 - 00020480 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\_yappi.pyd

2016-07-31 15:29 - 2016-07-31 15:29 - 00035840 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\win32process.pyd

2016-07-31 15:28 - 2016-07-31 15:28 - 00686080 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\unicodedata.pyd

2016-07-31 15:29 - 2016-07-31 15:29 - 00078848 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\wx._animate.pyd

2016-07-31 15:29 - 2016-07-31 15:29 - 00123392 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\wx._wizard.pyd

2016-07-31 15:29 - 2016-07-31 15:29 - 00024064 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\win32pipe.pyd

2016-07-31 15:28 - 2016-07-31 15:28 - 00010240 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\select.pyd

2016-07-31 15:29 - 2016-07-31 15:29 - 00025600 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\win32pdh.pyd

2016-07-31 15:29 - 2016-07-31 15:29 - 00017408 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\win32profile.pyd

2016-07-31 15:29 - 2016-07-31 15:29 - 00022528 ____R () C:\Users\Paul\AppData\Local\Temp\_MEI84642\win32ts.pyd

2016-07-04 19:13 - 2016-07-04 19:16 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll

2016-07-04 19:13 - 2016-07-04 19:18 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll

2014-05-01 15:15 - 2016-07-21 01:34 - 00564224 _____ () C:\ProgramData\MEGAsync\ShellExtX32.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\ProgramData\TEMP:C7A9BA7F [272]

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE trusted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\dell.com -> dell.com

IE trusted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\eastdevonalliance.org.uk -> hxxp://www.eastdevonalliance.org.uk

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\007guard.com -> install.007guard.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\008i.com -> 008i.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\008k.com -> www.008k.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\00hq.com -> www.00hq.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\010402.com -> 010402.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\0scan.com -> www.0scan.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\1-2005-search.com -> www.1-2005-search.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\1000gratisproben.com -> www.1000gratisproben.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\1001namen.com -> www.1001namen.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\100888290cs.com -> mir.100888290cs.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\100sexlinks.com -> www.100sexlinks.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\10sek.com -> www.10sek.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\12-26.net -> user1.12-26.net

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\12-27.net -> user1.12-27.net

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\123fporn.info -> www.123fporn.info

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\123moviedownload.com -> www.123moviedownload.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\123simsen.com -> www.123simsen.com

 

There are 7898 more sites.

 

IE trusted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\dell.com -> dell.com

IE trusted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\eastdevonalliance.org.uk -> hxxp://www.eastdevonalliance.org.uk

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com

IE restricted site: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com

 

There are 7898 more sites.

 

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 03:34 - 2016-05-11 08:38 - 00454589 ___RA C:\WINDOWS\system32\Drivers\etc\hosts

 

127.0.0.1       localhost

127.0.0.1 lmlicenses.wip4.adobe.com

127.0.0.1 lm.licenses.adobe.com

127.0.0.1 activate.adobe.com

127.0.0.1 lm.licenses.adobe.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

127.0.0.1 10sek.com

127.0.0.1 www.10sek.com

127.0.0.1 www.1-2005-search.com

127.0.0.1 1-2005-search.com

127.0.0.1 123fporn.info

127.0.0.1 www.123fporn.info

 

There are 15591 more lines.

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper

HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg

DNS Servers: 212.159.13.49 - 212.159.6.9

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808

FirewallRules: [ScanManagement-RCWS-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe

FirewallRules: [ScanManagement-WSD-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe

FirewallRules: [{A60CA084-83CE-4CE3-B7CC-88C02576C7FA}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe

FirewallRules: [{1BC96840-8E15-4647-8BC1-21C8E6F119FE}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe

FirewallRules: [{7E7810C5-49B1-4B2C-AA0E-1E1109641E68}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [{17C21E34-4A6F-46F3-8E77-5010B9D5B8D2}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [{4680B095-DC68-45EC-9B63-70EB9752AE84}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [{570A24B0-24FC-4696-AB68-7C2F1E4145F4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [UDP Query User{37340424-4A1C-47A6-88D9-DD6A459842AA}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe

FirewallRules: [TCP Query User{DEEBAFB7-F461-4BA6-9626-E934506E1A4A}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe

FirewallRules: [UDP Query User{715F50B9-B5B5-4073-AA72-291C97E176E1}C:\program files (x86)\musicbrainz picard\picard.exe] => (Allow) C:\program files (x86)\musicbrainz picard\picard.exe

FirewallRules: [TCP Query User{AD8AEFEE-BA1C-4DC5-B84C-A8A39D956675}C:\program files (x86)\musicbrainz picard\picard.exe] => (Allow) C:\program files (x86)\musicbrainz picard\picard.exe

FirewallRules: [{D0BD2EE2-AC26-4FAE-9BE1-A3D78286F763}] => (Allow) C:\Program Files (x86)\Shareaza\Shareaza.exe

FirewallRules: [{78E131A4-E738-4507-B616-3F0195940FDA}] => (Allow) C:\Program Files (x86)\Shareaza\Shareaza.exe

FirewallRules: [{48BE77FB-0F83-4FE1-8667-FB3035C7FC36}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP2b\RpcAgentSrv.exe

FirewallRules: [UDP Query User{04294F04-86DA-4744-B1E3-7D1CFAFD7046}C:\program files (x86)\shareaza\shareaza.exe] => (Allow) C:\program files (x86)\shareaza\shareaza.exe

FirewallRules: [TCP Query User{6D9D78EB-00C5-430C-B54B-D51ECF53B751}C:\program files (x86)\shareaza\shareaza.exe] => (Allow) C:\program files (x86)\shareaza\shareaza.exe

FirewallRules: [{6474124A-E22F-40A7-8833-6B70C3C4EB99}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe

FirewallRules: [{E1908B5E-ED74-496B-B3DE-C65E3639831C}] => (Allow) LPort=1900

FirewallRules: [{B04BB6C3-D254-4041-934D-F1F40A09813E}] => (Allow) LPort=7900

FirewallRules: [{0F2FA0F8-8377-4B4B-8A10-AA20A05DC8F4}] => (Allow) LPort=24234

FirewallRules: [{069CCF71-CAAE-411A-8AFC-FE9F31A92E6B}] => (Allow) LPort=7679

FirewallRules: [{DE094E2C-94A4-4BC3-9037-B22E9BB205D2}] => (Allow) LPort=7676

FirewallRules: [{562D6A09-50B0-4A54-9763-E186A23A72F9}] => (Allow) LPort=8643

FirewallRules: [{BE89649E-F7BC-4986-A5D3-D9041101EF08}] => (Allow) LPort=8743

FirewallRules: [{51A01978-A6DA-48F4-AFF7-1FBA06D50ED3}] => (Allow) C:\Program Files (x86)\SolarWinds\Kiwi Syslog Server\Syslogd_Service.exe

FirewallRules: [{DB422471-E5CD-431D-9AE5-6B87194B6C89}] => (Allow) C:\Program Files (x86)\SolarWinds\Kiwi Syslog Server\Syslogd_Service.exe

FirewallRules: [{6FC70394-6EFF-46B1-9B16-D7FB54173E8D}] => (Allow) C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{2A8D4E56-1CB3-4557-88F6-62BE6D4C4F92}] => (Allow) C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{6684228C-961A-4237-8721-7F1835D11C61}] => (Allow) C:\Program Files (x86)\NetDrive\ndsvc.exe

FirewallRules: [{D0EBC1D4-E972-4CD4-8450-FB83734EB54B}] => (Allow) C:\Program Files (x86)\NetDrive\ndsvc.exe

FirewallRules: [{A17D86EA-4FA4-43DB-BCE9-3936D1CD21BC}] => (Allow) LPort=1900

FirewallRules: [{ACDCF0F1-D42F-4AEE-A25D-F8D8A8F88EF5}] => (Allow) LPort=2869

FirewallRules: [{50234BFF-8EE0-4DF5-8037-3D7427AA1202}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{997975A3-D719-40FF-9F7C-D1B20794D550}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{F68D6EA7-EC3C-4BAB-B6A2-080C889F4D36}] => (Allow) C:\Windows\system32\LMabcoms.exe

FirewallRules: [{214165DA-BFBF-4C4A-903B-AC36D165F13E}] => (Allow) C:\Program Files (x86)\NetDrive\ndsvc.exe

FirewallRules: [{C722893B-03F3-41E0-B263-E85D058F3A5C}] => (Allow) C:\Program Files (x86)\NetDrive\ndsvc.exe

FirewallRules: [{AD36A79B-FBB4-4044-BC03-D28892925768}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{0D38D67A-DD39-4F36-9D7B-EBDA55D4C1A6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{F15D5D0E-F3F8-4FCA-8DB2-23A0FBB5F34B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{7EF6EE26-3116-440F-B75E-792C32559494}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{484B5484-07EC-4331-B529-8532C4DFD89E}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe

FirewallRules: [{DD818144-C765-4D8D-B3E5-BDAF993C2BC2}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe

FirewallRules: [{9E6FF3D0-C079-45BE-AD24-BB239666489D}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe

FirewallRules: [{BB56B817-74AC-48E5-A6C2-856302A31A44}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe

FirewallRules: [{41BDE8A8-32F6-4100-A152-9CF12C950B5A}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe

FirewallRules: [{D5971289-BC61-49CC-B7BB-8C84AB94AAEC}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe

FirewallRules: [{AEAD19A2-5C53-4D22-AB8B-C6FECEDFB5C7}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe

FirewallRules: [{44F7ECC4-B826-4ED3-86CF-3CB9FDA11C92}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe

FirewallRules: [{761FF719-8D26-4961-9AF6-47834CAE75AB}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe

FirewallRules: [{667A5AB0-ACD1-4E02-BCD9-2256A152D936}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe

FirewallRules: [{4A7186A0-9D9E-4611-9EFD-F20DA8C8802E}] => (Allow) C:\Program Files (x86)\SolarWinds\Kiwi Syslog Server\Syslogd_Service.exe

FirewallRules: [{7E394231-10A1-4186-9EDF-2509FD93FD13}] => (Allow) C:\Program Files (x86)\SolarWinds\Kiwi Syslog Server\Syslogd_Service.exe

FirewallRules: [{8C58B4D5-E4A4-4641-88FE-09D0B21FED3A}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe

FirewallRules: [{B725F5AB-97E4-4434-AEBD-0AF0FED173D0}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe

FirewallRules: [{F90B4FBB-B05C-4F4F-9A21-B58DD646A5B2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{29BA949F-DDBF-49D2-817B-C1578F0C9EA3}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP2b\WNt600x64\RpcSandraSrv.exe

 

==================== Restore Points =========================

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (07/31/2016 03:20:17 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )

Description: The following module failed to stop processing: Software Updates. Error: Operation failed.

 

Error: (07/31/2016 03:07:38 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: adwcleaner_5.201.exe, version: 5.2.0.1, time stamp: 0x57757889

Faulting module name: adwcleaner_5.201.exe, version: 5.2.0.1, time stamp: 0x57757889

Exception code: 0xc0000005

Fault offset: 0x0002151e

Faulting process ID: 0x70e0

Faulting application start time: 0xadwcleaner_5.201.exe0

Faulting application path: adwcleaner_5.201.exe1

Faulting module path: adwcleaner_5.201.exe2

Report ID: adwcleaner_5.201.exe3

Faulting package full name: adwcleaner_5.201.exe4

Faulting package-relative application ID: adwcleaner_5.201.exe5

 

Error: (07/31/2016 02:32:56 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "SRH,type="win32",version="1.0.0.0"1".

Dependent Assembly SRH,type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (07/31/2016 02:04:29 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: stvoy.exe, version: 0.0.0.0, time stamp: 0x39660360

Faulting module name: stvoy.exe, version: 0.0.0.0, time stamp: 0x39660360

Exception code: 0xc0000005

Fault offset: 0x0000e416

Faulting process ID: 0x6fb4

Faulting application start time: 0xstvoy.exe0

Faulting application path: stvoy.exe1

Faulting module path: stvoy.exe2

Report ID: stvoy.exe3

Faulting package full name: stvoy.exe4

Faulting package-relative application ID: stvoy.exe5

 

Error: (07/31/2016 02:03:29 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: stvoy.exe, version: 0.0.0.0, time stamp: 0x39660360

Faulting module name: stvoy.exe, version: 0.0.0.0, time stamp: 0x39660360

Exception code: 0xc0000005

Fault offset: 0x0000e416

Faulting process ID: 0x43f0

Faulting application start time: 0xstvoy.exe0

Faulting application path: stvoy.exe1

Faulting module path: stvoy.exe2

Report ID: stvoy.exe3

Faulting package full name: stvoy.exe4

Faulting package-relative application ID: stvoy.exe5

 

Error: (07/31/2016 02:00:30 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: stvoy.exe, version: 0.0.0.0, time stamp: 0x39660360

Faulting module name: stvoy.exe, version: 0.0.0.0, time stamp: 0x39660360

Exception code: 0xc0000005

Fault offset: 0x0000e412

Faulting process ID: 0x50b4

Faulting application start time: 0xstvoy.exe0

Faulting application path: stvoy.exe1

Faulting module path: stvoy.exe2

Report ID: stvoy.exe3

Faulting package full name: stvoy.exe4

Faulting package-relative application ID: stvoy.exe5

 

Error: (07/31/2016 01:11:45 PM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks Pro":

V25.0U R10 (M=1066, L=335, C=249, V=0 (0))

 

Error: (07/31/2016 01:11:44 PM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks Pro":

V25.0U R10 (M=1066, L=335, C=249, V=0 (0))

 

Error: (07/31/2016 01:11:22 PM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks Pro":

Got unexpected error 5 in call to NetShareGetInfo for path \\HEX\Quickbooks 2015 Data\FCH\FairmileCatHotel.QBW

 

Error: (07/31/2016 01:11:16 PM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks Pro":

Got unexpected error 5 in call to NetShareGetInfo for path \\HEX\Quickbooks 2015 Data\FCH\FairmileCatHotel.QBW

 

 

System errors:

=============

Error: (07/31/2016 03:25:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the QBCFMonitorService service to connect.

 

Error: (07/31/2016 03:25:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The DymoPnpService service failed to start due to the following error: 

%%1053 = The service did not respond to the start or control request in a timely fashion.

 

 

Error: (07/31/2016 03:25:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the DymoPnpService service to connect.

 

Error: (07/31/2016 03:24:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 

%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

 

 

Error: (07/31/2016 03:24:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The SecDrv service failed to start due to the following error: 

%%1275 = This driver has been blocked from loading

 

 

Error: (07/31/2016 03:24:55 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\WINDOWS\SysWow64\drivers\SECDRV.SYS

 

Error: (07/31/2016 03:21:09 PM) (Source: volsnap) (EventID: 25) (User: )

Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

 

Error: (07/31/2016 03:20:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Windows Search service failed to start due to the following error: 

%%1069 = The service did not start due to a logon failure.

 

 

Error: (07/31/2016 03:20:19 PM) (Source: Service Control Manager) (EventID: 7038) (User: )

Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 

%%50 = The request is not supported.

 

 

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

 

Error: (07/31/2016 03:20:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The User Data Access_293dc6 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

 

 

CodeIntegrity:

===================================

  Date: 2016-07-31 10:45:14.920

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-07-31 10:37:25.183

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-07-31 10:29:42.761

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-07-31 10:19:00.848

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-07-31 10:08:37.805

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-07-31 09:45:23.259

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-07-31 09:23:28.909

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-07-31 09:16:28.473

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-07-31 08:58:44.038

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-07-30 10:55:49.669

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: AMD A6-4400M APU with Radeon™ HD Graphics 

Percentage of memory in use: 36%

Total physical RAM: 15846.36 MB

Available physical RAM: 10031.71 MB

Total Virtual: 17910.36 MB

Available Virtual: 10634.87 MB

 

==================== Drives ================================

 

Drive c: (Toshiba-C) (Fixed) (Total:192.43 GB) (Free:76.45 GB) NTFS

Drive d: (Toshiba-D) (Fixed) (Total:723.18 GB) (Free:245.09 GB) NTFS

Drive r: (ELITEFORCE) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS

Drive t: (TempRamDisk) (Fixed) (Total:0.5 GB) (Free:0.47 GB) NTFS

Drive u: (ReadyBoost) (Removable) (Total:29.66 GB) (Free:0 GB) exFAT

Drive y: (NetDrive @ EDA) (Fixed) (Total:512 GB) (Free:512 GB) NDFS

Drive z: (NetDrive @ AES) (Fixed) (Total:512 GB) (Free:512 GB) NDFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: 2D3A7108)

Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=192.4 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=15.6 GB) - (Type=17)

Partition 4: (Not Active) - (Size=723.2 GB) - (Type=OF Extended)

 

========================================================

Disk: 1 (Size: 29.7 GB) (Disk ID: 001BB037)

Partition 1: (Not Active) - (Size=29.7 GB) - (Type=07 NTFS)

 

==================== End of Addition.txt ============================



#8 Protopia

Protopia
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 31 July 2016 - 11:29 AM

Prior to these I uninstalled a couple of Chrome extensions, and some downloaded Codecs, and ran the AdwCleaner fixes and then cCleaner registry clean.

 

So I may have cleared the issue. I am happy to wait and see if I get any more ESET log messages for a bit so as not to waste your time - but if you want to cast a quick eye over the above and give any feedback that would be welcome.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:32 PM

Posted 31 July 2016 - 01:35 PM

Nothing malicious left over. Just clean these items.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
AppInit_DLLs: prio.dll => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-842475166-3683424370-3109751953-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Flash Video Downloader) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2016-07-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-18]
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagPath
CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
Task: {0793DDB3-50B7-4D70-92AC-6D1E41038FD3} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {0B7EBBCD-3DC0-4102-B640-532D6656F798} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {265346B7-0B08-4C48-8D81-34FE02B05EC8} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {284F015F-1A9E-4FB0-BB84-86F99AB919D8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3974CD9B-616D-46D2-AF97-EBCDADE98F3D} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {4C261A89-E9B2-489E-9693-A62958F016F5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4E30B532-1737-45B1-9DEA-A8DF58F357FB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {752DCCF4-1195-44A6-A98B-0FC6259DB62A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {760A7686-5607-41EB-AB73-498BBC77BADC} - \ConfigFree Startup Programs -> No File <==== ATTENTION
Task: {B6A562FE-1105-4C6B-8627-76A6295FAEA3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C7FA5557-6580-405D-B7DF-5E9F08D5F695} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D1BA2761-3D1C-44FA-925C-54E4642B6DF3} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {D5467E6E-B449-47B1-A56F-36B83EF88D68} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DAEDDCE4-6927-480B-BF54-6D01CA4BAA81} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E2CA90C6-4929-445E-BD9C-4BE3679E59FD} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {F81F67D0-E161-4439-B04F-5AFBF84BE1FD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:C7A9BA7F [272]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#10 Protopia

Protopia
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 31 July 2016 - 04:05 PM

Before I run this could you explain what you have found and why it needs fixing?



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:32 PM

Posted 01 August 2016 - 06:53 AM

Look at what the Attention remarks are saying.

#12 Protopia

Protopia
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 21 August 2016 - 04:51 AM

I am still getting these messages from ESET so I am running the tools again and will post the results again.



#13 Protopia

Protopia
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 21 August 2016 - 05:45 AM

ADW says "AdwCleaner found no threat on your computer".

Malwarebytes identified 0 threats.

 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016

Ran by Paul (administrator) on C850D (21-08-2016 10:48:48)

Running from C:\Temp\BleepingComputer

Loaded Profiles: Paul &  (Available Profiles: Paul & Administrator)

Platform: Windows 10 Pro Version 1511 (X64) Language: English (United Kingdom)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

() C:\Windows\System32\GFNEXSrv.exe

(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe

( SolarWinds Inc) C:\Program Files (x86)\SolarWinds\Kiwi Syslog Server\Syslogd_Service.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe

(Bdrive Inc.) C:\Program Files (x86)\NetDrive\ndsvc.exe

(Microsoft Corporation) C:\Windows\System32\mqsvc.exe

() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe

(Samsung Electronics Co.,Ltd) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

(NeoSmart Technologies) C:\Program Files (x86)\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe

(Samsung Electronics Co.,Ltd) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe

() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe

(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

(SoftPerfect Research) C:\Program Files\SoftPerfect RAM Disk\ramdiskws.exe

(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe

(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe

(Samsung Electronics Co.,Ltd) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe

(ITSamples.com) C:\Program Files\NetworkIndicator\NetworkIndicator.exe

(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe

(Bdrive Inc.) C:\Program Files (x86)\NetDrive\netdrive.exe

( ) C:\Program Files\Lexmark\ErrorApp\lmab1err.exe

(Google Inc.) C:\Users\Paul\AppData\Local\Programs\Google\MusicManager\MusicManager.exe

(WebGear Ltd, New Zealand + Create Software + Stru.be + saller.NET + Big-R) C:\Program Files (x86)\GO Contact Sync Mod\GOContactSync.exe

(Shareaza Development Team) C:\Program Files (x86)\Shareaza\Shareaza.exe

() C:\Program Files (x86)\qBittorrent\qbittorrent.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Limbo Software Solutions) C:\Program Files (x86)\Activity Indicator 1.1.4.29\Activity Indicator 1.1.4.29.exe

(Limbo Software Solutions) C:\Program Files (x86)\Activity Indicator 1.1.4.29\Activity Indicator 1.1.4.29.exe

(Intuit Limited.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

(Acronis) C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe

(Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe

(Pushbullet Inc) C:\Users\Paul\AppData\Local\Pushbullet\bin\pushbullet_client.exe

(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\EvernoteClipper.exe

(Pushbullet Inc) C:\Users\Paul\AppData\Local\Temp\pushbullet_watchdog.exe

() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe

(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

( ) C:\Windows\System32\lmabcoms.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1605.1582.0_x64__8wekyb3d8bbwe\Calculator.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Dropbox, Inc.) C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Mega Limited) C:\ProgramData\MEGAsync\MEGAsync.exe

() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

(Intuit Limited.) C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\axlbridge.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Microsoft Corporation) C:\Windows\HelpPane.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\AtBroker.exe

(Microsoft Corporation) C:\Windows\System32\LogonUI.exe

(Microsoft Corporation) C:\Windows\System32\sethc.exe

(Microsoft Corporation) C:\Windows\System32\rdpclip.exe

(AMD) C:\Windows\System32\atieclxx.exe

(H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-22] (TOSHIBA Corporation)

HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-03-22] (SRS Labs, Inc.)

HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2012-02-24] (TOSHIBA Corporation)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [462400 2011-02-12] (Acronis)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)

HKLM\...\Run: [RAMDiskForWorkstations] => C:\Program Files\SoftPerfect RAM Disk\RAMDiskWS.exe [5850320 2015-02-04] (SoftPerfect Research)

HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [615144 2016-03-09] (Samsung Electronics Co.,Ltd)

HKLM\...\Run: [MBCfg64] => C:\WINDOWS\system32\MBCfg64.dll [41088 2014-02-21] (Creative Technology Ltd.)

HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)

HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-08-02] (Raptr, Inc)

HKLM-x32\...\Run: [adm_tray.exe] => C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe [466768 2011-02-24] (Acronis)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2016-06-23] (Adobe Systems Inc.)

HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2631120 2016-07-28] (Malwarebytes Corporation)

HKLM-x32\...\Run: [SystemExplorerAutoStart] => "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY

HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-03-17] (Intuit Inc. All rights reserved.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

HKLM-x32\...\Run: [Sound Blaster X-Fi MB5] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB5\Sound Blaster X-Fi MB5\SBXFIMB5.exe [1080320 2015-07-09] (Creative Technology Ltd)

HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE

HKLM-x32\...\RunOnce: [InnoSetupRegFile.0000000001] => "C:\WINDOWS\is-BR76P.exe" /REG /REGSVRMODE

HKLM\...\Policies\Explorer: [NoThumbnailCache] 1

HKLM\...\Policies\Explorer: [DisableThumbnailCache] 1

HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0

HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Run: [NetworkIndicator] => C:\Program Files\NetworkIndicator\NetworkIndicator.exe [367616 2014-12-13] (ITSamples.com)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Run: [NetDrive] => C:\Program Files (x86)\NetDrive\netdrive.exe [3587072 2013-02-25] (Bdrive Inc.)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Run: [LMab1err] => C:\Program Files\Lexmark\ErrorApp\LMab1err.exe [582312 2010-08-03] ( )

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Run: [Dropbox Update] => C:\Users\Paul\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-05-15] (Dropbox, Inc.)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Run: [Pushbullet] => C:\Program Files (x86)\Pushbullet\pushbullet.exe [64000 2014-12-21] (Pushbullet inc)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Run: [Google Update] => C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-07-25] (Google Inc.)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Run: [MusicManager] => C:\Users\Paul\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-08-13] (Google Inc.)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Run: [GoogleContactSync] => C:\Program Files (x86)\GO Contact Sync Mod\GOContactSync.exe [2094592 2015-11-01] (WebGear Ltd, New Zealand + Create Software + Stru.be + saller.NET + Big-R)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Run: [Shareaza] => C:\Program Files (x86)\Shareaza\Shareaza.exe [4988416 2015-10-04] (Shareaza Development Team)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Run: [qBittorrent] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe [15855104 2016-07-20] ()

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Policies\system: [NoDispAppearancePage] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Policies\Explorer: [NoThumbnailCache] 1

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Policies\Explorer: [DisableThumbnailCache] 1

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Policies\Explorer: [NoPreviewPane] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Policies\Explorer: [NoTrayContextMenu] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Policies\Explorer: [NoSetTaskbar] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Policies\Explorer: [NoViewContextMenu] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Policies\Explorer: [HideClock] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Policies\Explorer: [HideSCANetwork] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\Policies\Explorer: [HideSCAVolume] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\...\MountPoints2: {63f52434-4cfa-11e6-ba1e-4c72b96f3c36} - "E:\setup.exe" 

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NetworkIndicator] => C:\Program Files\NetworkIndicator\NetworkIndicator.exe [367616 2014-12-13] (ITSamples.com)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NetDrive] => C:\Program Files (x86)\NetDrive\netdrive.exe [3587072 2013-02-25] (Bdrive Inc.)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LMab1err] => C:\Program Files\Lexmark\ErrorApp\LMab1err.exe [582312 2010-08-03] ( )

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Dropbox Update] => C:\Users\Paul\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-05-15] (Dropbox, Inc.)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Pushbullet] => C:\Program Files (x86)\Pushbullet\pushbullet.exe [64000 2014-12-21] (Pushbullet inc)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-07-25] (Google Inc.)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MusicManager] => C:\Users\Paul\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-08-13] (Google Inc.)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleContactSync] => C:\Program Files (x86)\GO Contact Sync Mod\GOContactSync.exe [2094592 2015-11-01] (WebGear Ltd, New Zealand + Create Software + Stru.be + saller.NET + Big-R)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Shareaza] => C:\Program Files (x86)\Shareaza\Shareaza.exe [4988416 2015-10-04] (Shareaza Development Team)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [qBittorrent] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe [15855104 2016-07-20] ()

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispAppearancePage] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoThumbnailCache] 1

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableThumbnailCache] 1

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoPreviewPane] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayContextMenu] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetTaskbar] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewContextMenu] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideClock] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideSCANetwork] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideSCAVolume] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {63f52434-4cfa-11e6-ba1e-4c72b96f3c36} - "E:\setup.exe" 

HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NetworkIndicator] => C:\Program Files\NetworkIndicator\NetworkIndicator.exe [367616 2014-12-13] (ITSamples.com)

HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)

HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NetDrive] => C:\Program Files (x86)\NetDrive\netdrive.exe [3587072 2013-02-25] (Bdrive Inc.)

HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LMab1err] => C:\Program Files\Lexmark\ErrorApp\LMab1err.exe [582312 2010-08-03] ( )

HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)

HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Dropbox Update] => C:\Users\Paul\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-05-15] (Dropbox, Inc.)

HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Pushbullet] => C:\Program Files (x86)\Pushbullet\pushbullet.exe [64000 2014-12-21] (Pushbullet inc)

HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-07-25] (Google Inc.)

HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MusicManager] => C:\Users\Paul\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-08-13] (Google Inc.)

HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)

HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleContactSync] => C:\Program Files (x86)\GO Contact Sync Mod\GOContactSync.exe [2094592 2015-11-01] (WebGear Ltd, New Zealand + Create Software + Stru.be + saller.NET + Big-R)

HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Shareaza] => C:\Program Files (x86)\Shareaza\Shareaza.exe [4988416 2015-10-04] (Shareaza Development Team)

HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [qBittorrent] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe [15855104 2016-07-20] ()

HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)

HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)

HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispAppearancePage] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoThumbnailCache] 1

HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableThumbnailCache] 1

HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoPreviewPane] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayContextMenu] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetTaskbar] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewContextMenu] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoWinkeys] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayItemsDisplay] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideClock] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideSCANetwork] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideSCAVolume] 0

HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {63f52434-4cfa-11e6-ba1e-4c72b96f3c36} - "E:\setup.exe" 

ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)

ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)

ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.41.dll [2016-08-18] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.41.dll [2016-08-18] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.41.dll [2016-08-18] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.41.dll [2016-08-18] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.41.dll [2016-08-18] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.41.dll [2016-08-18] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.41.dll [2016-08-18] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.41.dll [2016-08-18] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-07-21] ()

ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-07-21] ()

ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-07-21] ()

ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2016-07-21] ()

ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2016-07-21] ()

ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2016-07-21] ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Activity Indicator 1-C.lnk [2015-03-13]

ShortcutTarget: Activity Indicator 1-C.lnk -> C:\Program Files (x86)\Activity Indicator 1.1.4.29\Activity Indicator 1.1.4.29.exe (Limbo Software Solutions)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Activity Indicator 2-D.lnk [2015-03-13]

ShortcutTarget: Activity Indicator 2-D.lnk -> C:\Program Files (x86)\Activity Indicator 1.1.4.29\Activity Indicator 1.1.4.29.exe (Limbo Software Solutions)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-07-04]

ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Limited.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-07-04]

ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE (Intuit Limited.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-03-20]

ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Task Manager.lnk [2015-03-13]

ShortcutTarget: Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation)

Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-08-19]

ShortcutTarget: Dropbox.lnk -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-12-15]

ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2015-06-28]

ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited)

GroupPolicyScripts: Restriction <======= ATTENTION

GroupPolicyScripts\User: Restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 212.159.6.10 8.8.4.4

Tcpip\..\Interfaces\{a52f1c01-1082-4fca-8ad5-301eef2e9aad}: [NameServer] 212.159.13.49,212.159.6.9,212.159.13.50,212.159.6.10,8.8.8.8,8.8.4.4,209.244.0.3,209.244.0.4,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20

Tcpip\..\Interfaces\{a52f1c01-1082-4fca-8ad5-301eef2e9aad}: [DhcpNameServer] 212.159.6.10 8.8.4.4

Tcpip\..\Interfaces\{e0fa1de7-b27d-4089-ab33-8682cd7e2866}: [DhcpNameServer] 192.168.0.1

 

Internet Explorer:

==================

HKU\S-1-5-21-842475166-3683424370-3109751953-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs

HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs

SearchScopes: HKU\S-1-5-21-842475166-3683424370-3109751953-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-26] (Oracle Corporation)

BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-26] (Oracle Corporation)

BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)

BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)

BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-26] (Oracle Corporation)

BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\EvernoteIE.dll [2016-03-25] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-26] (Oracle Corporation)

BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)

BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)

Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)

IE Session Restore: HKU\S-1-5-21-842475166-3683424370-3109751953-1000 -> is enabled.

IE Session Restore: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> is enabled.

IE Session Restore: HKU\S-1-5-21-842475166-3683424370-3109751953-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> is enabled.

DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab

DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1438848534630

Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll [2016-06-23] (Intuit, Inc.)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

 

FireFox:

========

FF ProfilePath: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925

FF Session Restore: -> is enabled.

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()

FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-26] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-26] (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()

FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2015-12-21] ( Sanford L.P.)

FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-26] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-26] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)

FF Plugin HKU\S-1-5-21-842475166-3683424370-3109751953-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)

FF Plugin HKU\S-1-5-21-842475166-3683424370-3109751953-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)

FF Plugin HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)

FF Plugin HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)

FF Extension: EPUBReader - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2016-02-17]

FF Extension: Illuminations for Developers - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\extensions\sroussey@illumination-for-developers.com.xpi [2016-02-17]

FF Extension: Console² - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe80}.xpi [2016-04-28]

FF Extension: CodeBurner for Firebug - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\extensions\firebug@tools.sitepoint.com.xpi [2016-04-28]

FF Extension: CSS Reloader - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\extensions\cssreloader@kenneth.io.xpi [2016-04-28]

FF Extension: CSS Usage - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\extensions\csscoverage@spaghetticoder.org.xpi [2016-04-28]

FF Extension: Adblock Plus Pop-up Addon - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\extensions\adblockpopups@jessehakanen.net.xpi [2016-04-28]

FF Extension: Disconnect - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\extensions\2.0@disconnect.me.xpi [2016-04-28]

FF Extension: BetterPrivacy - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2016-07-25]

FF Extension: Tab Mix Plus - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-07-25]

FF Extension: ImTranslator - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2016-08-06]

FF Extension: ColorfulTabs - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2016-08-06]

FF Extension: NoScript - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-08-14]

FF Extension: SYSTRAN - Translator and Dictionary - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\Extensions\@firefox-addons-translation.xpi [2016-06-27]

FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\Extensions\elemhidehelper@adblockplus.org.xpi [2016-08-04]

FF Extension: Firebug - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\Extensions\firebug@software.joehewitt.com.xpi [2016-06-27]

FF Extension: FireStorage Plus! - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\Extensions\firestorageplus@nickbelhomme.com.xpi [2016-04-28]

FF Extension: English (GB) Language Pack - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2016-08-06]

FF Extension: British English Dictionary (Marco Pinto) - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\Extensions\marcoagpinto@mail.telepac.pt [2016-08-04]

FF Extension: Prevent Tab Overflow - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\Extensions\noverflow@sdrocking.com.xpi [2016-04-28]

FF Extension: Session Manager - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2016-03-19]

FF Extension: Adblock Plus - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\abdud9j6.default-1447716105925\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]

FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-07-18]

 

Chrome: 

=======

CHR HomePage: Default -> about:blank

CHR DefaultSearchKeyword: Default -> t

CHR Session Restore: Default -> is enabled.

CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.903\_platform_specific\win_x64\widevinecdmadapter.dll (Google Inc.)

CHR Plugin: (Shockwave Flash) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\PepperFlash\22.0.0.209\pepflashplayer.dll ()

CHR Profile: C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Translate) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-06-19]

CHR Extension: (Google Slides) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-18]

CHR Extension: (Flash Video Downloader) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2016-08-17]

CHR Extension: (TooManyTabs for Chrome) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2016-08-02]

CHR Extension: (Google Docs) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-18]

CHR Extension: (Google Drive) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-19]

CHR Extension: (Browse Queue) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apjemfcjhjmbbamfdoimecdchmmmofhb [2016-06-19]

CHR Extension: (Sexy Undo Close Tab) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg [2016-08-06]

CHR Extension: (Web Developer) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2016-07-22]

CHR Extension: (YouTube) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-18]

CHR Extension: (OneTab) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-06-18]

CHR Extension: (uBlock Origin) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-08-11]

CHR Extension: (PHP Ninja Manual) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbhjjdhmgeibgdccjfoliooccomjcab [2016-06-19]

CHR Extension: (Tab Manager) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coonecdghnepgiblpccbbihiahajndda [2016-07-22]

CHR Extension: (imgInfo) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppcfjomiccbijjegfcplbgcdjbhkdch [2016-06-18]

CHR Extension: (Simple Dictation) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\diondlbenfmpcapnbegmodfdgmnnpgln [2016-06-19]

CHR Extension: (Tab Remover for iGoogle Chrome) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlibebadhejgpjggjfijjgnomljihpeb [2016-06-19]

CHR Extension: (Clacks Tracker - GNU Terry Pratchett) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\doejbfelimoioogdhmkbembmbjcciepk [2016-06-19]

CHR Extension: (XV — XML Viewer) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocglpgjdpaefaedpblffpeebgmgddk [2016-06-18]

CHR Extension: (Adobe Acrobat) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-06-20]

CHR Extension: (ARC Welder) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\emfinbmielocnlhgmfkkmkngdoccbadn [2016-08-02]

CHR Extension: (Google Sheets) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-18]

CHR Extension: (SYSTRAN - Translator and Dictionary) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbpijldifkdlmfiadjhoekaenlabngob [2016-08-06]

CHR Extension: (HTTPS Everywhere) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-07-22]

CHR Extension: (Google Docs Offline) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-20]

CHR Extension: (AdBlock) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-31]

CHR Extension: (Google Tasks Panel) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmjdflobmjpeohnoefalpjeocgpdeffo [2016-06-19]

CHR Extension: (TinEye Reverse Image Search) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2016-06-19]

CHR Extension: (Protect My Choices) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgloanjhdcenjgiafkpbehddcnonlic [2016-07-22]

CHR Extension: (Music Player for Google Drive) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfeekfpnjbdmelcapngdgkjnhgijjkh [2016-06-18]

CHR Extension: (Referer Control) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkcfpcejkafcihlgbojoidoihckciin [2016-06-19]

CHR Extension: (Appspector) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\homgcnaoacgigpkkljjjekpignblkeae [2016-06-19]

CHR Extension: (Web Developer Checklist) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\iahamcpedabephpcgkeikbclmaljebjp [2016-06-19]

CHR Extension: (Search the current site) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\jliolpcnkmolaaecncdfeofombdekjcp [2016-07-02]

CHR Extension: (Speed Dial 2) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2016-06-19]

CHR Extension: (Cookie Manager) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbnfbcpkiaganjpcanopcgeoehkleeck [2016-06-19]

CHR Extension: (Autodesk Homestyler) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2016-08-17]

CHR Extension: (Window Resizer) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkelicaakdanhinjdeammmilcgefonfh [2016-06-19]

CHR Extension: (The Great Suspender) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2016-06-18]

CHR Extension: (The Secret of Grisly Manor) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpaadcbfeeiehmjlfbgpafdjbeikhgff [2016-06-18]

CHR Extension: (Evernote Web) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2016-06-18]

CHR Extension: (gLinks) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\leanhbopikglhiejeckmchmobphcpphm [2016-06-18]

CHR Extension: (Stop Autoplay for YouTube.) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdfnbpkmkkdhgidgcpdkgpdlfjcgnnh [2016-06-18]

CHR Extension: (Lazarus: Form Recovery) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2016-06-19]

CHR Extension: (App Runtime for Chrome (Beta)) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaihdlpglflfgpfjcifdjdjcckigekc [2016-08-02]

CHR Extension: (Session Manager) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc [2016-06-18]

CHR Extension: (Google Dictionary (by Google)) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-06-19]

CHR Extension: (PHP Docs-to-go) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlilmganaobieaclflbciblffhaagnip [2016-06-18]

CHR Extension: (Ghostery) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-06-19]

CHR Extension: (Google Play Books) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2016-06-18]

CHR Extension: (Personal Blocklist (by Google)) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2016-06-19]

CHR Extension: (TabCloud) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof [2016-06-23]

CHR Extension: (Better History) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb [2016-06-18]

CHR Extension: (Print Friendly & PDF) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2016-08-02]

CHR Extension: (CSS Viewer) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\omofllbfhlganmbmnnkneakndffbgkci [2016-06-19]

CHR Extension: (SpeakIt!) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgeolalilifpodheeocdmbhehgnkkbak [2016-06-19]

CHR Extension: (Evernote Web Clipper) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-07-02]

CHR Extension: (Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-18]

CHR Extension: (Chrome Media Router) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18]

CHR Extension: (RSS Feed Reader) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2016-07-03]

CHR HKU\S-1-5-21-842475166-3683424370-3109751953-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Paul\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-08-18]

CHR HKU\S-1-5-21-842475166-3683424370-3109751953-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

CHR HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Paul\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-08-18]

CHR HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-06-23]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159832 2016-08-12] (Adobe Systems, Incorporated)

R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)

S2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33520 2015-12-21] (Sanford, L.P.)

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2519904 2016-07-08] (ESET)

R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()

R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)

R2 Kiwi Syslog Server; C:\Program Files (x86)\SolarWinds\Kiwi Syslog Server\Syslogd_Service.exe [9867264 2015-09-23] ( SolarWinds Inc) [File not signed]

R2 lmab_device; C:\Windows\system32\LMabcoms.exe [1048576 2012-09-28] ( ) [File not signed]

R2 lmab_device; C:\Windows\SysWOW64\LMabcoms.exe [593920 2012-09-28] ( ) [File not signed]

R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [750032 2016-07-28] (Malwarebytes Corporation)

S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)

R2 ndsvc; C:\Program Files (x86)\NetDrive\ndsvc.exe [2789376 2013-02-25] (Bdrive Inc.) [File not signed]

S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37504 2016-05-10] (The OpenVPN Project)

R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]

S2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2016-06-23] (Intuit) [File not signed]

S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-09-29] (Intuit Inc.) [File not signed]

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)

R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [623848 2016-03-09] (Samsung Electronics Co.,Ltd)

S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP2b\RpcAgentSrv.exe [73200 2015-07-06] (SiSoftware) [File not signed]

R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197264 2016-06-14] (Sandboxie Holdings, LLC)

R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-04-19] (Secunia)

R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-04-19] (Secunia)

R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-08] (Synaptics Incorporated)

R3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)

R2 ToolTipFixer; C:\Program Files (x86)\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe [61952 2008-10-14] (NeoSmart Technologies) [File not signed]

R2 TosCoSrv; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [580608 2012-02-02] (TOSHIBA Corporation) [File not signed]

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [23240 2016-02-26] (Advanced Micro Devices, Inc.)

R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [110096 2016-04-26] (Advanced Micro Devices)

S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264552 2016-07-08] (ESET)

R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [199680 2016-07-08] (ESET)

R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2016-07-08] (ESET)

R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [142976 2016-02-02] (ESET)

R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [198096 2016-07-08] (ESET)

R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [53384 2016-07-08] (ESET)

R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84800 2016-07-08] (ESET)

S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()

S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2014-11-18] ()

R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [74984 2016-07-28] ()

S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()

S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()

S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-21] (Malwarebytes)

R3 ndfs; C:\Program Files (x86)\NetDrive\ndfs.sys [63712 2013-02-01] (Bdrive Inc.)

R3 NETGEARUHOST; C:\Windows\System32\drivers\NETGEARUHOST.sys [16384 2007-03-08] (SerComm)

R3 NETGEARUHUB; C:\Windows\System32\drivers\NETGEARUHUB.sys [40960 2007-03-08] (SerComm)

R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()

S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()

R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )

U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [777944 2016-01-13] (Realsil Semiconductor Corporation)

S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [413912 2015-12-22] (Realsil Semiconductor Corporation)

R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3749888 2015-10-30] (Realtek Semiconductor Corporation                           )

S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP2b\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware)

R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-06-14] (Sandboxie Holdings, LLC)

S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [11616 2000-08-23] () [File not signed]

R1 SPVDPort; C:\Windows\System32\drivers\spvdbus.sys [92152 2014-09-04] ()

R1 SPVVEngine; C:\Windows\system32\Drivers\spvve.sys [340984 2014-09-04] ()

S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)

R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45720 2015-12-31] (Toshiba Corporation)

R3 UBQBTUSB; C:\Windows\System32\Drivers\UBQBTUSB.sys [45360 2015-10-07] (Canon i-tech, Inc.)

R1 VBoxNetAdp; C:\Windows\System32\drivers\VBoxNetAdp6.sys [119712 2016-07-18] (Oracle Corporation)

R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [192864 2016-07-18] (Oracle Corporation)

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

S3 dcdbas; \SystemRoot\System32\drivers\dcdbas64.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-08-19 13:08 - 2016-08-19 13:15 - 00003634 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask

2016-08-19 05:20 - 2016-08-19 05:20 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2016-08-17 22:18 - 2016-08-17 22:18 - 00000000 ___HD C:\$Windows.~WS

2016-08-16 09:53 - 2016-08-16 09:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2016-08-14 22:03 - 2016-08-15 13:02 - 00000000 ____D C:\ESD

2016-08-14 22:02 - 2016-08-17 22:28 - 00000000 ____D C:\WINDOWS\Panther

2016-08-14 22:02 - 2016-08-14 22:02 - 00000000 ____D C:\$WINDOWS.~BT

2016-08-14 15:50 - 2000-05-11 01:00 - 00090112 ____N (Creative Technology Ltd.) C:\WINDOWS\Updreg.EXE

2016-08-14 15:49 - 2016-08-14 15:49 - 00000159 ___RH C:\WINDOWS\ctfile.rfc

2016-08-14 15:49 - 2016-08-14 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative

2016-08-14 15:49 - 2016-08-14 15:49 - 00000000 ____D C:\ProgramData\Creative

2016-08-14 15:49 - 2016-08-14 15:49 - 00000000 ____D C:\Program Files (x86)\Creative

2016-08-14 15:49 - 2015-07-31 17:34 - 00089600 _____ C:\WINDOWS\system32\CmdRtr64.DLL

2016-08-14 15:49 - 2015-07-31 17:33 - 00366080 _____ C:\WINDOWS\system32\APOMgr64.DLL

2016-08-14 15:49 - 2015-07-31 17:33 - 00074240 _____ C:\WINDOWS\SysWOW64\CmdRtr.DLL

2016-08-14 15:49 - 2015-07-31 17:32 - 00274944 _____ C:\WINDOWS\SysWOW64\APOMngr.DLL

2016-08-14 15:49 - 2015-05-22 10:41 - 00378824 ____N (Creative Technology Ltd.) C:\WINDOWS\system32\ChezSC64.DLL

2016-08-14 15:49 - 2015-05-22 10:41 - 00329672 ____N (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\ChezSC32.DLL

2016-08-14 15:49 - 2015-05-05 13:45 - 01898496 ____N (Creative) C:\WINDOWS\system32\Sens_oal.dll

2016-08-14 15:49 - 2015-05-05 13:41 - 01609728 ____N (Creative) C:\WINDOWS\SysWOW64\Sens_oal.dll

2016-08-14 15:49 - 2015-05-04 10:05 - 00020697 ____N C:\WINDOWS\SysWOW64\MBCfg32.ini

2016-08-14 15:49 - 2015-05-04 10:05 - 00020697 ____N C:\WINDOWS\system32\MBCfg64.ini

2016-08-14 15:49 - 2015-05-04 10:05 - 00006968 ____N C:\WINDOWS\SysWOW64\MBCfgUninstall32.ini

2016-08-14 15:49 - 2015-05-04 10:05 - 00006968 ____N C:\WINDOWS\system32\MBCfgUninstall64.ini

2016-08-14 15:49 - 2015-05-04 10:05 - 00004914 ____N C:\WINDOWS\MBCfg_SP_APOIM.ini

2016-08-14 15:49 - 2015-05-04 10:05 - 00004862 ____N C:\WINDOWS\MBCfg_APOIM.ini

2016-08-14 15:49 - 2015-05-04 10:05 - 00004821 ____N C:\WINDOWS\MBCfg_HP_APOIM.ini

2016-08-14 15:49 - 2015-05-04 10:05 - 00001165 ____N C:\WINDOWS\MBCfg_Capture_APOIM.ini

2016-08-14 15:49 - 2014-02-21 10:57 - 00041088 ____N (Creative Technology Ltd.) C:\WINDOWS\system32\MBCfg64.dll

2016-08-14 15:49 - 2014-02-21 10:57 - 00038016 ____N (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBCfg32.dll

2016-08-14 15:49 - 2013-04-23 10:54 - 00148096 ____N (Creative Technology Ltd.) C:\WINDOWS\system32\MBCfg64.exe

2016-08-14 15:49 - 2013-04-23 10:53 - 00138880 ____N (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBCfg32.exe

2016-08-14 15:49 - 2013-04-23 10:53 - 00015488 ____N (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\ResDefA.exe

2016-08-14 12:37 - 2016-08-14 12:37 - 01246720 _____ C:\WINDOWS\is-BR76P.exe

2016-08-14 12:37 - 2016-08-14 12:37 - 00022357 _____ C:\WINDOWS\is-BR76P.msg

2016-08-14 12:37 - 2016-08-14 12:37 - 00001120 _____ C:\WINDOWS\is-BR76P.lst

2016-08-14 12:37 - 2012-07-06 20:03 - 00617816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\is-CTDBM.tmp

2016-08-14 12:37 - 2010-02-16 14:22 - 00443488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshflxgd.ocx

2016-08-14 12:37 - 2010-02-16 14:22 - 00415552 _____ (Microsoft Corporation ) C:\WINDOWS\SysWOW64\comct332.ocx

2016-08-14 12:37 - 2010-02-16 14:22 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdatgrd.ocx

2016-08-14 12:37 - 2010-02-16 14:22 - 00252240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdatlst.ocx

2016-08-14 12:37 - 2010-02-16 14:22 - 00222528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dblist32.ocx

2016-08-14 12:37 - 2010-02-16 14:22 - 00215880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mci32.ocx

2016-08-14 12:37 - 2010-02-16 14:22 - 00178512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmask32.ocx

2016-08-14 12:37 - 2010-02-16 14:22 - 00170080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comct232.ocx

2016-08-14 12:37 - 2010-02-16 14:22 - 00129872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msstdfmt.dll

2016-08-14 12:37 - 2010-02-16 14:22 - 00126800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\is-LJAFD.tmp

2016-08-14 12:37 - 2010-02-16 14:22 - 00119616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscomm32.ocx

2016-08-14 12:37 - 2010-02-16 14:22 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\picclp32.ocx

2016-08-14 12:37 - 2010-02-16 14:22 - 00080208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysinfo.ocx

2016-08-14 12:37 - 2006-08-26 00:15 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70ita.dll

2016-08-14 12:37 - 2006-08-26 00:15 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70fra.dll

2016-08-14 12:37 - 2006-08-26 00:15 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70esp.dll

2016-08-14 12:37 - 2006-08-26 00:15 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70deu.dll

2016-08-14 12:37 - 2006-08-26 00:15 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70enu.dll

2016-08-14 12:37 - 2006-08-26 00:15 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70kor.dll

2016-08-14 12:37 - 2006-08-26 00:15 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70jpn.dll

2016-08-14 12:37 - 2006-08-26 00:15 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70cht.dll

2016-08-14 12:37 - 2006-08-26 00:15 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70chs.dll

2016-08-14 12:37 - 2006-08-25 23:17 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl70.dll

2016-08-14 12:37 - 2006-04-10 13:41 - 01066176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscomctl32.ocx

2016-08-14 12:37 - 2005-01-20 19:25 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvci70.dll

2016-08-14 12:37 - 2001-08-23 00:00 - 01355776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvbvm50.dll

2016-08-14 12:37 - 1996-01-12 03:00 - 00722192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vb40032.dll

2016-08-14 12:37 - 1993-07-23 19:31 - 00210944 _____ C:\WINDOWS\SysWOW64\msvcrt10.dll

2016-08-12 22:25 - 2016-08-12 22:25 - 00000000 ____D C:\ProgramData\Dell

2016-08-12 14:35 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll

2016-08-12 14:35 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll

2016-08-12 14:35 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll

2016-08-12 14:35 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll

2016-08-12 14:35 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll

2016-08-12 14:35 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll

2016-08-12 14:35 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll

2016-08-12 14:35 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll

2016-08-12 14:35 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll

2016-08-12 14:35 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll

2016-08-12 14:35 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll

2016-08-12 14:35 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll

2016-08-12 14:35 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll

2016-08-12 14:35 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll

2016-08-12 14:35 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll

2016-08-12 14:35 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll

2016-08-12 14:35 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll

2016-08-12 14:35 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll

2016-08-12 14:35 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll

2016-08-12 14:35 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll

2016-08-12 14:35 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll

2016-08-12 14:35 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll

2016-08-12 14:35 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll

2016-08-12 14:35 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll

2016-08-12 14:35 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll

2016-08-12 14:35 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll

2016-08-12 14:35 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll

2016-08-12 14:35 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll

2016-08-12 14:35 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll

2016-08-12 14:35 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll

2016-08-12 14:35 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll

2016-08-12 14:35 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll

2016-08-12 14:35 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll

2016-08-12 14:35 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll

2016-08-12 14:35 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll

2016-08-12 14:35 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll

2016-08-12 14:35 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll

2016-08-12 14:35 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll

2016-08-12 14:35 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll

2016-08-12 14:35 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll

2016-08-12 14:35 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll

2016-08-12 14:35 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll

2016-08-12 14:35 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll

2016-08-12 14:35 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll

2016-08-12 14:35 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll

2016-08-12 14:35 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll

2016-08-12 14:35 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll

2016-08-12 14:35 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll

2016-08-12 14:35 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll

2016-08-12 14:35 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll

2016-08-12 14:35 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll

2016-08-12 14:35 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll

2016-08-12 14:35 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll

2016-08-12 14:35 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll

2016-08-12 14:34 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll

2016-08-12 14:34 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll

2016-08-12 14:34 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll

2016-08-12 14:34 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll

2016-08-12 14:34 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll

2016-08-12 14:34 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll

2016-08-12 14:34 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll

2016-08-12 14:34 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll

2016-08-12 14:34 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll

2016-08-12 14:34 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll

2016-08-12 14:34 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll

2016-08-12 14:34 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll

2016-08-12 14:34 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll

2016-08-12 14:34 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll

2016-08-12 14:34 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll

2016-08-12 14:34 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll

2016-08-12 14:34 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll

2016-08-12 14:34 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll

2016-08-12 14:34 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll

2016-08-12 14:34 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll

2016-08-12 14:34 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll

2016-08-12 14:34 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll

2016-08-12 14:34 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll

2016-08-12 14:34 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll

2016-08-12 14:34 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll

2016-08-12 14:34 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll

2016-08-12 14:34 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll

2016-08-12 14:34 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll

2016-08-12 14:34 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll

2016-08-12 14:34 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll

2016-08-12 14:34 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll

2016-08-12 14:34 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll

2016-08-12 14:34 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll

2016-08-12 14:34 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll

2016-08-12 14:34 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll

2016-08-12 14:34 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll

2016-08-12 14:34 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll

2016-08-12 14:34 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll

2016-08-12 14:34 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll

2016-08-12 14:34 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll

2016-08-12 14:34 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll

2016-08-12 14:34 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll

2016-08-12 14:34 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll

2016-08-12 14:34 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll

2016-08-12 14:34 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll

2016-08-12 14:34 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll

2016-08-12 14:34 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll

2016-08-12 14:34 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll

2016-08-12 14:34 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll

2016-08-12 14:34 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll

2016-08-12 14:34 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll

2016-08-12 14:34 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll

2016-08-12 14:34 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll

2016-08-12 14:34 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll

2016-08-12 14:34 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll

2016-08-12 14:34 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll

2016-08-12 14:34 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll

2016-08-12 14:34 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll

2016-08-12 14:34 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll

2016-08-12 14:34 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll

2016-08-11 19:52 - 2016-08-11 19:52 - 00000233 _____ C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tom Clancy's Splinter Cell.url

2016-08-11 19:48 - 2016-08-11 19:48 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft

2016-08-11 19:48 - 2016-08-11 19:48 - 00000000 ____D C:\Users\Paul\AppData\Local\Ubisoft Game Launcher

2016-08-11 19:47 - 2016-08-11 19:52 - 00000000 ____D C:\Program Files (x86)\Ubisoft

2016-08-10 14:30 - 2016-08-03 11:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe

2016-08-10 14:30 - 2016-08-03 11:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe

2016-08-10 14:30 - 2016-08-03 11:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2016-08-10 14:30 - 2016-08-03 11:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys

2016-08-10 14:30 - 2016-08-03 10:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll

2016-08-10 14:30 - 2016-08-03 10:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe

2016-08-10 14:30 - 2016-08-03 10:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe

2016-08-10 14:30 - 2016-08-03 10:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe

2016-08-10 14:30 - 2016-08-03 10:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll

2016-08-10 14:30 - 2016-08-03 10:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll

2016-08-10 14:30 - 2016-08-03 10:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll

2016-08-10 14:30 - 2016-08-03 10:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2016-08-10 14:30 - 2016-08-03 10:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll

2016-08-10 14:30 - 2016-08-03 10:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll

2016-08-10 14:30 - 2016-08-03 06:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll

2016-08-10 14:30 - 2016-08-03 06:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll

2016-08-10 14:30 - 2016-08-03 06:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll

2016-08-10 14:30 - 2016-08-03 05:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll

2016-08-10 14:30 - 2016-08-03 05:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll

2016-08-10 14:30 - 2016-08-03 05:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll

2016-08-10 14:30 - 2016-08-03 05:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll

2016-08-10 14:30 - 2016-08-03 05:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll

2016-08-10 14:29 - 2016-08-03 12:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2016-08-10 14:29 - 2016-08-03 12:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2016-08-10 14:29 - 2016-08-03 12:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe

2016-08-10 14:29 - 2016-08-03 11:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2016-08-10 14:29 - 2016-08-03 11:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys

2016-08-10 14:29 - 2016-08-03 11:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll

2016-08-10 14:29 - 2016-08-03 11:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2016-08-10 14:29 - 2016-08-03 11:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll

2016-08-10 14:29 - 2016-08-03 11:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll

2016-08-10 14:29 - 2016-08-03 11:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll

2016-08-10 14:29 - 2016-08-03 11:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys

2016-08-10 14:29 - 2016-08-03 11:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys

2016-08-10 14:29 - 2016-08-03 11:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll

2016-08-10 14:29 - 2016-08-03 11:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2016-08-10 14:29 - 2016-08-03 11:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2016-08-10 14:29 - 2016-08-03 11:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe

2016-08-10 14:29 - 2016-08-03 11:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll

2016-08-10 14:29 - 2016-08-03 11:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll

2016-08-10 14:29 - 2016-08-03 11:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2016-08-10 14:29 - 2016-08-03 11:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys

2016-08-10 14:29 - 2016-08-03 11:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2016-08-10 14:29 - 2016-08-03 11:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys

2016-08-10 14:29 - 2016-08-03 10:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe

2016-08-10 14:29 - 2016-08-03 10:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2016-08-10 14:29 - 2016-08-03 10:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll

2016-08-10 14:29 - 2016-08-03 10:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll

2016-08-10 14:29 - 2016-08-03 10:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2016-08-10 14:29 - 2016-08-03 10:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll

2016-08-10 14:29 - 2016-08-03 10:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll

2016-08-10 14:29 - 2016-08-03 10:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll

2016-08-10 14:29 - 2016-08-03 10:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll

2016-08-10 14:29 - 2016-08-03 10:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll

2016-08-10 14:29 - 2016-08-03 10:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll

2016-08-10 14:29 - 2016-08-03 10:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll

2016-08-10 14:29 - 2016-08-03 10:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll

2016-08-10 14:29 - 2016-08-03 10:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll

2016-08-10 14:29 - 2016-08-03 10:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll

2016-08-10 14:29 - 2016-08-03 10:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2016-08-10 14:29 - 2016-08-03 10:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll

2016-08-10 14:29 - 2016-08-03 10:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll

2016-08-10 14:29 - 2016-08-03 10:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

2016-08-10 14:29 - 2016-08-03 10:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll

2016-08-10 14:29 - 2016-08-03 10:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2016-08-10 14:29 - 2016-08-03 10:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll

2016-08-10 14:29 - 2016-08-03 10:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll

2016-08-10 14:29 - 2016-08-03 10:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll

2016-08-10 14:29 - 2016-08-03 10:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll

2016-08-10 14:29 - 2016-08-03 10:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2016-08-10 14:29 - 2016-08-03 10:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll

2016-08-10 14:29 - 2016-08-03 10:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2016-08-10 14:29 - 2016-08-03 10:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe

2016-08-10 14:29 - 2016-08-03 10:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2016-08-10 14:29 - 2016-08-03 10:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2016-08-10 14:29 - 2016-08-03 10:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll

2016-08-10 14:29 - 2016-08-03 10:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2016-08-10 14:29 - 2016-08-03 10:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll

2016-08-10 14:29 - 2016-08-03 10:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

2016-08-10 14:29 - 2016-08-03 10:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2016-08-10 14:29 - 2016-08-03 10:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll

2016-08-10 14:29 - 2016-08-03 10:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll

2016-08-10 14:29 - 2016-08-03 10:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2016-08-10 14:29 - 2016-08-03 10:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll

2016-08-10 14:29 - 2016-08-03 10:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2016-08-10 14:29 - 2016-08-03 10:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2016-08-10 14:29 - 2016-08-03 10:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll

2016-08-10 14:29 - 2016-08-03 10:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2016-08-10 14:29 - 2016-08-03 10:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2016-08-10 14:29 - 2016-08-03 10:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2016-08-10 14:29 - 2016-08-03 10:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll

2016-08-10 14:29 - 2016-08-03 10:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2016-08-10 14:29 - 2016-08-03 10:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2016-08-10 14:29 - 2016-08-03 10:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll

2016-08-10 14:29 - 2016-08-03 06:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll

2016-08-10 14:29 - 2016-08-03 06:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2016-08-10 14:29 - 2016-08-03 06:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll

2016-08-10 14:29 - 2016-08-03 06:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe

2016-08-10 14:29 - 2016-08-03 06:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2016-08-10 14:29 - 2016-08-03 06:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe

2016-08-10 14:29 - 2016-08-03 06:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe

2016-08-10 14:29 - 2016-08-03 05:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe

2016-08-10 14:29 - 2016-08-03 05:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll

2016-08-10 14:29 - 2016-08-03 05:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2016-08-10 14:29 - 2016-08-03 05:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll

2016-08-10 14:29 - 2016-08-03 05:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll

2016-08-10 14:29 - 2016-08-03 05:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2016-08-10 14:29 - 2016-08-03 05:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2016-08-10 14:29 - 2016-08-03 05:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll

2016-08-10 14:29 - 2016-08-03 05:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll

2016-08-10 14:29 - 2016-08-03 05:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe

2016-08-10 14:29 - 2016-08-03 05:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll

2016-08-10 14:29 - 2016-08-03 05:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll

2016-08-10 14:29 - 2016-08-03 05:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2016-08-10 14:29 - 2016-08-03 05:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2016-08-10 14:29 - 2016-08-03 05:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2016-08-10 14:29 - 2016-08-03 05:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2016-08-10 14:29 - 2016-08-03 05:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll

2016-08-10 14:29 - 2016-08-03 05:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll

2016-08-10 14:29 - 2016-08-03 05:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

2016-08-10 14:29 - 2016-08-03 05:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2016-08-10 14:29 - 2016-08-03 05:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2016-08-10 14:29 - 2016-08-03 05:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2016-08-10 14:29 - 2016-08-03 05:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll

2016-08-10 14:29 - 2016-08-03 05:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2016-08-10 14:29 - 2016-08-03 05:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll

2016-08-10 14:29 - 2016-08-03 05:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2016-08-10 14:29 - 2016-08-03 05:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2016-08-10 14:29 - 2016-08-03 05:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll

2016-08-06 10:40 - 2016-08-11 14:20 - 00000000 ____D C:\Program Files\Mozilla Firefox

2016-08-05 12:11 - 2016-08-05 12:11 - 00000000 ____D C:\Users\Paul\AppData\Roaming\PlaysTV

2016-08-05 12:10 - 2016-08-05 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raptr

2016-08-05 11:28 - 2016-06-23 19:22 - 00264992 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll

2016-08-05 11:28 - 2016-06-23 19:21 - 00257824 _____ C:\WINDOWS\system32\vulkan-1.dll

2016-08-05 11:28 - 2016-06-23 19:21 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe

2016-08-05 11:28 - 2016-06-23 19:20 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe

2016-08-05 11:27 - 2016-08-05 11:27 - 00000000 ____D C:\Program Files (x86)\VulkanRT

2016-08-05 11:23 - 2015-12-18 03:28 - 00056352 _____ (Advanced Micro Devices, Inc) C:\WINDOWS\system32\Drivers\SETDBC5.tmp

2016-08-05 11:00 - 2016-08-05 11:00 - 00000000 ____D C:\AMD

2016-08-05 09:09 - 2016-08-05 09:09 - 00000000 ____D C:\Upload

2016-08-05 09:09 - 2016-08-05 09:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung

2016-08-03 16:10 - 2016-08-03 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekford Solutions Inc

2016-08-03 16:10 - 2016-08-03 16:10 - 00000000 ____D C:\Program Files (x86)\Seekford Solutions Inc

2016-08-03 09:57 - 2016-08-03 09:57 - 00001290 _____ C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings.lnk

2016-08-03 09:56 - 2016-08-03 09:56 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2016-08-02 12:54 - 2016-08-02 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2016-08-01 16:59 - 2016-08-01 16:59 - 00000000 ____D C:\WINDOWS\System32\Tasks\HardDiskSentinel

2016-08-01 14:47 - 2016-08-01 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Phone

2016-08-01 14:35 - 2016-08-01 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chat

2016-08-01 12:56 - 2016-08-01 13:03 - 00000731 _____ C:\WINDOWS\EF2.INI

2016-08-01 12:54 - 2016-08-01 12:54 - 00000000 ____D C:\Program Files (x86)\AnyToISO

2016-07-31 23:59 - 2016-07-31 23:59 - 00000000 ____D C:\Users\Paul\AppData\Roaming\RPGXEF

2016-07-31 22:35 - 2016-08-01 14:15 - 00000000 ____D C:\Program Files (x86)\Raven

2016-07-31 15:32 - 2016-08-21 10:49 - 00000000 ____D C:\AdwCleaner

2016-07-31 15:32 - 2016-08-21 10:48 - 00000000 ____D C:\FRST

2016-07-31 13:59 - 2016-07-31 13:59 - 00000640 _____ C:\WINDOWS\efxp.INI

2016-07-31 09:59 - 2016-07-31 23:56 - 00060809 _____ C:\WINDOWS\SysWOW64\nglide_uninst.exe

2016-07-27 10:22 - 2016-07-27 10:24 - 00000000 ____D C:\Program Files (x86)\Doom 3 - Copy

2016-07-26 19:59 - 2016-07-27 16:54 - 00000000 ____D C:\Program Files (x86)\Doom 3

2016-07-26 19:22 - 2016-08-14 15:49 - 00466520 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll

2016-07-26 19:22 - 2016-08-14 15:49 - 00445016 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll

2016-07-26 19:22 - 2016-08-14 15:49 - 00123480 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll

2016-07-26 19:22 - 2016-08-14 15:49 - 00109144 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll

2016-07-26 19:22 - 2016-07-26 19:22 - 00000000 ____D C:\Program Files (x86)\OpenAL

2016-07-26 18:36 - 2000-08-23 20:12 - 00011616 ____R C:\WINDOWS\SysWOW64\Drivers\SECDRV.SYS

2016-07-26 18:11 - 2016-07-26 18:11 - 00000343 _____ C:\WINDOWS\doom3.ini

2016-07-26 17:12 - 2016-07-26 19:19 - 00000000 ____D C:\Program Files (x86)\Doom 3.Pucka

2016-07-26 15:52 - 2016-07-26 15:52 - 00000218 _____ C:\Users\Paul\AppData\Local\recently-used.xbel

2016-07-26 15:46 - 2016-07-26 15:52 - 00000000 ____D C:\Users\Paul\.zenmap

2016-07-26 09:49 - 2016-07-26 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClockworkMod

2016-07-26 09:49 - 2016-07-26 09:49 - 00000000 ____D C:\Program Files (x86)\ClockworkMod

2016-07-26 09:44 - 2016-07-26 09:43 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll

2016-07-25 23:12 - 2016-07-25 23:12 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-08-21 10:50 - 2015-07-25 07:19 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-842475166-3683424370-3109751953-1000UA.job

2016-08-21 10:47 - 2016-05-27 22:27 - 00000000 ____D C:\Users\Paul\AppData\Roaming\qBittorrent

2016-08-21 10:45 - 2016-04-29 08:58 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2016-08-21 10:45 - 2016-02-03 12:28 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2016-08-21 10:43 - 2015-03-14 10:32 - 00000000 ____D C:\Temp

2016-08-21 10:34 - 2015-03-19 17:57 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Skype

2016-08-21 10:27 - 2015-05-15 12:16 - 00000914 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-842475166-3683424370-3109751953-1000UA.job

2016-08-21 09:52 - 2015-03-28 15:35 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2016-08-21 09:29 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness

2016-08-21 09:24 - 2016-07-04 08:46 - 00000000 ____D C:\Users\Paul\AppData\Local\Packages

2016-08-21 09:23 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps

2016-08-21 06:30 - 2015-04-01 11:26 - 00000340 _____ C:\WINDOWS\Tasks\Shareaza.0002.job

2016-08-21 01:50 - 2016-02-03 02:12 - 00000864 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-842475166-3683424370-3109751953-1000Core.job

2016-08-20 23:00 - 2015-04-01 11:25 - 00000344 _____ C:\WINDOWS\Tasks\Shareaza.0001.job

2016-08-20 22:45 - 2016-02-03 12:27 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2016-08-20 22:17 - 2015-03-25 17:20 - 00004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B55C7C35-5B37-4BA8-B0AD-500EDA340F1D}

2016-08-20 21:30 - 2015-03-25 22:30 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Cvtwin

2016-08-20 21:27 - 2015-05-15 12:16 - 00000862 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-842475166-3683424370-3109751953-1000Core.job

2016-08-20 16:18 - 2015-03-20 10:05 - 00000000 ____D C:\Users\Paul\AppData\LocalLow\Adblock Plus for IE

2016-08-20 15:30 - 2015-07-09 10:24 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit

2016-08-19 23:44 - 2015-03-27 19:53 - 00000320 _____ C:\WINDOWS\Tasks\Spybot - Search & Destroy -  Scheduled Task.job

2016-08-19 22:30 - 2015-03-27 19:55 - 00000324 _____ C:\WINDOWS\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job

2016-08-19 13:10 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Registration

2016-08-19 10:14 - 2015-06-28 10:35 - 00000000 ____D C:\ProgramData\MEGAsync

2016-08-19 05:22 - 2015-03-21 20:33 - 00000000 ___RD C:\Users\Paul\Dropbox

2016-08-19 05:21 - 2015-03-21 20:27 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Dropbox

2016-08-18 00:17 - 2015-03-17 23:00 - 00000400 __RSH C:\ProgramData\ntuser.pol

2016-08-17 22:28 - 2016-07-03 22:24 - 00017728 _____ C:\WINDOWS\diagwrn.xml

2016-08-17 22:28 - 2016-07-03 22:24 - 00016767 _____ C:\WINDOWS\diagerr.xml

2016-08-16 19:59 - 2015-10-30 08:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template

2016-08-16 19:37 - 2016-07-04 08:02 - 00000000 ____D C:\Users\Paul

2016-08-16 13:56 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy

2016-08-16 13:56 - 2009-07-14 04:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy

2016-08-16 12:36 - 2016-07-04 08:02 - 01009800 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2016-08-16 12:36 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF

2016-08-15 05:06 - 2015-03-28 16:52 - 00000000 ____D C:\Users\Paul\AppData\Roaming\vlc

2016-08-14 18:48 - 2015-08-21 17:09 - 00000000 ____D C:\Program Files (x86)\Hard Disk Sentinel

2016-08-14 15:50 - 2015-03-13 11:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2016-08-14 06:57 - 2016-01-12 16:06 - 00000000 ___RD C:\Program Files (x86)\Skype

2016-08-14 06:57 - 2015-03-19 17:56 - 00000000 ____D C:\ProgramData\Skype

2016-08-13 22:08 - 2015-05-16 07:48 - 00000000 ____D C:\Users\Paul\AppData\Local\Pushbullet

2016-08-13 22:05 - 2015-05-14 18:36 - 00000000 ____D C:\Users\Paul\AppData\Local\HTC MediaHub

2016-08-13 22:05 - 2015-04-01 12:30 - 00000340 _____ C:\WINDOWS\Tasks\Shareaza.Reduced Bandwidth.Logon.job

2016-08-13 22:03 - 2016-04-27 06:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2016-08-13 22:03 - 2015-07-28 10:46 - 3999649792 ___SH C:\dumpfile.sys

2016-08-13 22:00 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp

2016-08-13 22:00 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI

2016-08-13 22:00 - 2015-03-14 18:41 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin

2016-08-13 11:34 - 2015-03-14 16:56 - 00000000 ____D C:\Users\Paul\AppData\Local\Downloaded Installations

2016-08-13 11:19 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache

2016-08-11 14:25 - 2016-04-27 06:42 - 00000000 __RHD C:\Users\Public\AccountPictures

2016-08-11 14:20 - 2015-03-23 16:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2016-08-11 14:15 - 2016-04-27 06:22 - 00000000 ____D C:\Program Files\Windows Journal

2016-08-11 14:15 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2016-08-11 14:15 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB

2016-08-11 14:15 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\en-GB

2016-08-11 14:15 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser

2016-08-11 00:11 - 2015-03-14 16:28 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Raptr

2016-08-10 17:19 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates

2016-08-10 17:19 - 2015-03-13 16:55 - 00000000 ____D C:\WINDOWS\system32\MRT

2016-08-10 17:01 - 2015-03-13 16:55 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2016-08-10 09:44 - 2015-03-18 09:56 - 00000000 ____D C:\Users\Paul\AppData\Local\ElevatedDiagnostics

2016-08-08 22:24 - 2015-03-18 17:29 - 00000000 ____D C:\Users\Paul\.VirtualBox

2016-08-06 09:54 - 2016-07-06 12:34 - 00000000 ____D C:\Users\Paul\AppData\LocalLow\Temp

2016-08-05 11:23 - 2016-07-04 07:58 - 00000000 ____D C:\Program Files\AMD

2016-08-03 16:10 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Help

2016-08-03 16:10 - 2015-05-24 22:33 - 00000000 ____D C:\WINDOWS\Downloaded Installations

2016-08-03 09:40 - 2015-07-09 10:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit

2016-08-01 17:07 - 2015-03-19 10:02 - 00003266 _____ C:\WINDOWS\Sandboxie.ini

2016-08-01 14:48 - 2016-07-09 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++

2016-08-01 14:47 - 2015-03-19 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Web Browsers

2016-08-01 14:46 - 2015-03-22 10:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia

2016-08-01 14:46 - 2015-03-19 17:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Printing

2016-08-01 14:45 - 2015-03-19 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Viewers

2016-08-01 14:44 - 2015-03-20 18:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Transfer

2016-08-01 14:41 - 2015-04-02 18:47 - 00000000 ____D C:\Users\Paul\AppData\Roaming\12Pay

2016-08-01 14:39 - 2015-03-19 17:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Development

2016-08-01 14:38 - 2016-07-06 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolarWinds

2016-08-01 14:37 - 2015-03-22 10:46 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDs & DVDs

2016-08-01 14:37 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2016-08-01 13:03 - 2015-08-27 16:24 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2016-08-01 12:52 - 2015-08-27 14:56 - 00000000 ____D C:\Program Files (x86)\MDF to ISO

2016-08-01 00:00 - 2015-10-30 08:24 - 00000000 ____D C:\PerfLogs

2016-07-29 01:45 - 2016-02-03 02:12 - 00003654 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-842475166-3683424370-3109751953-1000Core

2016-07-29 01:45 - 2015-07-25 07:19 - 00004030 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-842475166-3683424370-3109751953-1000UA

2016-07-28 22:40 - 2016-02-03 12:28 - 00003974 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2016-07-28 22:40 - 2016-02-03 12:27 - 00003742 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2016-07-27 23:19 - 2016-07-04 07:59 - 00000000 ____D C:\WINDOWS\SysWOW64\sda

2016-07-26 22:43 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports

2016-07-26 10:54 - 2015-03-19 08:27 - 00000000 ____D C:\ProgramData\Oracle

2016-07-26 09:45 - 2016-07-04 18:55 - 00000000 ____D C:\Program Files (x86)\Java

2016-07-26 09:44 - 2016-07-04 18:36 - 00000000 ____D C:\Program Files\Java

2016-07-26 09:43 - 2016-07-04 18:55 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2016-07-26 09:43 - 2016-07-04 18:37 - 00000000 ____D C:\Users\Paul\.oracle_jre_usage

2016-07-26 09:43 - 2016-07-04 18:36 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll

2016-07-25 20:14 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF

2016-07-22 05:51 - 2015-12-08 04:00 - 00130688 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus.sys

2016-07-22 05:51 - 2015-11-10 21:41 - 00164992 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys

 

==================== Files in the root of some directories =======

 

2016-07-09 13:12 - 2016-07-09 13:13 - 0045756 __RSH () C:\Program Files (x86)\DLS8Uninstall.log

2015-04-10 08:18 - 2015-04-10 08:18 - 0000046 _____ () C:\Users\Paul\AppData\Roaming\Camdata.ini

2015-04-10 08:18 - 2015-04-10 08:18 - 0000408 _____ () C:\Users\Paul\AppData\Roaming\CamLayout.ini

2015-04-10 08:18 - 2015-04-10 08:18 - 0000408 _____ () C:\Users\Paul\AppData\Roaming\CamShapes.ini

2015-04-10 08:18 - 2015-04-10 08:18 - 0004518 _____ () C:\Users\Paul\AppData\Roaming\CamStudio.cfg

2016-06-29 12:16 - 2016-06-29 13:54 - 0000139 _____ () C:\Users\Paul\AppData\Roaming\NWNToolPrefs.txt

2015-03-13 18:46 - 2016-06-30 08:38 - 0004702 _____ () C:\Users\Paul\AppData\Roaming\prio.ini

2015-08-24 16:55 - 2015-08-24 18:31 - 14548992 _____ () C:\Users\Paul\AppData\Roaming\Sandra.mdb

2015-10-13 22:46 - 2015-10-13 22:48 - 0006144 _____ () C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2016-06-03 20:20 - 2016-06-03 20:20 - 0000036 _____ () C:\Users\Paul\AppData\Local\housecall.guid.cache

2015-07-17 17:45 - 2016-04-21 00:26 - 0000600 _____ () C:\Users\Paul\AppData\Local\PUTTY.RND

2016-07-26 15:52 - 2016-07-26 15:52 - 0000218 _____ () C:\Users\Paul\AppData\Local\recently-used.xbel

2015-11-10 22:32 - 2015-11-10 22:32 - 0007601 _____ () C:\Users\Paul\AppData\Local\Resmon.ResmonCfg

2016-06-03 22:11 - 2016-06-03 22:11 - 0000010 _____ () C:\Users\Paul\AppData\Local\sponge.last.runtime.cache

2016-07-04 15:08 - 2016-07-04 15:08 - 0019535 _____ () C:\ProgramData\empty.ico

2015-03-19 09:37 - 2016-06-22 18:28 - 0028173 _____ () C:\ProgramData\lmab.log

 

Some files in TEMP:

====================

C:\Users\Paul\AppData\Local\Temp\i4jdel0.exe

C:\Users\Paul\AppData\Local\Temp\libeay32.dll

C:\Users\Paul\AppData\Local\Temp\msvcr120.dll

C:\Users\Paul\AppData\Local\Temp\playstv_patch.exe

C:\Users\Paul\AppData\Local\Temp\pushbullet_watchdog.exe

C:\Users\Paul\AppData\Local\Temp\raptrpatch.exe

C:\Users\Paul\AppData\Local\Temp\raptr_stub.exe

C:\Users\Paul\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Paul\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2016-08-20 07:10

 

==================== End of FRST.txt ============================

 

Attached Files



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:32 PM

Posted 21 August 2016 - 09:08 AM


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR Extension: (Flash Video Downloader) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2016-08-17]
CHR Extension: (Browse Queue) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apjemfcjhjmbbamfdoimecdchmmmofhb [2016-06-19]
CHR HKU\S-1-5-21-842475166-3683424370-3109751953-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
S3 dcdbas; \SystemRoot\System32\drivers\dcdbas64.sys [X]
C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc
C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apjemfcjhjmbbamfdoimecdchmmmofhb
CustomCLSID: HKU\S-1-5-21-842475166-3683424370-3109751953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
Task: {0793DDB3-50B7-4D70-92AC-6D1E41038FD3} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {0B7EBBCD-3DC0-4102-B640-532D6656F798} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {265346B7-0B08-4C48-8D81-34FE02B05EC8} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {284F015F-1A9E-4FB0-BB84-86F99AB919D8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3974CD9B-616D-46D2-AF97-EBCDADE98F3D} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {4C261A89-E9B2-489E-9693-A62958F016F5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4E30B532-1737-45B1-9DEA-A8DF58F357FB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {752DCCF4-1195-44A6-A98B-0FC6259DB62A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {760A7686-5607-41EB-AB73-498BBC77BADC} - \ConfigFree Startup Programs -> No File <==== ATTENTION
Task: {B6A562FE-1105-4C6B-8627-76A6295FAEA3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C7FA5557-6580-405D-B7DF-5E9F08D5F695} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D1BA2761-3D1C-44FA-925C-54E4642B6DF3} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {D5467E6E-B449-47B1-A56F-36B83EF88D68} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DAEDDCE4-6927-480B-BF54-6D01CA4BAA81} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E2CA90C6-4929-445E-BD9C-4BE3679E59FD} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {F81F67D0-E161-4439-B04F-5AFBF84BE1FD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:C7A9BA7F [272]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the file and let me know if the problem persists.

#15 Protopia

Protopia
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 21 August 2016 - 01:02 PM

I did that and rebooted and got 6 or so ESET warnings about this - so its not cured yet.

 

Do you want another FRST scan?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users