Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System trying to connect to multiple IP on port 8888


  • This topic is locked This topic is locked
5 replies to this topic

#1 gpontis

gpontis

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 09 July 2016 - 11:22 AM

Windows 7, x64.

EMET 5.5

No AV

firewall: separate computer running OpenBSD with PF

 

I noticed a rapid succession of packets going out on the internet to suspicious IP, all aimed at port 8888. Here is one burst that I got from tcpdump:

 

07:48:14.878761 192.168.1.111.1286 > host.my-tss.com.8888: S 3476452961:3476452961(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.878879 192.168.1.111.1287 > 208.167.254.98.8888: S 4017075576:4017075576(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879002 192.168.1.111.1288 > 108.61.228.99.8888: S 1349937316:1349937316(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879124 192.168.1.111.1289 > 162.216.46.34.8888: S 4018100496:4018100496(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879245 192.168.1.111.1290 > 104.156.240.156.8888: S 3494645583:3494645583(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879366 192.168.1.111.1291 > 104.200.154.96.8888: S 360574494:360574494(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879368 192.168.1.111.1292 > 104.200.151.11.8888: S 3536689075:3536689075(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879489 192.168.1.111.1293 > 104.156.228.165.8888: S 1862038447:1862038447(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879613 192.168.1.111.1294 > d15f3280.setaptr.net.8888: S 4091261163:4091261163(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879735 192.168.1.111.1295 > 104.238.169.23.8888: S 3335169738:3335169738(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879857 192.168.1.111.1296 > 92b91cfc.rdns.100tb.com.8888: S 1871084788:1871084788(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879860 192.168.1.111.1297 > 172.98.67.127.8888: S 893589533:893589533(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879979 192.168.1.111.1298 > 173.199.65.24.choopa.net.8888: S 3916149417:3916149417(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880102 192.168.1.111.1299 > 2f.06.01a8.ip4.static.sl-reverse.com.8888: S 2710558423:2710558423(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880222 192.168.1.111.1300 > 9.4b.01a8.ip4.static.sl-reverse.com.8888: S 1106162657:1106162657(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880345 192.168.1.111.1301 > 107.150.94.6.8888: S 3137397753:3137397753(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880348 192.168.1.111.1302 > tsn109-201-152-227.dyn.nltelcom.net.8888: S 3882590632:3882590632(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880476 192.168.1.111.1303 > 185.3.135.146.8888: S 2622796143:2622796143(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880586 192.168.1.111.1304 > 192.40.88.71.8888: S 2051452973:2051452973(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880708 192.168.1.111.1305 > 192.40.89.19.8888: S 2202609241:2202609241(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880711 192.168.1.111.1306 > 192.40.95.10.8888: S 2747790111:2747790111(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880830 192.168.1.111.1307 > 179.43.178.66.8888: S 3682643731:3682643731(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880952 192.168.1.111.1308 > 108.61.122.152.choopa.net.8888: S 2823140411:2823140411(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880955 192.168.1.111.1309 > hosted-by.leaseweb.com.8888: S 3901600789:3901600789(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881074 192.168.1.111.1310 > 185.108.128.9.8888: S 3195045884:3195045884(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881214 192.168.1.111.1311 > e2.85.7a9f.ip4.static.sl-reverse.com.8888: S 2037801718:2037801718(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881318 192.168.1.111.1312 > D.C.B.A-nia.romaninternet.com.8888: S 1801130459:1801130459(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881321 192.168.1.111.1313 > vpn.8888: S 4041098794:4041098794(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881440 192.168.1.111.1314 > 84.f9.5177.ip4.static.sl-reverse.com.8888: S 97354762:97354762(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881562 192.168.1.111.1315 > 58.7c.5177.ip4.static.sl-reverse.com.8888: S 2189574550:2189574550(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881685 192.168.1.111.1316 > 93.48.caa1.ip4.static.sl-reverse.com.8888: S 1982592617:1982592617(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881688 192.168.1.111.1317 > 31-168-172-142.telavivwifi.com.8888: S 738721504:738721504(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881801 192.168.1.111.1318 > d8.00.39a9.ip4.static.sl-reverse.com.8888: S 2051320951:2051320951(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881932 192.168.1.111.1319 > 105.145.154.177.static.sp2.alog.com.br.8888: S 4022182732:4022182732(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881935 192.168.1.111.1320 > server9.hosted-by-100tb.com.8888: S 1839012297:1839012297(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.877356 192.168.1.111.1291 > 104.200.154.96.8888: S 360574494:360574494(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.877359 192.168.1.111.1308 > 108.61.122.152.choopa.net.8888: S 2823140411:2823140411(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.877361 192.168.1.111.1312 > D.C.B.A-nia.romaninternet.com.8888: S 1801130459:1801130459(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.877363 192.168.1.111.1314 > 84.f9.5177.ip4.static.sl-reverse.com.8888: S 97354762:97354762(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.877365 192.168.1.111.1299 > 2f.06.01a8.ip4.static.sl-reverse.com.8888: S 2710558423:2710558423(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878313 192.168.1.111.1294 > d15f3280.setaptr.net.8888: S 4091261163:4091261163(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878316 192.168.1.111.1310 > 185.108.128.9.8888: S 3195045884:3195045884(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878318 192.168.1.111.1301 > 107.150.94.6.8888: S 3137397753:3137397753(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878320 192.168.1.111.1311 > e2.85.7a9f.ip4.static.sl-reverse.com.8888: S 2037801718:2037801718(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878439 192.168.1.111.1288 > 108.61.228.99.8888: S 1349937316:1349937316(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878442 192.168.1.111.1318 > d8.00.39a9.ip4.static.sl-reverse.com.8888: S 2051320951:2051320951(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878444 192.168.1.111.1307 > 179.43.178.66.8888: S 3682643731:3682643731(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878445 192.168.1.111.1292 > 104.200.151.11.8888: S 3536689075:3536689075(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878447 192.168.1.111.1315 > 58.7c.5177.ip4.static.sl-reverse.com.8888: S 2189574550:2189574550(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878449 192.168.1.111.1313 > vpn.8888: S 4041098794:4041098794(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878451 192.168.1.111.1287 > 208.167.254.98.8888: S 4017075576:4017075576(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878453 192.168.1.111.1296 > 92b91cfc.rdns.100tb.com.8888: S 1871084788:1871084788(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878454 192.168.1.111.1289 > 162.216.46.34.8888: S 4018100496:4018100496(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878456 192.168.1.111.1302 > tsn109-201-152-227.dyn.nltelcom.net.8888: S 3882590632:3882590632(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878458 192.168.1.111.1306 > 192.40.95.10.8888: S 2747790111:2747790111(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878460 192.168.1.111.1305 > 192.40.89.19.8888: S 2202609241:2202609241(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878462 192.168.1.111.1309 > hosted-by.leaseweb.com.8888: S 3901600789:3901600789(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878463 192.168.1.111.1286 > host.my-tss.com.8888: S 3476452961:3476452961(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878465 192.168.1.111.1317 > 31-168-172-142.telavivwifi.com.8888: S 738721504:738721504(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879340 192.168.1.111.1298 > 173.199.65.24.choopa.net.8888: S 3916149417:3916149417(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879342 192.168.1.111.1297 > 172.98.67.127.8888: S 893589533:893589533(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879344 192.168.1.111.1293 > 104.156.228.165.8888: S 1862038447:1862038447(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879346 192.168.1.111.1295 > 104.238.169.23.8888: S 3335169738:3335169738(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879459 192.168.1.111.1304 > 192.40.88.71.8888: S 2051452973:2051452973(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879461 192.168.1.111.1320 > server9.hosted-by-100tb.com.8888: S 1839012297:1839012297(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879463 192.168.1.111.1290 > 104.156.240.156.8888: S 3494645583:3494645583(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879465 192.168.1.111.1303 > 185.3.135.146.8888: S 2622796143:2622796143(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879467 192.168.1.111.1316 > 93.48.caa1.ip4.static.sl-reverse.com.8888: S 1982592617:1982592617(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879469 192.168.1.111.1300 > 9.4b.01a8.ip4.static.sl-reverse.com.8888: S 1106162657:1106162657(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879471 192.168.1.111.1319 > 105.145.154.177.static.sp2.alog.com.br.8888: S 4022182732:4022182732(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:23.878689 192.168.1.111.1294 > d15f3280.setaptr.net.8888: S 4091261163:4091261163(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878692 192.168.1.111.1310 > 185.108.128.9.8888: S 3195045884:3195045884(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878694 192.168.1.111.1301 > 107.150.94.6.8888: S 3137397753:3137397753(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878696 192.168.1.111.1307 > 179.43.178.66.8888: S 3682643731:3682643731(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878698 192.168.1.111.1311 > e2.85.7a9f.ip4.static.sl-reverse.com.8888: S 2037801718:2037801718(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878808 192.168.1.111.1315 > 58.7c.5177.ip4.static.sl-reverse.com.8888: S 2189574550:2189574550(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878811 192.168.1.111.1288 > 108.61.228.99.8888: S 1349937316:1349937316(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878813 192.168.1.111.1292 > 104.200.151.11.8888: S 3536689075:3536689075(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878815 192.168.1.111.1287 > 208.167.254.98.8888: S 4017075576:4017075576(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878817 192.168.1.111.1289 > 162.216.46.34.8888: S 4018100496:4018100496(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878819 192.168.1.111.1313 > vpn.8888: S 4041098794:4041098794(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878820 192.168.1.111.1318 > d8.00.39a9.ip4.static.sl-reverse.com.8888: S 2051320951:2051320951(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878822 192.168.1.111.1306 > 192.40.95.10.8888: S 2747790111:2747790111(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878824 192.168.1.111.1296 > 92b91cfc.rdns.100tb.com.8888: S 1871084788:1871084788(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878826 192.168.1.111.1309 > hosted-by.leaseweb.com.8888: S 3901600789:3901600789(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878828 192.168.1.111.1302 > tsn109-201-152-227.dyn.nltelcom.net.8888: S 3882590632:3882590632(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878829 192.168.1.111.1305 > 192.40.89.19.8888: S 2202609241:2202609241(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878831 192.168.1.111.1286 > host.my-tss.com.8888: S 3476452961:3476452961(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878833 192.168.1.111.1317 > 31-168-172-142.telavivwifi.com.8888: S 738721504:738721504(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879708 192.168.1.111.1298 > 173.199.65.24.choopa.net.8888: S 3916149417:3916149417(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879711 192.168.1.111.1297 > 172.98.67.127.8888: S 893589533:893589533(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879713 192.168.1.111.1293 > 104.156.228.165.8888: S 1862038447:1862038447(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879715 192.168.1.111.1295 > 104.238.169.23.8888: S 3335169738:3335169738(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879828 192.168.1.111.1304 > 192.40.88.71.8888: S 2051452973:2051452973(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879831 192.168.1.111.1320 > server9.hosted-by-100tb.com.8888: S 1839012297:1839012297(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879833 192.168.1.111.1290 > 104.156.240.156.8888: S 3494645583:3494645583(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879835 192.168.1.111.1303 > 185.3.135.146.8888: S 2622796143:2622796143(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879836 192.168.1.111.1316 > 93.48.caa1.ip4.static.sl-reverse.com.8888: S 1982592617:1982592617(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879838 192.168.1.111.1300 > 9.4b.01a8.ip4.static.sl-reverse.com.8888: S 1106162657:1106162657(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879840 192.168.1.111.1319 > 105.145.154.177.static.sp2.alog.com.br.8888: S 4022182732:4022182732(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.881700 192.168.1.111.1291 > 104.200.154.96.8888: S 360574494:360574494(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.881703 192.168.1.111.1308 > 108.61.122.152.choopa.net.8888: S 2823140411:2823140411(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.881705 192.168.1.111.1312 > D.C.B.A-nia.romaninternet.com.8888: S 1801130459:1801130459(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.881707 192.168.1.111.1314 > 84.f9.5177.ip4.static.sl-reverse.com.8888: S 97354762:97354762(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.881709 192.168.1.111.1299 > 2f.06.01a8.ip4.static.sl-reverse.com.8888: S 2710558423:2710558423(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)

 

I looked up some of the IP and find at least some of them in geographically diverse locations such as Turkey and Tel Aviv and Canada. An ASCII dump is not informative:

 

08:37:54.214882 192.168.1.111.47598 > 31-168-172-145.telavivwifi.com.8888: S 2178659013:2178659013(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
  0000: 4500 0030 3d5e 4000 4006 6f19 c0a8 016f  E..0=^@.@.o....o
  0010: 1fa8 ac91 b9ee 22b8 81db b2c5 0000 0000  ......".........
  0020: 7002 2000 c386 0000 0204 05b4 0101 0402  p. .............

08:37:54.214884 192.168.1.111.47587 > 192.40.95.10.8888: S 817663874:817663874(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
  0000: 4500 0030 3d5f 4000 4006 1c1f c0a8 016f  E..0=_@.@......o
  0010: c028 5f0a b9e3 22b8 30bc 8f82 0000 0000  .(_...".0.......
  0020: 7002 2000 e4fa 0000 0204 05b4 0101 0402  p. .............

08:37:54.214886 192.168.1.111.47579 > 173.199.65.30.choopa.net.8888: S 2190447833:2190447833(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
  0000: 4500 0030 3d60 4000 4006 4c6b c0a8 016f  E..0=`@.@.Lk...o
  0010: adc7 411e b9db 22b8 828f 94d9 0000 0000  ..A...".........
  0020: 7002 2000 be25 0000 0204 05b4 0101 0402  p. ..%..........

 

Ran the free Kaspersky Virus scan tool and it comes up clean. Also ran Malware bytes scanner and it did not get any hits.

 

I tried turning on the Win7 firewall and blocking these packets, and asking for notification. It does block the packets but there is no notification. Currently I have them blocked at the network firewall but not blocked at the local PC.

 

FRST log follows:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-07-2016
Ran by GPontis (administrator) on EL_NEGRO (09-07-2016 08:44:32)
Running from C:\Users\GPontis\Downloads
Loaded Profiles: GPontis (Available Profiles: GPontis)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Flexera Software, Inc.) C:\Cadence\LicenseManager\lmgrd.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files\pia_manager\pia_manager.exe
(CANON INC.) C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Users\GPontis\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Flexera Software, Inc.) C:\Cadence\LicenseManager\lmgrd.exe
() C:\Cadence\LicenseManager\cdslmd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(hxxp://www.ruby-lang.org/) C:\Users\GPontis\AppData\Local\Temp\ocr48D2.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(hxxp://www.ruby-lang.org/) C:\Users\GPontis\AppData\Local\Temp\ocr68C0.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(VanDyke Software, Inc.) C:\Program Files\VanDyke Software\Clients\SecureCRT.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [508312 2009-12-15] (CANON INC.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [570152 2014-08-14] (Acronis)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-26] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323056 2015-11-04] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2016-04-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5343664 2015-07-20] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [691056 2015-07-20] (Acronis International GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-587778828-1590401162-796269308-1000\...\Run: [Amazon Music] => C:\Users\GPontis\AppData\Local\Amazon Music\Amazon Music Helper.exe [5890368 2015-12-14] ()
HKU\S-1-5-21-587778828-1590401162-796269308-1000\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
HKU\S-1-5-21-587778828-1590401162-796269308-1000\...\RunOnce: [Uninstall C:\Users\GPontis\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\GPontis\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64"
HKU\S-1-5-21-587778828-1590401162-796269308-1000\...\RunOnce: [Uninstall C:\Users\GPontis\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\GPontis\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-587778828-1590401162-796269308-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
ShellIconOverlayIdentifiers: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers-x32: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Software Updater Beta.lnk [2016-07-09]
ShortcutTarget: Kaspersky Software Updater Beta.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe (AO Kaspersky Lab)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{635AB71F-89B2-4475-B3C8-A7BEF4C05B0F}: [DhcpNameServer] 192.168.144.5 192.168.144.6
Tcpip\..\Interfaces\{74F2E3F1-C0F4-46B6-B0AA-7F2D0B518F99}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B735400A-C888-4803-B88C-41F55B3EFC1A}: [DhcpNameServer] 192.168.0.7 192.168.0.10
Tcpip\..\Interfaces\{EB86D60F-2C2D-4D1B-83EE-AE60B5DA31BB}: [DhcpNameServer] 209.222.18.222 209.222.18.218

Internet Explorer:
==================
HKU\S-1-5-21-587778828-1590401162-796269308-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/search?q=google&sourceid=ie7&rls=com.microsoft:en-US:IE-Address&ie=&oe=&gws_rd=ssl
SearchScopes: HKU\S-1-5-21-587778828-1590401162-796269308-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-06-18] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-06-18] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-18] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-06-18] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP12_CP1-16851/webex/ieatgpc1.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-18] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-07-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-18] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-587778828-1590401162-796269308-1000: @citrixonline.com/appdetectorplugin -> C:\Users\GPontis\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-12-17] (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-05-16]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-04-23]

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\GPontis\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-06-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor14.0; C:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe [226016 2015-12-07] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 Cadence License Manager; C:\Cadence\LicenseManager\lmgrd.exe [1814352 2011-08-30] (Flexera Software, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2944768 2016-06-10] (Microsoft Corporation)
R2 EMET_Service; C:\Program Files (x86)\EMET 5.5\EMET_Service.exe [33960 2016-01-29] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-26] (NVIDIA Corporation)
R2 hasplms; C:\Windows\system32\hasplms.exe [4665168 2015-09-23] (SafeNet Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19440 2015-11-04] (Intel Corporation)
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-26] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-26] (NVIDIA Corporation)
R2 vmware-converter-agent; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [423536 2011-08-19] (VMware, Inc.)
R2 vmware-converter-server; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [423536 2011-08-19] (VMware, Inc.)
R2 vmware-converter-worker; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [423536 2011-08-19] (VMware, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [77912 2015-09-23] (SafeNet Inc.)
R3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [81368 2015-09-23] (SafeNet Inc.)
R3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [322560 2015-09-23] (SafeNet Inc.)
S3 bmdrvr; C:\Windows\SysWow64\drivers\bmdrvr.sys [74352 2011-03-15] (VMware, Inc.)
R3 e1qexpress; C:\Windows\System32\DRIVERS\e1q60x64.sys [244736 2009-06-10] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2015-08-28] (Acronis International GmbH)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [350552 2015-09-23] (SafeNet Inc.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [31728 2015-11-12] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
S3 PixeLINKUsbcamX64; C:\Windows\System32\DRIVERS\pxlusb64.sys [55680 2013-04-10] (PixeLINK Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
S3 ser2at; C:\Windows\System32\DRIVERS\ser2at64.sys [96256 2009-10-15] (ATEN)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1058632 2015-08-28] (Acronis International GmbH)
R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [248648 2015-08-28] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-06-01] (Acronis International GmbH)
R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [33472 2016-04-14] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2012-12-05] (Jungo)
R3 WirelessKeyboardFilter; C:\Windows\System32\DRIVERS\WirelessKeyboardFilter.sys [49384 2016-03-29] (Microsoft Corporation)
R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [27384 2012-12-05] (Xilinx, Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-09 08:44 - 2016-07-09 08:44 - 00025182 _____ C:\Users\GPontis\Downloads\FRST.txt
2016-07-09 08:44 - 2016-07-09 08:44 - 00000000 ____D C:\FRST
2016-07-09 08:42 - 2016-07-09 08:42 - 02390016 _____ (Farbar) C:\Users\GPontis\Downloads\FRST64.exe
2016-07-09 07:53 - 2016-07-09 07:53 - 00000000 ____D C:\Users\GPontis\AppData\Local\CEF
2016-07-09 07:52 - 2016-07-09 07:52 - 00001095 _____ C:\Users\Public\Desktop\Kaspersky Software Updater Beta.lnk
2016-07-09 07:52 - 2016-07-09 07:52 - 00001055 _____ C:\Users\Public\Desktop\Kaspersky Security Scan.lnk
2016-07-09 07:52 - 2016-07-09 07:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater Beta
2016-07-09 07:52 - 2016-07-09 07:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2016-07-09 07:52 - 2016-07-09 07:52 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-07-09 07:52 - 2016-07-09 07:52 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-07-09 07:52 - 2016-07-09 07:52 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-07-08 07:00 - 2016-07-08 07:00 - 10103621 _____ C:\Users\GPontis\Downloads\Spectrum_19914_Jul_2016.PDF
2016-07-07 13:23 - 2016-07-07 13:23 - 00281705 _____ C:\Users\GPontis\Desktop\PV Site Map.PDF
2016-07-05 17:11 - 2016-07-05 17:11 - 00080403 _____ C:\Users\GPontis\Downloads\C_CL32A475KLULNNE.pdf
2016-07-05 16:21 - 2016-07-05 16:21 - 00223072 _____ C:\Users\GPontis\Downloads\C_CL10A475KA8NQNC.pdf
2016-07-01 15:05 - 2016-07-01 15:05 - 01928684 _____ C:\Users\GPontis\Downloads\fast_data_2.csv.gz
2016-06-29 11:03 - 2016-06-29 11:03 - 36416458 _____ C:\Users\GPontis\Downloads\KollerPics6-28-16-2016-06-29.zip
2016-06-25 12:25 - 2016-06-25 12:26 - 00331449 _____ C:\Users\GPontis\Downloads\UMK107AB7105KA-T_SS.pdf
2016-06-25 12:12 - 2016-06-25 12:12 - 00054530 _____ C:\Users\GPontis\Downloads\C_CL21B106KPQNFNE.pdf
2016-06-25 07:28 - 2016-06-25 07:28 - 00054530 _____ C:\Users\GPontis\Downloads\C_CL21B106KPQNNNE.pdf
2016-06-25 07:12 - 2016-06-25 07:12 - 00309834 _____ C:\Users\GPontis\Downloads\JMK107ABJ106MAHT_SS.pdf
2016-06-25 07:05 - 2016-06-25 07:05 - 00047747 _____ C:\Users\GPontis\Downloads\C_CL10X106MP8NRNC.pdf
2016-06-24 11:44 - 2016-05-16 16:22 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-06-24 11:44 - 2016-05-16 16:19 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-06-24 11:44 - 2016-05-16 16:19 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-06-24 11:44 - 2016-05-16 16:19 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-24 11:44 - 2016-05-16 16:19 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-24 11:44 - 2016-05-16 16:18 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-06-24 11:44 - 2016-05-16 16:18 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-06-24 11:44 - 2016-05-16 16:17 - 01732888 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-06-24 11:44 - 2016-05-16 16:16 - 01314136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 14:23 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-06-24 11:44 - 2016-05-16 14:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-24 11:44 - 2016-05-16 14:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-06-24 11:44 - 2016-05-16 14:23 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-06-24 11:44 - 2016-05-16 14:19 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-06-24 11:44 - 2016-05-16 14:19 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-06-24 11:44 - 2016-05-16 14:16 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-24 11:44 - 2016-05-16 14:15 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-24 11:44 - 2016-05-16 14:15 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-24 11:44 - 2016-05-16 14:14 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-06-24 11:44 - 2016-05-16 14:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-06-24 11:44 - 2016-05-16 14:14 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-24 11:44 - 2016-05-16 14:10 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-06-24 11:44 - 2016-05-16 14:10 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-06-24 11:44 - 2016-05-16 14:10 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-06-24 11:44 - 2016-05-16 14:10 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-06-24 11:44 - 2016-05-16 14:09 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-06-24 11:44 - 2016-05-16 14:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 14:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 14:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 14:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-06-24 11:44 - 2016-05-13 15:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-06-24 11:44 - 2016-05-13 15:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-06-24 11:44 - 2016-05-13 15:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-06-24 11:44 - 2016-05-13 15:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-06-24 11:44 - 2016-05-13 14:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-06-24 11:44 - 2016-05-13 14:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-06-24 11:44 - 2016-05-13 14:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-06-24 11:44 - 2016-05-13 14:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-06-24 11:44 - 2016-05-13 14:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-06-24 11:44 - 2016-05-13 14:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-06-24 11:44 - 2016-05-13 14:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-06-24 11:44 - 2016-05-13 14:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-06-24 11:44 - 2016-05-13 14:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-06-24 11:44 - 2016-05-13 14:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-06-24 11:44 - 2016-05-13 14:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-06-24 11:44 - 2016-05-13 14:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-06-24 11:44 - 2016-05-12 10:14 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-06-24 11:44 - 2016-05-12 10:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-06-24 11:44 - 2016-05-12 08:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-06-24 11:44 - 2016-05-12 08:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-06-24 11:44 - 2016-05-12 08:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-06-24 11:44 - 2016-05-04 10:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-24 11:44 - 2016-05-04 10:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-24 11:44 - 2016-05-04 10:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-06-24 11:44 - 2016-05-04 10:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-06-24 11:44 - 2016-05-04 10:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-06-24 11:44 - 2016-05-04 10:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-06-24 11:44 - 2016-05-04 10:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-06-24 11:44 - 2016-05-04 10:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-06-24 11:44 - 2016-05-04 10:16 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-24 11:44 - 2016-05-04 10:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-24 11:44 - 2016-05-04 08:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-06-24 11:44 - 2016-05-04 07:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-06-23 16:00 - 2016-06-23 16:01 - 14540436 _____ C:\Users\GPontis\Downloads\eagle.zip
2016-06-22 09:19 - 2016-06-22 09:19 - 02697018 _____ C:\Users\GPontis\Desktop\E4400-90323.pdf
2016-06-20 09:04 - 2016-06-20 19:25 - 00000000 ____D C:\Users\GPontis\Desktop\Solar Installation
2016-06-20 08:32 - 2016-06-20 08:32 - 00277273 _____ C:\Users\GPontis\Desktop\solaredge-se3000a-us-u-inverter-specs-2669527910.pdf
2016-06-20 08:07 - 2016-05-23 16:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-20 08:07 - 2016-05-23 15:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-06-20 08:07 - 2016-05-21 10:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-20 08:07 - 2016-05-21 09:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-20 08:07 - 2016-05-20 15:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-20 08:07 - 2016-05-20 15:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-20 08:07 - 2016-05-20 15:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-06-20 08:07 - 2016-05-20 15:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-20 08:07 - 2016-05-20 15:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-20 08:07 - 2016-05-20 15:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-20 08:07 - 2016-05-20 15:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-20 08:07 - 2016-05-20 15:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-20 08:07 - 2016-05-20 15:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-20 08:07 - 2016-05-20 15:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-20 08:07 - 2016-05-20 15:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-20 08:07 - 2016-05-20 14:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-20 08:07 - 2016-05-20 14:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-20 08:07 - 2016-05-20 14:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-06-20 08:07 - 2016-05-20 14:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-06-20 08:07 - 2016-05-20 14:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-20 08:07 - 2016-05-20 14:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-06-20 08:07 - 2016-05-20 14:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-20 08:07 - 2016-05-20 14:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-20 08:07 - 2016-05-20 14:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-20 08:07 - 2016-05-20 14:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-20 08:07 - 2016-05-20 14:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-20 08:07 - 2016-05-20 14:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-20 08:07 - 2016-05-20 14:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-06-20 08:07 - 2016-05-20 14:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-06-20 08:07 - 2016-05-20 14:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-20 08:07 - 2016-05-20 14:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-06-20 08:07 - 2016-05-20 14:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-20 08:07 - 2016-05-20 14:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-06-20 08:07 - 2016-05-20 14:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-06-20 08:07 - 2016-05-20 14:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-20 08:07 - 2016-05-20 14:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-06-20 08:07 - 2016-05-20 14:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-20 08:07 - 2016-05-20 14:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-20 08:07 - 2016-05-20 14:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-20 08:07 - 2016-05-20 14:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-20 08:07 - 2016-05-20 14:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-20 08:07 - 2016-05-20 14:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-20 08:07 - 2016-05-20 14:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-06-20 08:07 - 2016-05-20 14:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-20 08:07 - 2016-05-20 14:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-06-20 08:07 - 2016-05-20 14:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-06-20 08:07 - 2016-05-20 14:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-20 08:07 - 2016-05-20 14:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-20 08:07 - 2016-05-20 14:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-06-20 08:07 - 2016-05-20 14:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-20 08:07 - 2016-05-20 14:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-20 08:07 - 2016-05-20 14:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-20 08:07 - 2016-05-20 14:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-20 08:07 - 2016-05-20 14:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-20 08:07 - 2016-05-20 14:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-20 08:07 - 2016-05-20 14:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-20 08:07 - 2016-05-20 14:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-20 08:07 - 2016-05-20 14:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-20 08:07 - 2016-05-20 14:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-06-20 08:07 - 2016-05-20 14:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-20 08:07 - 2016-05-20 13:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-20 08:07 - 2016-05-20 13:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-20 08:07 - 2016-05-20 13:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-20 08:07 - 2016-05-20 13:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-20 08:07 - 2016-05-20 13:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-20 08:07 - 2016-05-20 13:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-20 08:07 - 2016-05-18 09:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-20 08:07 - 2016-05-18 09:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-20 08:07 - 2016-05-13 15:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-20 08:07 - 2016-05-13 15:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-20 08:07 - 2016-05-13 15:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-20 08:07 - 2016-05-13 15:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-20 08:07 - 2016-05-13 15:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-20 08:07 - 2016-05-13 14:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-20 08:07 - 2016-05-13 14:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-06-20 08:07 - 2016-05-13 14:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-20 08:07 - 2016-05-13 14:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-06-20 08:07 - 2016-05-13 14:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-20 08:07 - 2016-05-12 10:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-20 08:07 - 2016-05-12 10:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-20 08:07 - 2016-05-12 10:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-20 08:07 - 2016-05-12 10:14 - 00793088 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-06-20 08:07 - 2016-05-12 10:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-20 08:07 - 2016-05-12 10:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-20 08:07 - 2016-05-12 10:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-20 08:07 - 2016-05-12 10:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-20 08:07 - 2016-05-12 10:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-06-20 08:07 - 2016-05-12 08:18 - 00591872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2016-06-20 08:07 - 2016-05-12 08:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-20 08:07 - 2016-05-12 08:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-20 08:07 - 2016-05-12 08:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-06-20 08:07 - 2016-05-12 08:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-20 08:07 - 2016-05-12 08:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-06-20 08:07 - 2016-05-12 08:06 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2016-06-20 08:07 - 2016-05-12 08:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-20 08:07 - 2016-05-12 07:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-20 08:07 - 2016-05-12 07:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-20 08:07 - 2016-05-12 07:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-20 08:07 - 2016-05-12 07:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2016-06-20 08:07 - 2016-05-12 07:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.exe
2016-06-20 08:07 - 2016-05-12 06:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-20 08:07 - 2016-05-12 06:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-20 08:07 - 2016-05-12 06:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-20 08:07 - 2016-05-11 10:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-20 08:07 - 2016-05-11 10:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-20 08:07 - 2016-05-11 10:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-20 08:07 - 2016-05-11 10:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-20 08:07 - 2016-05-11 08:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-20 08:07 - 2016-05-11 08:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-20 08:07 - 2016-05-11 08:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-20 08:07 - 2016-05-11 08:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-20 08:07 - 2016-05-11 08:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-20 08:07 - 2016-05-11 08:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-06-20 08:07 - 2016-05-11 07:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-18 14:47 - 2016-06-18 14:47 - 00002180 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio 2016.lnk
2016-06-18 14:32 - 2016-06-18 14:32 - 03482312 _____ (Microsoft Corporation) C:\Users\GPontis\Downloads\Setup.x86.en-us_VisioProRetail_N9KYH-G2X7P-FDW8P-87FJV-7QW4W_TX_PR_act_1_.exe
2016-06-18 13:02 - 2016-06-18 13:02 - 00000000 ____D C:\Users\GPontis\AppData\Local\SolarEdge Technologies
2016-06-18 13:00 - 2016-06-18 13:00 - 21109733 _____ C:\Users\GPontis\Downloads\solaredge-site-designer.zip
2016-06-17 20:31 - 2016-06-18 14:33 - 00000110 _____ C:\Users\GPontis\Desktop\visio.txt
2016-06-17 20:29 - 2016-06-17 20:29 - 04880584 _____ (Microsoft Corporation) C:\Users\GPontis\Downloads\Setup.x64.en-us_VisioProRetail_N9KYH-G2X7P-FDW8P-87FJV-7QW4W_TX_PR_act_1_.exe
2016-06-17 11:22 - 2016-06-17 11:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
2016-06-17 11:22 - 2016-06-17 11:22 - 00000000 ____D C:\Program Files\TortoiseSVN
2016-06-17 11:22 - 2016-06-17 11:22 - 00000000 ____D C:\Program Files\Common Files\TortoiseOverlays
2016-06-14 13:01 - 2016-06-14 13:01 - 00000000 ____D C:\Users\GPontis\AppData\Local\DesignSoft
2016-06-14 12:48 - 2016-06-14 12:48 - 00000000 ____D C:\Users\Public\Documents\DesignSoft
2016-06-14 12:48 - 2016-06-14 12:48 - 00000000 ____D C:\Users\GPontis\Documents\DesignSoft
2016-06-14 12:48 - 2016-06-14 12:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tina 9
2016-06-14 12:48 - 2016-06-14 12:48 - 00000000 ____D C:\Program Files (x86)\DesignSoft
2016-06-14 12:03 - 2016-06-14 12:08 - 108577043 _____ C:\Users\GPontis\Downloads\Tina90-TIen.9.3.150.4.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-09 08:34 - 2014-07-17 13:06 - 00000574 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-587778828-1590401162-796269308-1000.job
2016-07-09 08:32 - 2015-04-06 08:22 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-09 08:31 - 2015-04-06 08:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-09 08:31 - 2015-04-06 08:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-09 08:16 - 2013-06-17 14:43 - 00000000 ____D C:\Users\GPontis\Documents\Outlook Files
2016-07-09 07:54 - 2009-07-13 21:45 - 00027168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-09 07:54 - 2009-07-13 21:45 - 00027168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-09 07:51 - 2014-08-14 07:07 - 00000000 ____D C:\Users\GPontis\AppData\Local\Adobe
2016-07-09 07:47 - 2013-07-06 12:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-09 07:47 - 2009-07-13 22:13 - 00792710 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-09 07:47 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-07-09 07:41 - 2016-02-26 19:34 - 00000000 ____D C:\Users\GPontis\AppData\Local\TSVNCache
2016-07-09 07:41 - 2015-09-17 14:55 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-09 07:41 - 2013-07-25 13:34 - 08405015 _____ C:\Windows\TmpFile1
2016-07-09 07:41 - 2013-01-15 14:53 - 00000000 ____D C:\ProgramData\VMware
2016-07-09 07:41 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-08 20:28 - 2013-06-18 10:45 - 00000000 ____D C:\Consult
2016-07-08 20:01 - 2015-05-19 19:56 - 00000000 ____D C:\Users\GPontis\Desktop\Network
2016-07-08 19:25 - 2015-05-30 18:59 - 00000670 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-587778828-1590401162-796269308-1000.job
2016-07-08 17:39 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-07-07 18:17 - 2013-05-28 08:53 - 00000000 ____D C:\ProgramData\TEMP
2016-07-07 07:06 - 2014-06-04 07:22 - 00003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1389809592
2016-07-07 07:06 - 2013-02-05 09:07 - 00000000 ____D C:\Program Files (x86)\Opera
2016-07-03 14:09 - 2013-06-19 10:25 - 00000000 ____D C:\Users\GPontis\AppData\Roaming\vlc
2016-07-03 14:09 - 2013-02-05 09:27 - 00000000 ____D C:\Users\GPontis\Documents\Newsbin
2016-07-03 11:30 - 2013-06-20 10:05 - 00000000 ____D C:\Users\GPontis\AppData\Roaming\SpamSource
2016-07-03 11:30 - 2013-02-05 09:25 - 00000000 ____D C:\Users\GPontis\AppData\Local\Newsbin
2016-07-02 07:54 - 2013-03-12 14:55 - 00004556 _____ C:\Users\GPontis\AppData\Roaming\LTspiceIV.ini
2016-07-01 09:52 - 2015-05-30 18:59 - 00003700 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-587778828-1590401162-796269308-1000
2016-07-01 09:52 - 2014-07-17 13:06 - 00003604 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-587778828-1590401162-796269308-1000
2016-06-27 06:34 - 2013-03-08 16:56 - 26558464 _____ C:\Users\GPontis\Desktop\Business & Home.QDF
2016-06-27 06:06 - 2013-03-17 15:09 - 02923664 _____ C:\Users\GPontis\Desktop\Business & HomeOFXLOG.DAT
2016-06-25 08:17 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-06-24 16:14 - 2016-02-26 14:34 - 00000000 ____D C:\Users\GPontis\AppData\Roaming\TortoiseSVN
2016-06-23 16:42 - 2014-05-14 16:32 - 00000000 ___HD C:\__Previews
2016-06-21 14:35 - 2013-08-10 20:03 - 00000000 ____D C:\Users\GPontis\Documents\Electronics
2016-06-21 12:13 - 2010-11-20 20:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-20 08:23 - 2009-07-13 21:45 - 00439984 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-20 08:11 - 2013-07-11 07:45 - 00000000 ____D C:\Windows\system32\MRT
2016-06-20 08:08 - 2013-01-14 22:13 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-18 14:55 - 2015-10-27 20:24 - 00002162 _____ C:\Users\GPontis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-06-18 14:55 - 2015-10-27 20:24 - 00000000 ___RD C:\Users\GPontis\OneDrive
2016-06-18 14:55 - 2015-10-27 20:14 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-18 14:47 - 2013-02-17 23:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-06-18 14:15 - 2013-01-15 13:42 - 00000000 ____D C:\Users\GPontis\AppData\Local\Microsoft Help
2016-06-16 12:47 - 2013-07-06 12:42 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-16 12:47 - 2013-07-06 12:42 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-16 12:47 - 2013-07-06 12:42 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-14 12:48 - 2013-01-14 22:42 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-06-12 14:59 - 2013-04-09 19:44 - 00000000 ____D C:\Users\GPontis\Desktop\BACKUP

==================== Files in the root of some directories =======

2015-11-19 10:40 - 2015-11-19 10:42 - 0038467 _____ () C:\Users\GPontis\AppData\Roaming\Comma Separated Values.ADR
2013-03-12 14:55 - 2016-07-02 07:54 - 0004556 _____ () C:\Users\GPontis\AppData\Roaming\LTspiceIV.ini
2013-05-08 20:51 - 2013-05-08 20:52 - 125814851 _____ () C:\Users\GPontis\AppData\Roaming\SecureFX.dmp
2013-01-14 22:40 - 2015-07-22 13:45 - 0007672 _____ () C:\Users\GPontis\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\Public\SP6920102.exe

Some files in TEMP:
====================
C:\Users\GPontis\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\GPontis\AppData\Local\Temp\BCUpdate.exe
C:\Users\GPontis\AppData\Local\Temp\PATCH72n-ADIsimPE.exe
C:\Users\GPontis\AppData\Local\Temp\vlc-2.2.4-win32.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-07-07 20:04

==================== End of FRST.txt ============================

 



BC AdBot (Login to Remove)

 


#2 gpontis

gpontis
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 09 July 2016 - 12:03 PM

Windows 7 x64
EMET 5.5
No AV
External firewall, OpenBSD PF

Problem:

System has been observed trying to connect to many suspicious IP, all using port 8888.

 

I found the source of the connection attempts to be rubyw.exe, Ruby Interpreter (GUI). Furthermore it is being started by PIA, even though PIA is not active. PIA tech explains the behavior here:

 

https://www.privateinternetaccess.com/forum/discussion/790/questions-regarding-the-backround-network-scans-of-rubyw-exe

 

So it is some unfortunate behavior from an inactive program, but not an infection of my PC. Sorry for the noise.

 

George

 

 

 

 

 

Here is a log from the firewall:

 
/root >> tcpdump -i em0 port 8888
tcpdump: listening on em0, link-type EN10MB
07:48:14.878761 192.168.1.111.1286 > host.my-tss.com.8888: S 3476452961:3476452961(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.878879 192.168.1.111.1287 > 208.167.254.98.8888: S 4017075576:4017075576(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879002 192.168.1.111.1288 > 108.61.228.99.8888: S 1349937316:1349937316(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879124 192.168.1.111.1289 > 162.216.46.34.8888: S 4018100496:4018100496(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879245 192.168.1.111.1290 > 104.156.240.156.8888: S 3494645583:3494645583(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879366 192.168.1.111.1291 > 104.200.154.96.8888: S 360574494:360574494(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879368 192.168.1.111.1292 > 104.200.151.11.8888: S 3536689075:3536689075(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879489 192.168.1.111.1293 > 104.156.228.165.8888: S 1862038447:1862038447(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879613 192.168.1.111.1294 > d15f3280.setaptr.net.8888: S 4091261163:4091261163(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879735 192.168.1.111.1295 > 104.238.169.23.8888: S 3335169738:3335169738(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879857 192.168.1.111.1296 > 92b91cfc.rdns.100tb.com.8888: S 1871084788:1871084788(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879860 192.168.1.111.1297 > 172.98.67.127.8888: S 893589533:893589533(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879979 192.168.1.111.1298 > 173.199.65.24.choopa.net.8888: S 3916149417:3916149417(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880102 192.168.1.111.1299 > 2f.06.01a8.ip4.static.sl-reverse.com.8888: S 2710558423:2710558423(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880222 192.168.1.111.1300 > 9.4b.01a8.ip4.static.sl-reverse.com.8888: S 1106162657:1106162657(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880345 192.168.1.111.1301 > 107.150.94.6.8888: S 3137397753:3137397753(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880348 192.168.1.111.1302 > tsn109-201-152-227.dyn.nltelcom.net.8888: S 3882590632:3882590632(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880476 192.168.1.111.1303 > 185.3.135.146.8888: S 2622796143:2622796143(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880586 192.168.1.111.1304 > 192.40.88.71.8888: S 2051452973:2051452973(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880708 192.168.1.111.1305 > 192.40.89.19.8888: S 2202609241:2202609241(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880711 192.168.1.111.1306 > 192.40.95.10.8888: S 2747790111:2747790111(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880830 192.168.1.111.1307 > 179.43.178.66.8888: S 3682643731:3682643731(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880952 192.168.1.111.1308 > 108.61.122.152.choopa.net.8888: S 2823140411:2823140411(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880955 192.168.1.111.1309 > hosted-by.leaseweb.com.8888: S 3901600789:3901600789(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881074 192.168.1.111.1310 > 185.108.128.9.8888: S 3195045884:3195045884(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881214 192.168.1.111.1311 > e2.85.7a9f.ip4.static.sl-reverse.com.8888: S 2037801718:2037801718(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881318 192.168.1.111.1312 > D.C.B.A-nia.romaninternet.com.8888: S 1801130459:1801130459(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881321 192.168.1.111.1313 > vpn.8888: S 4041098794:4041098794(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881440 192.168.1.111.1314 > 84.f9.5177.ip4.static.sl-reverse.com.8888: S 97354762:97354762(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881562 192.168.1.111.1315 > 58.7c.5177.ip4.static.sl-reverse.com.8888: S 2189574550:2189574550(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881685 192.168.1.111.1316 > 93.48.caa1.ip4.static.sl-reverse.com.8888: S 1982592617:1982592617(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881688 192.168.1.111.1317 > 31-168-172-142.telavivwifi.com.8888: S 738721504:738721504(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881801 192.168.1.111.1318 > d8.00.39a9.ip4.static.sl-reverse.com.8888: S 2051320951:2051320951(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881932 192.168.1.111.1319 > 105.145.154.177.static.sp2.alog.com.br.8888: S 4022182732:4022182732(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881935 192.168.1.111.1320 > server9.hosted-by-100tb.com.8888: S 1839012297:1839012297(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.877356 192.168.1.111.1291 > 104.200.154.96.8888: S 360574494:360574494(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.877359 192.168.1.111.1308 > 108.61.122.152.choopa.net.8888: S 2823140411:2823140411(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.877361 192.168.1.111.1312 > D.C.B.A-nia.romaninternet.com.8888: S 1801130459:1801130459(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.877363 192.168.1.111.1314 > 84.f9.5177.ip4.static.sl-reverse.com.8888: S 97354762:97354762(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.877365 192.168.1.111.1299 > 2f.06.01a8.ip4.static.sl-reverse.com.8888: S 2710558423:2710558423(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878313 192.168.1.111.1294 > d15f3280.setaptr.net.8888: S 4091261163:4091261163(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878316 192.168.1.111.1310 > 185.108.128.9.8888: S 3195045884:3195045884(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878318 192.168.1.111.1301 > 107.150.94.6.8888: S 3137397753:3137397753(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878320 192.168.1.111.1311 > e2.85.7a9f.ip4.static.sl-reverse.com.8888: S 2037801718:2037801718(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878439 192.168.1.111.1288 > 108.61.228.99.8888: S 1349937316:1349937316(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878442 192.168.1.111.1318 > d8.00.39a9.ip4.static.sl-reverse.com.8888: S 2051320951:2051320951(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878444 192.168.1.111.1307 > 179.43.178.66.8888: S 3682643731:3682643731(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878445 192.168.1.111.1292 > 104.200.151.11.8888: S 3536689075:3536689075(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878447 192.168.1.111.1315 > 58.7c.5177.ip4.static.sl-reverse.com.8888: S 2189574550:2189574550(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878449 192.168.1.111.1313 > vpn.8888: S 4041098794:4041098794(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878451 192.168.1.111.1287 > 208.167.254.98.8888: S 4017075576:4017075576(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878453 192.168.1.111.1296 > 92b91cfc.rdns.100tb.com.8888: S 1871084788:1871084788(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878454 192.168.1.111.1289 > 162.216.46.34.8888: S 4018100496:4018100496(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878456 192.168.1.111.1302 > tsn109-201-152-227.dyn.nltelcom.net.8888: S 3882590632:3882590632(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878458 192.168.1.111.1306 > 192.40.95.10.8888: S 2747790111:2747790111(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878460 192.168.1.111.1305 > 192.40.89.19.8888: S 2202609241:2202609241(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878462 192.168.1.111.1309 > hosted-by.leaseweb.com.8888: S 3901600789:3901600789(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878463 192.168.1.111.1286 > host.my-tss.com.8888: S 3476452961:3476452961(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878465 192.168.1.111.1317 > 31-168-172-142.telavivwifi.com.8888: S 738721504:738721504(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879340 192.168.1.111.1298 > 173.199.65.24.choopa.net.8888: S 3916149417:3916149417(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879342 192.168.1.111.1297 > 172.98.67.127.8888: S 893589533:893589533(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879344 192.168.1.111.1293 > 104.156.228.165.8888: S 1862038447:1862038447(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879346 192.168.1.111.1295 > 104.238.169.23.8888: S 3335169738:3335169738(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879459 192.168.1.111.1304 > 192.40.88.71.8888: S 2051452973:2051452973(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879461 192.168.1.111.1320 > server9.hosted-by-100tb.com.8888: S 1839012297:1839012297(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879463 192.168.1.111.1290 > 104.156.240.156.8888: S 3494645583:3494645583(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879465 192.168.1.111.1303 > 185.3.135.146.8888: S 2622796143:2622796143(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879467 192.168.1.111.1316 > 93.48.caa1.ip4.static.sl-reverse.com.8888: S 1982592617:1982592617(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879469 192.168.1.111.1300 > 9.4b.01a8.ip4.static.sl-reverse.com.8888: S 1106162657:1106162657(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879471 192.168.1.111.1319 > 105.145.154.177.static.sp2.alog.com.br.8888: S 4022182732:4022182732(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:23.878689 192.168.1.111.1294 > d15f3280.setaptr.net.8888: S 4091261163:4091261163(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878692 192.168.1.111.1310 > 185.108.128.9.8888: S 3195045884:3195045884(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878694 192.168.1.111.1301 > 107.150.94.6.8888: S 3137397753:3137397753(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878696 192.168.1.111.1307 > 179.43.178.66.8888: S 3682643731:3682643731(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878698 192.168.1.111.1311 > e2.85.7a9f.ip4.static.sl-reverse.com.8888: S 2037801718:2037801718(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878808 192.168.1.111.1315 > 58.7c.5177.ip4.static.sl-reverse.com.8888: S 2189574550:2189574550(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878811 192.168.1.111.1288 > 108.61.228.99.8888: S 1349937316:1349937316(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878813 192.168.1.111.1292 > 104.200.151.11.8888: S 3536689075:3536689075(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878815 192.168.1.111.1287 > 208.167.254.98.8888: S 4017075576:4017075576(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878817 192.168.1.111.1289 > 162.216.46.34.8888: S 4018100496:4018100496(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878819 192.168.1.111.1313 > vpn.8888: S 4041098794:4041098794(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878820 192.168.1.111.1318 > d8.00.39a9.ip4.static.sl-reverse.com.8888: S 2051320951:2051320951(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878822 192.168.1.111.1306 > 192.40.95.10.8888: S 2747790111:2747790111(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878824 192.168.1.111.1296 > 92b91cfc.rdns.100tb.com.8888: S 1871084788:1871084788(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878826 192.168.1.111.1309 > hosted-by.leaseweb.com.8888: S 3901600789:3901600789(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878828 192.168.1.111.1302 > tsn109-201-152-227.dyn.nltelcom.net.8888: S 3882590632:3882590632(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878829 192.168.1.111.1305 > 192.40.89.19.8888: S 2202609241:2202609241(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878831 192.168.1.111.1286 > host.my-tss.com.8888: S 3476452961:3476452961(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878833 192.168.1.111.1317 > 31-168-172-142.telavivwifi.com.8888: S 738721504:738721504(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879708 192.168.1.111.1298 > 173.199.65.24.choopa.net.8888: S 3916149417:3916149417(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879711 192.168.1.111.1297 > 172.98.67.127.8888: S 893589533:893589533(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879713 192.168.1.111.1293 > 104.156.228.165.8888: S 1862038447:1862038447(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879715 192.168.1.111.1295 > 104.238.169.23.8888: S 3335169738:3335169738(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879828 192.168.1.111.1304 > 192.40.88.71.8888: S 2051452973:2051452973(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879831 192.168.1.111.1320 > server9.hosted-by-100tb.com.8888: S 1839012297:1839012297(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879833 192.168.1.111.1290 > 104.156.240.156.8888: S 3494645583:3494645583(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879835 192.168.1.111.1303 > 185.3.135.146.8888: S 2622796143:2622796143(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879836 192.168.1.111.1316 > 93.48.caa1.ip4.static.sl-reverse.com.8888: S 1982592617:1982592617(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879838 192.168.1.111.1300 > 9.4b.01a8.ip4.static.sl-reverse.com.8888: S 1106162657:1106162657(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879840 192.168.1.111.1319 > 105.145.154.177.static.sp2.alog.com.br.8888: S 4022182732:4022182732(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.881700 192.168.1.111.1291 > 104.200.154.96.8888: S 360574494:360574494(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.881703 192.168.1.111.1308 > 108.61.122.152.choopa.net.8888: S 2823140411:2823140411(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.881705 192.168.1.111.1312 > D.C.B.A-nia.romaninternet.com.8888: S 1801130459:1801130459(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.881707 192.168.1.111.1314 > 84.f9.5177.ip4.static.sl-reverse.com.8888: S 97354762:97354762(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.881709 192.168.1.111.1299 > 2f.06.01a8.ip4.static.sl-reverse.com.8888: S 2710558423:2710558423(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)

I can turn on the Windows 7 firewall and set it to block outgoing packets to port 8888 and provide notification. The packets are blocked but there is no notification. Currently running with Win 7 firewall turned off but OpenBSD firewall blocking any TCP connections to port 8888. Kaspersky free AV scan and Malwarebytes scan do not find any programs or processes of interest. Kaspersky recommends some changes to browser settings regarding cache, etc.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-07-2016
Ran by GPontis (administrator) on EL_NEGRO (09-07-2016 08:44:32)
Running from C:\Users\GPontis\Downloads
Loaded Profiles: GPontis (Available Profiles: GPontis)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Flexera Software, Inc.) C:\Cadence\LicenseManager\lmgrd.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files\pia_manager\pia_manager.exe
(CANON INC.) C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Users\GPontis\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Flexera Software, Inc.) C:\Cadence\LicenseManager\lmgrd.exe
() C:\Cadence\LicenseManager\cdslmd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(hxxp://www.ruby-lang.org/) C:\Users\GPontis\AppData\Local\Temp\ocr48D2.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(hxxp://www.ruby-lang.org/) C:\Users\GPontis\AppData\Local\Temp\ocr68C0.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(VanDyke Software, Inc.) C:\Program Files\VanDyke Software\Clients\SecureCRT.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [508312 2009-12-15] (CANON INC.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [570152 2014-08-14] (Acronis)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-26] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323056 2015-11-04] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2016-04-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5343664 2015-07-20] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [691056 2015-07-20] (Acronis International GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-587778828-1590401162-796269308-1000\...\Run: [Amazon Music] => C:\Users\GPontis\AppData\Local\Amazon Music\Amazon Music Helper.exe [5890368 2015-12-14] ()
HKU\S-1-5-21-587778828-1590401162-796269308-1000\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
HKU\S-1-5-21-587778828-1590401162-796269308-1000\...\RunOnce: [Uninstall C:\Users\GPontis\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\GPontis\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64"
HKU\S-1-5-21-587778828-1590401162-796269308-1000\...\RunOnce: [Uninstall C:\Users\GPontis\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\GPontis\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-587778828-1590401162-796269308-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
ShellIconOverlayIdentifiers: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers-x32: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Software Updater Beta.lnk [2016-07-09]
ShortcutTarget: Kaspersky Software Updater Beta.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe (AO Kaspersky Lab)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{635AB71F-89B2-4475-B3C8-A7BEF4C05B0F}: [DhcpNameServer] 192.168.144.5 192.168.144.6
Tcpip\..\Interfaces\{74F2E3F1-C0F4-46B6-B0AA-7F2D0B518F99}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B735400A-C888-4803-B88C-41F55B3EFC1A}: [DhcpNameServer] 192.168.0.7 192.168.0.10
Tcpip\..\Interfaces\{EB86D60F-2C2D-4D1B-83EE-AE60B5DA31BB}: [DhcpNameServer] 209.222.18.222 209.222.18.218

Internet Explorer:
==================
HKU\S-1-5-21-587778828-1590401162-796269308-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/search?q=google&sourceid=ie7&rls=com.microsoft:en-US:IE-Address&ie=&oe=&gws_rd=ssl
SearchScopes: HKU\S-1-5-21-587778828-1590401162-796269308-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-06-18] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-06-18] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-18] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-06-18] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP12_CP1-16851/webex/ieatgpc1.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-18] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-07-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-18] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-587778828-1590401162-796269308-1000: @citrixonline.com/appdetectorplugin -> C:\Users\GPontis\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-12-17] (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-05-16]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-04-23]

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\GPontis\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-06-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor14.0; C:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe [226016 2015-12-07] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 Cadence License Manager; C:\Cadence\LicenseManager\lmgrd.exe [1814352 2011-08-30] (Flexera Software, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2944768 2016-06-10] (Microsoft Corporation)
R2 EMET_Service; C:\Program Files (x86)\EMET 5.5\EMET_Service.exe [33960 2016-01-29] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-26] (NVIDIA Corporation)
R2 hasplms; C:\Windows\system32\hasplms.exe [4665168 2015-09-23] (SafeNet Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19440 2015-11-04] (Intel Corporation)
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-26] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-26] (NVIDIA Corporation)
R2 vmware-converter-agent; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [423536 2011-08-19] (VMware, Inc.)
R2 vmware-converter-server; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [423536 2011-08-19] (VMware, Inc.)
R2 vmware-converter-worker; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [423536 2011-08-19] (VMware, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [77912 2015-09-23] (SafeNet Inc.)
R3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [81368 2015-09-23] (SafeNet Inc.)
R3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [322560 2015-09-23] (SafeNet Inc.)
S3 bmdrvr; C:\Windows\SysWow64\drivers\bmdrvr.sys [74352 2011-03-15] (VMware, Inc.)
R3 e1qexpress; C:\Windows\System32\DRIVERS\e1q60x64.sys [244736 2009-06-10] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2015-08-28] (Acronis International GmbH)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [350552 2015-09-23] (SafeNet Inc.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [31728 2015-11-12] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
S3 PixeLINKUsbcamX64; C:\Windows\System32\DRIVERS\pxlusb64.sys [55680 2013-04-10] (PixeLINK Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
S3 ser2at; C:\Windows\System32\DRIVERS\ser2at64.sys [96256 2009-10-15] (ATEN)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1058632 2015-08-28] (Acronis International GmbH)
R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [248648 2015-08-28] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-06-01] (Acronis International GmbH)
R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [33472 2016-04-14] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2012-12-05] (Jungo)
R3 WirelessKeyboardFilter; C:\Windows\System32\DRIVERS\WirelessKeyboardFilter.sys [49384 2016-03-29] (Microsoft Corporation)
R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [27384 2012-12-05] (Xilinx, Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-09 08:44 - 2016-07-09 08:44 - 00025182 _____ C:\Users\GPontis\Downloads\FRST.txt
2016-07-09 08:44 - 2016-07-09 08:44 - 00000000 ____D C:\FRST
2016-07-09 08:42 - 2016-07-09 08:42 - 02390016 _____ (Farbar) C:\Users\GPontis\Downloads\FRST64.exe
2016-07-09 07:53 - 2016-07-09 07:53 - 00000000 ____D C:\Users\GPontis\AppData\Local\CEF
2016-07-09 07:52 - 2016-07-09 07:52 - 00001095 _____ C:\Users\Public\Desktop\Kaspersky Software Updater Beta.lnk
2016-07-09 07:52 - 2016-07-09 07:52 - 00001055 _____ C:\Users\Public\Desktop\Kaspersky Security Scan.lnk
2016-07-09 07:52 - 2016-07-09 07:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater Beta
2016-07-09 07:52 - 2016-07-09 07:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2016-07-09 07:52 - 2016-07-09 07:52 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-07-09 07:52 - 2016-07-09 07:52 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-07-09 07:52 - 2016-07-09 07:52 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-07-08 07:00 - 2016-07-08 07:00 - 10103621 _____ C:\Users\GPontis\Downloads\Spectrum_19914_Jul_2016.PDF
2016-07-07 13:23 - 2016-07-07 13:23 - 00281705 _____ C:\Users\GPontis\Desktop\PV Site Map.PDF
2016-07-05 17:11 - 2016-07-05 17:11 - 00080403 _____ C:\Users\GPontis\Downloads\C_CL32A475KLULNNE.pdf
2016-07-05 16:21 - 2016-07-05 16:21 - 00223072 _____ C:\Users\GPontis\Downloads\C_CL10A475KA8NQNC.pdf
2016-07-01 15:05 - 2016-07-01 15:05 - 01928684 _____ C:\Users\GPontis\Downloads\fast_data_2.csv.gz
2016-06-29 11:03 - 2016-06-29 11:03 - 36416458 _____ C:\Users\GPontis\Downloads\KollerPics6-28-16-2016-06-29.zip
2016-06-25 12:25 - 2016-06-25 12:26 - 00331449 _____ C:\Users\GPontis\Downloads\UMK107AB7105KA-T_SS.pdf
2016-06-25 12:12 - 2016-06-25 12:12 - 00054530 _____ C:\Users\GPontis\Downloads\C_CL21B106KPQNFNE.pdf
2016-06-25 07:28 - 2016-06-25 07:28 - 00054530 _____ C:\Users\GPontis\Downloads\C_CL21B106KPQNNNE.pdf
2016-06-25 07:12 - 2016-06-25 07:12 - 00309834 _____ C:\Users\GPontis\Downloads\JMK107ABJ106MAHT_SS.pdf
2016-06-25 07:05 - 2016-06-25 07:05 - 00047747 _____ C:\Users\GPontis\Downloads\C_CL10X106MP8NRNC.pdf
2016-06-24 11:44 - 2016-05-16 16:22 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-06-24 11:44 - 2016-05-16 16:19 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-06-24 11:44 - 2016-05-16 16:19 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-06-24 11:44 - 2016-05-16 16:19 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-24 11:44 - 2016-05-16 16:19 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-24 11:44 - 2016-05-16 16:18 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-06-24 11:44 - 2016-05-16 16:18 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-06-24 11:44 - 2016-05-16 16:17 - 01732888 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-06-24 11:44 - 2016-05-16 16:16 - 01314136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 14:23 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-06-24 11:44 - 2016-05-16 14:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-24 11:44 - 2016-05-16 14:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-06-24 11:44 - 2016-05-16 14:23 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-06-24 11:44 - 2016-05-16 14:19 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-06-24 11:44 - 2016-05-16 14:19 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-06-24 11:44 - 2016-05-16 14:16 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-24 11:44 - 2016-05-16 14:15 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-24 11:44 - 2016-05-16 14:15 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-24 11:44 - 2016-05-16 14:14 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-06-24 11:44 - 2016-05-16 14:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-06-24 11:44 - 2016-05-16 14:14 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-24 11:44 - 2016-05-16 14:10 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-06-24 11:44 - 2016-05-16 14:10 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-06-24 11:44 - 2016-05-16 14:10 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-06-24 11:44 - 2016-05-16 14:10 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-06-24 11:44 - 2016-05-16 14:09 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-06-24 11:44 - 2016-05-16 14:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 14:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 14:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 14:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-06-24 11:44 - 2016-05-13 15:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-06-24 11:44 - 2016-05-13 15:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-06-24 11:44 - 2016-05-13 15:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-06-24 11:44 - 2016-05-13 15:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-06-24 11:44 - 2016-05-13 14:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-06-24 11:44 - 2016-05-13 14:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-06-24 11:44 - 2016-05-13 14:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-06-24 11:44 - 2016-05-13 14:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-06-24 11:44 - 2016-05-13 14:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-06-24 11:44 - 2016-05-13 14:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-06-24 11:44 - 2016-05-13 14:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-06-24 11:44 - 2016-05-13 14:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-06-24 11:44 - 2016-05-13 14:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-06-24 11:44 - 2016-05-13 14:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-06-24 11:44 - 2016-05-13 14:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-06-24 11:44 - 2016-05-13 14:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-06-24 11:44 - 2016-05-12 10:14 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-06-24 11:44 - 2016-05-12 10:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-06-24 11:44 - 2016-05-12 08:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-06-24 11:44 - 2016-05-12 08:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-06-24 11:44 - 2016-05-12 08:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-06-24 11:44 - 2016-05-04 10:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-24 11:44 - 2016-05-04 10:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-24 11:44 - 2016-05-04 10:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-06-24 11:44 - 2016-05-04 10:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-06-24 11:44 - 2016-05-04 10:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-06-24 11:44 - 2016-05-04 10:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-06-24 11:44 - 2016-05-04 10:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-06-24 11:44 - 2016-05-04 10:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-06-24 11:44 - 2016-05-04 10:16 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-24 11:44 - 2016-05-04 10:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-24 11:44 - 2016-05-04 08:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-06-24 11:44 - 2016-05-04 07:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-06-23 16:00 - 2016-06-23 16:01 - 14540436 _____ C:\Users\GPontis\Downloads\eagle.zip
2016-06-22 09:19 - 2016-06-22 09:19 - 02697018 _____ C:\Users\GPontis\Desktop\E4400-90323.pdf
2016-06-20 09:04 - 2016-06-20 19:25 - 00000000 ____D C:\Users\GPontis\Desktop\Solar Installation
2016-06-20 08:32 - 2016-06-20 08:32 - 00277273 _____ C:\Users\GPontis\Desktop\solaredge-se3000a-us-u-inverter-specs-2669527910.pdf
2016-06-20 08:07 - 2016-05-23 16:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-20 08:07 - 2016-05-23 15:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-06-20 08:07 - 2016-05-21 10:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-20 08:07 - 2016-05-21 09:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-20 08:07 - 2016-05-20 15:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-20 08:07 - 2016-05-20 15:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-20 08:07 - 2016-05-20 15:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-06-20 08:07 - 2016-05-20 15:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-20 08:07 - 2016-05-20 15:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-20 08:07 - 2016-05-20 15:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-20 08:07 - 2016-05-20 15:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-20 08:07 - 2016-05-20 15:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-20 08:07 - 2016-05-20 15:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-20 08:07 - 2016-05-20 15:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-20 08:07 - 2016-05-20 15:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-20 08:07 - 2016-05-20 14:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-20 08:07 - 2016-05-20 14:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-20 08:07 - 2016-05-20 14:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-06-20 08:07 - 2016-05-20 14:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-06-20 08:07 - 2016-05-20 14:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-20 08:07 - 2016-05-20 14:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-06-20 08:07 - 2016-05-20 14:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-20 08:07 - 2016-05-20 14:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-20 08:07 - 2016-05-20 14:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-20 08:07 - 2016-05-20 14:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-20 08:07 - 2016-05-20 14:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-20 08:07 - 2016-05-20 14:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-20 08:07 - 2016-05-20 14:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-06-20 08:07 - 2016-05-20 14:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-06-20 08:07 - 2016-05-20 14:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-20 08:07 - 2016-05-20 14:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-06-20 08:07 - 2016-05-20 14:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-20 08:07 - 2016-05-20 14:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-06-20 08:07 - 2016-05-20 14:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-06-20 08:07 - 2016-05-20 14:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-20 08:07 - 2016-05-20 14:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-06-20 08:07 - 2016-05-20 14:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-20 08:07 - 2016-05-20 14:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-20 08:07 - 2016-05-20 14:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-20 08:07 - 2016-05-20 14:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-20 08:07 - 2016-05-20 14:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-20 08:07 - 2016-05-20 14:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-20 08:07 - 2016-05-20 14:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-06-20 08:07 - 2016-05-20 14:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-20 08:07 - 2016-05-20 14:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-06-20 08:07 - 2016-05-20 14:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-06-20 08:07 - 2016-05-20 14:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-20 08:07 - 2016-05-20 14:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-20 08:07 - 2016-05-20 14:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-06-20 08:07 - 2016-05-20 14:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-20 08:07 - 2016-05-20 14:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-20 08:07 - 2016-05-20 14:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-20 08:07 - 2016-05-20 14:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-20 08:07 - 2016-05-20 14:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-20 08:07 - 2016-05-20 14:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-20 08:07 - 2016-05-20 14:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-20 08:07 - 2016-05-20 14:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-20 08:07 - 2016-05-20 14:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-20 08:07 - 2016-05-20 14:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-06-20 08:07 - 2016-05-20 14:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-20 08:07 - 2016-05-20 13:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-20 08:07 - 2016-05-20 13:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-20 08:07 - 2016-05-20 13:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-20 08:07 - 2016-05-20 13:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-20 08:07 - 2016-05-20 13:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-20 08:07 - 2016-05-20 13:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-20 08:07 - 2016-05-18 09:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-20 08:07 - 2016-05-18 09:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-20 08:07 - 2016-05-13 15:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-20 08:07 - 2016-05-13 15:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-20 08:07 - 2016-05-13 15:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-20 08:07 - 2016-05-13 15:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-20 08:07 - 2016-05-13 15:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-20 08:07 - 2016-05-13 14:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-20 08:07 - 2016-05-13 14:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-06-20 08:07 - 2016-05-13 14:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-20 08:07 - 2016-05-13 14:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-06-20 08:07 - 2016-05-13 14:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-20 08:07 - 2016-05-12 10:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-20 08:07 - 2016-05-12 10:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-20 08:07 - 2016-05-12 10:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-20 08:07 - 2016-05-12 10:14 - 00793088 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-06-20 08:07 - 2016-05-12 10:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-20 08:07 - 2016-05-12 10:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-20 08:07 - 2016-05-12 10:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-20 08:07 - 2016-05-12 10:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-20 08:07 - 2016-05-12 10:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-06-20 08:07 - 2016-05-12 08:18 - 00591872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2016-06-20 08:07 - 2016-05-12 08:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-20 08:07 - 2016-05-12 08:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-20 08:07 - 2016-05-12 08:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-06-20 08:07 - 2016-05-12 08:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-20 08:07 - 2016-05-12 08:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-06-20 08:07 - 2016-05-12 08:06 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2016-06-20 08:07 - 2016-05-12 08:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-20 08:07 - 2016-05-12 07:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-20 08:07 - 2016-05-12 07:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-20 08:07 - 2016-05-12 07:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-20 08:07 - 2016-05-12 07:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2016-06-20 08:07 - 2016-05-12 07:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.exe
2016-06-20 08:07 - 2016-05-12 06:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-20 08:07 - 2016-05-12 06:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-20 08:07 - 2016-05-12 06:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-20 08:07 - 2016-05-11 10:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-20 08:07 - 2016-05-11 10:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-20 08:07 - 2016-05-11 10:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-20 08:07 - 2016-05-11 10:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-20 08:07 - 2016-05-11 08:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-20 08:07 - 2016-05-11 08:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-20 08:07 - 2016-05-11 08:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-20 08:07 - 2016-05-11 08:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-20 08:07 - 2016-05-11 08:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-20 08:07 - 2016-05-11 08:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-06-20 08:07 - 2016-05-11 07:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-18 14:47 - 2016-06-18 14:47 - 00002180 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio 2016.lnk
2016-06-18 14:32 - 2016-06-18 14:32 - 03482312 _____ (Microsoft Corporation) C:\Users\GPontis\Downloads\Setup.x86.en-us_VisioProRetail_N9KYH-G2X7P-FDW8P-87FJV-7QW4W_TX_PR_act_1_.exe
2016-06-18 13:02 - 2016-06-18 13:02 - 00000000 ____D C:\Users\GPontis\AppData\Local\SolarEdge Technologies
2016-06-18 13:00 - 2016-06-18 13:00 - 21109733 _____ C:\Users\GPontis\Downloads\solaredge-site-designer.zip
2016-06-17 20:31 - 2016-06-18 14:33 - 00000110 _____ C:\Users\GPontis\Desktop\visio.txt
2016-06-17 20:29 - 2016-06-17 20:29 - 04880584 _____ (Microsoft Corporation) C:\Users\GPontis\Downloads\Setup.x64.en-us_VisioProRetail_N9KYH-G2X7P-FDW8P-87FJV-7QW4W_TX_PR_act_1_.exe
2016-06-17 11:22 - 2016-06-17 11:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
2016-06-17 11:22 - 2016-06-17 11:22 - 00000000 ____D C:\Program Files\TortoiseSVN
2016-06-17 11:22 - 2016-06-17 11:22 - 00000000 ____D C:\Program Files\Common Files\TortoiseOverlays
2016-06-14 13:01 - 2016-06-14 13:01 - 00000000 ____D C:\Users\GPontis\AppData\Local\DesignSoft
2016-06-14 12:48 - 2016-06-14 12:48 - 00000000 ____D C:\Users\Public\Documents\DesignSoft
2016-06-14 12:48 - 2016-06-14 12:48 - 00000000 ____D C:\Users\GPontis\Documents\DesignSoft
2016-06-14 12:48 - 2016-06-14 12:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tina 9
2016-06-14 12:48 - 2016-06-14 12:48 - 00000000 ____D C:\Program Files (x86)\DesignSoft
2016-06-14 12:03 - 2016-06-14 12:08 - 108577043 _____ C:\Users\GPontis\Downloads\Tina90-TIen.9.3.150.4.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-09 08:34 - 2014-07-17 13:06 - 00000574 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-587778828-1590401162-796269308-1000.job
2016-07-09 08:32 - 2015-04-06 08:22 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-09 08:31 - 2015-04-06 08:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-09 08:31 - 2015-04-06 08:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-09 08:16 - 2013-06-17 14:43 - 00000000 ____D C:\Users\GPontis\Documents\Outlook Files
2016-07-09 07:54 - 2009-07-13 21:45 - 00027168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-09 07:54 - 2009-07-13 21:45 - 00027168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-09 07:51 - 2014-08-14 07:07 - 00000000 ____D C:\Users\GPontis\AppData\Local\Adobe
2016-07-09 07:47 - 2013-07-06 12:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-09 07:47 - 2009-07-13 22:13 - 00792710 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-09 07:47 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-07-09 07:41 - 2016-02-26 19:34 - 00000000 ____D C:\Users\GPontis\AppData\Local\TSVNCache
2016-07-09 07:41 - 2015-09-17 14:55 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-09 07:41 - 2013-07-25 13:34 - 08405015 _____ C:\Windows\TmpFile1
2016-07-09 07:41 - 2013-01-15 14:53 - 00000000 ____D C:\ProgramData\VMware
2016-07-09 07:41 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-08 20:28 - 2013-06-18 10:45 - 00000000 ____D C:\Consult
2016-07-08 20:01 - 2015-05-19 19:56 - 00000000 ____D C:\Users\GPontis\Desktop\Network
2016-07-08 19:25 - 2015-05-30 18:59 - 00000670 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-587778828-1590401162-796269308-1000.job
2016-07-08 17:39 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-07-07 18:17 - 2013-05-28 08:53 - 00000000 ____D C:\ProgramData\TEMP
2016-07-07 07:06 - 2014-06-04 07:22 - 00003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1389809592
2016-07-07 07:06 - 2013-02-05 09:07 - 00000000 ____D C:\Program Files (x86)\Opera
2016-07-03 14:09 - 2013-06-19 10:25 - 00000000 ____D C:\Users\GPontis\AppData\Roaming\vlc
2016-07-03 14:09 - 2013-02-05 09:27 - 00000000 ____D C:\Users\GPontis\Documents\Newsbin
2016-07-03 11:30 - 2013-06-20 10:05 - 00000000 ____D C:\Users\GPontis\AppData\Roaming\SpamSource
2016-07-03 11:30 - 2013-02-05 09:25 - 00000000 ____D C:\Users\GPontis\AppData\Local\Newsbin
2016-07-02 07:54 - 2013-03-12 14:55 - 00004556 _____ C:\Users\GPontis\AppData\Roaming\LTspiceIV.ini
2016-07-01 09:52 - 2015-05-30 18:59 - 00003700 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-587778828-1590401162-796269308-1000
2016-07-01 09:52 - 2014-07-17 13:06 - 00003604 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-587778828-1590401162-796269308-1000
2016-06-27 06:34 - 2013-03-08 16:56 - 26558464 _____ C:\Users\GPontis\Desktop\Business & Home.QDF
2016-06-27 06:06 - 2013-03-17 15:09 - 02923664 _____ C:\Users\GPontis\Desktop\Business & HomeOFXLOG.DAT
2016-06-25 08:17 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-06-24 16:14 - 2016-02-26 14:34 - 00000000 ____D C:\Users\GPontis\AppData\Roaming\TortoiseSVN
2016-06-23 16:42 - 2014-05-14 16:32 - 00000000 ___HD C:\__Previews
2016-06-21 14:35 - 2013-08-10 20:03 - 00000000 ____D C:\Users\GPontis\Documents\Electronics
2016-06-21 12:13 - 2010-11-20 20:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-20 08:23 - 2009-07-13 21:45 - 00439984 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-20 08:11 - 2013-07-11 07:45 - 00000000 ____D C:\Windows\system32\MRT
2016-06-20 08:08 - 2013-01-14 22:13 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-18 14:55 - 2015-10-27 20:24 - 00002162 _____ C:\Users\GPontis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-06-18 14:55 - 2015-10-27 20:24 - 00000000 ___RD C:\Users\GPontis\OneDrive
2016-06-18 14:55 - 2015-10-27 20:14 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-18 14:47 - 2013-02-17 23:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-06-18 14:15 - 2013-01-15 13:42 - 00000000 ____D C:\Users\GPontis\AppData\Local\Microsoft Help
2016-06-16 12:47 - 2013-07-06 12:42 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-16 12:47 - 2013-07-06 12:42 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-16 12:47 - 2013-07-06 12:42 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-14 12:48 - 2013-01-14 22:42 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-06-12 14:59 - 2013-04-09 19:44 - 00000000 ____D C:\Users\GPontis\Desktop\BACKUP

==================== Files in the root of some directories =======

2015-11-19 10:40 - 2015-11-19 10:42 - 0038467 _____ () C:\Users\GPontis\AppData\Roaming\Comma Separated Values.ADR
2013-03-12 14:55 - 2016-07-02 07:54 - 0004556 _____ () C:\Users\GPontis\AppData\Roaming\LTspiceIV.ini
2013-05-08 20:51 - 2013-05-08 20:52 - 125814851 _____ () C:\Users\GPontis\AppData\Roaming\SecureFX.dmp
2013-01-14 22:40 - 2015-07-22 13:45 - 0007672 _____ () C:\Users\GPontis\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\Public\SP6920102.exe

Some files in TEMP:
====================
C:\Users\GPontis\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\GPontis\AppData\Local\Temp\BCUpdate.exe
C:\Users\GPontis\AppData\Local\Temp\PATCH72n-ADIsimPE.exe
C:\Users\GPontis\AppData\Local\Temp\vlc-2.2.4-win32.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-07-07 20:04

==================== End of FRST.txt ============================

Attached Files


Edited by gpontis, 09 July 2016 - 01:47 PM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:24 PM

Posted 10 July 2016 - 07:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [No File]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\GPontis\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\GPontis\AppData\Local\Temp\BCUpdate.exe
C:\Users\GPontis\AppData\Local\Temp\PATCH72n-ADIsimPE.exe
C:\Users\GPontis\AppData\Local\Temp\vlc-2.2.4-win32.exe
C:\Users\Public\SP6920102.exe
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please post the logs and include the Addition.txt file that was created by the Farbar tool.

Please let me know if the problem persists with this computer.

p.s.
I have found the Addition.txt file in your duplicate post.
Wait before proceeding with this fix.

Edited by nasdaq, 10 July 2016 - 08:06 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:24 PM

Posted 10 July 2016 - 07:55 AM


The Addition.txt file copied from the duplicate post.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2016
Ran by GPontis (2016-07-09 08:44:45)
Running from C:\Users\GPontis\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2013-01-15 04:46:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-587778828-1590401162-796269308-500 - Administrator - Disabled)
GPontis (S-1-5-21-587778828-1590401162-796269308-1000 - Administrator - Enabled) => C:\Users\GPontis
Guest (S-1-5-21-587778828-1590401162-796269308-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-587778828-1590401162-796269308-1002 - Limited - Enabled)
___VMware_Conv_SA___ (S-1-5-21-587778828-1590401162-796269308-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2Tware Convert VHD version 1.0 (HKLM-x32\...\{035AAB33-A39C-4112-8A70-DA9C05622D4B}_is1) (Version: 1.0 - 2Tware Tech Development Co., Ltd.)
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Acronis True Image 2015 (HKLM-x32\...\{35CFA5F4-EE2D-4B13-AAED-BC643B6874B5}Visible) (Version: 18.0.6613 - Acronis)
Acronis True Image 2015 (x32 Version: 18.0.6613 - Acronis) Hidden
ADIsimPE (HKLM-x32\...\InstallShield_{FF7CB1E5-0A09-4F3F-AAAE-60992F074F82}) (Version: 7.20 - SIMetrix Technologies Ltd)
ADIsimPE (x32 Version: 7.20 - SIMetrix Technologies Ltd) Hidden
ADIsimPLL Ver 4.00 (HKLM-x32\...\ADIsimPLL 4.00_is1) (Version: 4.00 - Applied Radio Labs)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.16 - Adobe Systems)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Photoshop Elements 14 (HKLM-x32\...\{49F8D229-3E0E-4F43-8429-EB8F2583DB19}) (Version: 14.1 - Adobe Systems Incorporated)
Altium Designer 15 (HKLM-x32\...\Altium Designer {2C781B1C-F373-4D80-8503-52BAFDFE95D2}) (Version: 15.1.15.50867 - Altium Limited)
Altium Designer 16 (HKLM-x32\...\Altium Designer {F663DC9E-3996-405D-A5B5-03BD5D75DC8A}) (Version: 16.0.9.368 - Altium Limited)
Amazon Music (HKU\S-1-5-21-587778828-1590401162-796269308-1000\...\Amazon Amazon Music) (Version: 4.0.0.1205 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Beyond Compare 4.1.3 (HKLM\...\BeyondCompare4_is1) (Version: 4.1.3.20814 - Scooter Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cadence Allegro Free Physical Viewers 16.6 (HKLM-x32\...\{2BB61CCF-BB29-42C1-A313-CF4CC2B924B2}) (Version: 16.6.0 - Cadence Design Systems)
Cadence License Manager 12.01 (HKLM-x32\...\{2A83C3BE-15D0-4AFD-8F23-FD7B6E5BBD97}) (Version: 12.01.0000 - Cadence Design Systems)
Cadence SPB/OrCAD 16.6 (HKLM-x32\...\{4CA5F148-A11D-4D37-A2D3-CCFC671F113C}) (Version: 16.60.031 - Cadence Design Systems, Inc.)
Canon MF Toolbox 4.9.1.1.mf13 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf13 - CANON INC.)
Canon MF8300C Series (HKLM\...\{DB3D2C81-EF11-4b1f-9B55-3959AEE09E55}) (Version: 3.9.0.0 - CANON INC.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Clock Design Tool 1.3.5 (HKLM-x32\...\Clock Design Tool_is1) (Version: - Texas Instruments)
Crystal Reports 2008 Runtime (HKLM-x32\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.0.0.683 - Business Objects)
Digilent Software (HKLM-x32\...\Digilent Software) (Version: 1.0.203 - Digilent, Inc.)
EMET 5.5 (HKLM-x32\...\{E27E74F0-0EAD-4C5D-8F6F-1C9192D24AA5}) (Version: 5.5 - Microsoft Corporation)
Explorer Suite III (HKLM\...\Explorer Suite_is1) (Version: - )
Free FLAC to MP3 Converter 1.0 (HKLM-x32\...\{A54C01BD-1277-4722-B42B-EC9800A90B1E}_is1) (Version: - PolySoft Solutions)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
GoToMeeting 7.20.0.5174 (HKU\S-1-5-21-587778828-1590401162-796269308-1000\...\GoToMeeting) (Version: 7.20.0.5174 - CitrixOnline)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Jot+ Notes 3.6.0 (HKLM-x32\...\JotNotes3_is1) (Version: 3.6.0 - King Stairs Software)
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 16.0.0.1344 - Kaspersky Lab) Hidden
Kaspersky Software Updater Beta (HKLM-x32\...\InstallWIX_{94C8D443-1D07-4E6D-A9EB-FDBA45A839D8}) (Version: 1.5.2.228 - Kaspersky Lab)
Kaspersky Software Updater Beta (x32 Version: 1.5.2.228 - Kaspersky Lab) Hidden
LTspice IV (HKLM-x32\...\LTspice IV) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mentor Graphics Products (HKLM-x32\...\MentorGraphicsJI) (Version: 5.1-018 - Mentor Graphics Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6965.2058 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-587778828-1590401162-796269308-1000\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.6965.2058 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Newsbin Pro (HKLM\...\Newsbin6) (Version: 6.70 - DJI Interprises, LLC)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.91 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.91 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Opera Stable 38.0.2220.41 (HKLM-x32\...\Opera 38.0.2220.41) (Version: 38.0.2220.41 - Opera Software)
Password Recovery Bundle 2012 (HKLM-x32\...\Password Recovery Bundle 2012) (Version: 3.0.0.2 - Daossoft)
PixeLINK Camera Kit 4.2 - Release 8.7.1 (HKLM-x32\...\PixeLINK Camera Kit 4.2_is1) (Version: - PixeLINK)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.8.1 - Intuit)
Quicken 2016 (HKLM-x32\...\{519B4ED1-AF5F-4812-B2A8-B18D783AEFE8}) (Version: 25.1.6.5 - Intuit)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
Saturn PCB Toolkit V6.88 (HKLM-x32\...\{90C1AA78-7BF5-487E-BE3B-0BF6553CFE83}) (Version: 6.88 - Saturn PCB Design, Inc.)
ScopeIIR 5.0 (HKLM-x32\...\{24EA9772-D7EF-48B1-B8DA-CBCE04981A1B}) (Version: 5.0 - Iowegian)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - Silicon Laboratories)
SiliconBlue Tech iCEcable (Driver Removal) (HKLM-x32\...\SIUSBXP&10C4&84E4) (Version: - SiliconBlue Technologies Corporation)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.3 - Sophos Limited)
Source Insight 3.5 (HKLM-x32\...\Source Insight 3.5) (Version: - Source Dynamics, Inc.)
SpamSource (HKLM-x32\...\SpamSource) (Version: 5.0.0.120 - Daedalus Software, LLC)
SpamSource (Version: 5.0.0.120 - Daedalus Software, LLC) Hidden
SpO2 Assistant V2.4 (HKLM-x32\...\SpO2 Assistant_is1) (Version: - )
TeighaX 3.09 (HKLM-x32\...\{3D63579F-2398-418B-9227-A852FB201D2D}) (Version: 3.9.0 - Open Design Alliance)
Tina 9 - TI (HKLM-x32\...\{BAB9C867-6971-43ED-A201-F8269F796FBE}) (Version: 9.00.000 - DesignSoft)
TortoiseSVN 1.9.4.27285 (64 bit) (HKLM\...\{62C19AB2-8485-4E18-A9D3-EFA612B8AE74}) (Version: 1.9.27285 - TortoiseSVN)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Ultra Librarian (HKLM-x32\...\Product_Name) (Version: - )
VanDyke Software SecureCRT and SecureFX 7.0 (HKLM\...\{B550477D-EC35-44CC-A033-013A72CECC66}) (Version: 7.0.0 - VanDyke Software, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VMware Player (HKLM\...\{537B7F85-2B95-44ED-8D90-765F6F36D666}) (Version: 12.1.1 - VMware, Inc.)
VMware vCenter Converter Standalone (HKLM-x32\...\{EDF0C1D5-D980-48F9-BA19-0ECEDEF8C5D4}) (Version: 5.0.0.470252 - VMware, Inc.)
Xilinx Design Tools ISE WebPACK 14.7 (C:\Xilinx\14.7\ISE_DS) (HKLM\...\Xilinx Design Tools ISE WebPACK 14.7) (Version: - Xilinx, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-587778828-1590401162-796269308-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\GPontis\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-587778828-1590401162-796269308-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\GPontis\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-587778828-1590401162-796269308-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\GPontis\AppData\Local\Citrix\GoToMeeting\4800\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {012F11E6-2A8C-45C1-B7F4-B8EFA76AC399} - System32\Tasks\G2MUpdateTask-S-1-5-21-587778828-1590401162-796269308-1000 => C:\Users\GPontis\AppData\Local\Citrix\GoToMeeting\5174\g2mupdate.exe [2016-07-01] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {258CFEA5-EAB6-4CCC-861D-A21E7DDD1D0A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-06-18] (Microsoft Corporation)
Task: {2D315370-ED98-40EA-98AD-0896E034E029} - System32\Tasks\G2MUploadTask-S-1-5-21-587778828-1590401162-796269308-1000 => C:\Users\GPontis\AppData\Local\Citrix\GoToMeeting\5174\g2mupload.exe [2016-07-01] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {313BB893-477A-4106-86A6-BAA53371D208} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {45B2D482-4A14-43DB-B6D5-C4B5AD1C4CEC} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {512483EE-6FDF-4C37-AF36-191FF608FC9F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {5362579A-C690-4009-9A16-9502C689216F} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {5A40C521-6F10-460D-A242-17DD06A77530} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {99166DCF-1754-4A14-9923-85042C948B7A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-16] (Adobe Systems Incorporated)
Task: {B38CEB87-BFD7-410A-9BD3-78DEE08ECDB1} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {BA49CCB8-76DF-4EC2-9001-050445DB4A9E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {BC0CE0FE-422E-4FDA-9DCD-780AA1F893D7} - System32\Tasks\AdobeAAMUpdater-1.0-El_Negro-GPontis => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-07-29] (Adobe Systems Incorporated)
Task: {C79AB7D2-5D7B-4E4D-9C38-AEC3D9A06DAD} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {CF9C3EA5-8867-442B-9671-07F5D81B4E43} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-06-18] (Microsoft Corporation)
Task: {DF7D9143-3C25-4BD6-A6F5-16F9A281EA41} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-06-18] (Microsoft Corporation)
Task: {EA7F574D-66A8-4CA2-8146-07623A042A35} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {F3D03701-419C-40E2-89F9-8F8D80AC01A1} - System32\Tasks\Opera scheduled Autoupdate 1389809592 => C:\Program Files (x86)\Opera\launcher.exe [2016-07-01] (Opera Software)
Task: {FAA2FC2C-54A6-47F3-A86A-6E3B01DC3F5D} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-07-17] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-587778828-1590401162-796269308-1000.job => C:\Users\GPontis\AppData\Local\Citrix\GoToMeeting\5174\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-587778828-1590401162-796269308-1000.job => C:\Users\GPontis\AppData\Local\Citrix\GoToMeeting\5174\g2mupload.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-09-17 14:54 - 2015-11-05 08:13 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-24 16:07 - 2016-04-24 16:07 - 00094672 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2016-06-18 14:51 - 2016-06-18 14:51 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-07-17 14:57 - 2015-07-17 14:57 - 08817658 _____ () C:\Program Files\pia_manager\pia_manager.exe
2015-08-01 10:35 - 2015-12-14 17:43 - 05890368 _____ () C:\Users\GPontis\AppData\Local\Amazon Music\Amazon Music Helper.exe
2013-07-25 13:29 - 2012-06-07 15:58 - 03028992 _____ () C:\Cadence\LicenseManager\cdslmd.exe
2015-07-17 14:57 - 2015-07-17 14:57 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
2011-08-19 20:53 - 2011-08-19 20:53 - 00085616 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\mspack.dll
2011-08-19 20:52 - 2011-08-19 20:52 - 01234544 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\libxml2.dll
2011-08-19 20:51 - 2011-08-19 20:51 - 00541808 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\sqlite3.dll
2016-04-14 17:17 - 2016-04-14 17:17 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2015-09-17 14:55 - 2015-08-26 17:37 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-07-20 09:08 - 2015-07-20 09:08 - 00037696 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2015-07-20 09:08 - 2015-07-20 09:08 - 00034624 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2015-07-20 09:15 - 2015-07-20 09:15 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2015-07-20 09:10 - 2015-07-20 09:10 - 00129344 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\EXPAT.dll
2016-07-09 07:41 - 2016-07-09 07:41 - 00012800 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr48D2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00009728 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr48D2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00014848 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr48D2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00094208 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr48D2.tmp\src\rgloader\rgloader193.mswin.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00009216 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr48D2.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00094208 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr48D2.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00126976 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr48D2.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00087552 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr48D2.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00016384 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr48D2.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00127316 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr48D2.tmp\bin\libffi-6.dll
2016-07-09 07:41 - 2016-07-09 07:41 - 00008704 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr48D2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00013312 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr48D2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00095744 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr48D2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00026624 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr48D2.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00012800 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr68C0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00009728 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr68C0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00014848 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr68C0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00094208 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr68C0.tmp\src\rgloader\rgloader193.mswin.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00094208 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr68C0.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00118784 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr68C0.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00069120 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr68C0.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00083968 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr68C0.tmp\bin\zlib1.dll
2016-07-09 07:41 - 2016-07-09 07:41 - 00026624 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr68C0.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00275968 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr68C0.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00015360 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr68C0.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00008192 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr68C0.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00009216 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr68C0.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00023552 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr68C0.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00008704 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr68C0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00008704 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr68C0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00008704 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr68C0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00008704 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr68C0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00036352 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr68C0.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00126976 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr68C0.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00087552 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr68C0.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00016384 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr68C0.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00127316 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr68C0.tmp\bin\libffi-6.dll
2016-07-09 07:41 - 2016-07-09 07:41 - 00013312 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr68C0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00095744 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr68C0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2016-07-09 07:41 - 2016-07-09 07:41 - 00026624 _____ () C:\Users\GPontis\AppData\Local\Temp\ocr68C0.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2015-07-17 14:57 - 2015-07-17 14:57 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
2015-07-17 14:57 - 2015-07-17 14:57 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
2015-07-17 14:57 - 2015-07-17 14:57 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
2015-07-17 14:57 - 2015-07-17 14:57 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
2015-07-17 14:57 - 2015-07-17 14:57 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
2015-07-17 14:57 - 2015-07-17 14:57 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
2015-07-17 14:57 - 2015-07-17 14:57 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
2015-07-17 14:57 - 2015-07-17 14:57 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
2015-07-17 14:57 - 2015-07-17 14:57 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
2015-07-17 14:57 - 2015-07-17 14:57 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
2015-07-17 14:57 - 2015-07-17 14:57 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
2015-07-17 14:57 - 2015-07-17 14:57 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
2015-07-17 14:57 - 2015-07-17 14:57 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
2015-12-15 13:38 - 2015-12-15 13:38 - 00326112 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2016-06-02 18:06 - 2016-06-02 18:06 - 45077376 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libcef.dll
2015-10-27 16:44 - 2015-10-27 16:44 - 00404952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\ipm_service.dll
2016-07-07 07:06 - 2016-07-07 07:06 - 67945512 _____ () C:\Program Files (x86)\Opera\38.0.2220.41\opera.dll
2016-07-07 07:06 - 2016-07-07 07:06 - 02203176 _____ () C:\Program Files (x86)\Opera\38.0.2220.41\libglesv2.dll
2016-07-07 07:06 - 2016-07-07 07:06 - 00087080 _____ () C:\Program Files (x86)\Opera\38.0.2220.41\libegl.dll
2016-06-02 18:06 - 2016-06-02 18:06 - 01650560 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libglesv2.dll
2016-06-02 18:06 - 2016-06-02 18:06 - 00082304 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libegl.dll
2016-06-18 14:47 - 2016-06-18 14:48 - 03540680 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\gfx.dll
2010-12-01 12:07 - 2010-12-01 12:07 - 00483328 _____ () C:\Program Files\SpamSource\adxloader.dll
2013-06-20 10:05 - 2013-06-20 10:05 - 00286720 _____ () C:\Users\GPontis\AppData\Local\assembly\dl3\4ZG71CVP.JDH\J6HG5O12.WQZ\1ecb2d46\0027718c_f57fc801\Interop.Outlook.DLL
2016-06-18 14:47 - 2016-06-18 14:48 - 01061576 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll
2016-06-18 14:51 - 2016-06-18 14:52 - 00519872 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\msfad.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0A26B6B7 [164]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-587778828-1590401162-796269308-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\GPontis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{99F547D5-73BA-467F-8B3B-0D3E0255233D}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{47CAD427-FFEC-456B-8C05-F5D3F106502B}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{A1EA5F8F-DDFD-417B-8C13-77BB547FF109}] => (Allow) C:\Program Files\Newsbin\newsbinpro64.exe
FirewallRules: [{FD9B42DD-857A-4334-99A7-67A56083F466}] => (Allow) C:\Program Files\Newsbin\newsbinpro64.exe
FirewallRules: [{12E21EBD-B2A3-42B1-A705-BE69B87D6004}] => (Allow) C:\Program Files\Newsbin\newsbinpro64.exe
FirewallRules: [TCP Query User{2198D5AE-AEAB-4DB2-89B6-46CCE8B32D14}C:\program files (x86)\altium\ad13\dxp.exe] => (Block) C:\program files (x86)\altium\ad13\dxp.exe
FirewallRules: [UDP Query User{4FCB4311-8400-4466-9F34-01A7F295B2D2}C:\program files (x86)\altium\ad13\dxp.exe] => (Block) C:\program files (x86)\altium\ad13\dxp.exe
FirewallRules: [TCP Query User{41E7E522-2A50-468E-A442-4C82D04B7BE1}C:\xilinx\14.4\ise_ds\ise\bin\nt64\unwrapped\isimgui.exe] => (Block) C:\xilinx\14.4\ise_ds\ise\bin\nt64\unwrapped\isimgui.exe
FirewallRules: [UDP Query User{DD4D4085-CEE3-4E45-87BE-9AFC6900C380}C:\xilinx\14.4\ise_ds\ise\bin\nt64\unwrapped\isimgui.exe] => (Block) C:\xilinx\14.4\ise_ds\ise\bin\nt64\unwrapped\isimgui.exe
FirewallRules: [{CC0DC3F1-3771-4621-952B-E51F6C22C3DA}] => (Allow) C:\Cadence\LicenseManager\dailmd.exe
FirewallRules: [{B3EF7206-CF5D-4287-B26D-4F533071953D}] => (Allow) C:\Cadence\LicenseManager\altosda.exe
FirewallRules: [{326740F3-E16A-41CB-896E-ACBA301A7EB1}] => (Allow) C:\Cadence\LicenseManager\axislmd.exe
FirewallRules: [{2E11335C-F4B5-4C9B-89F1-18485CD3110F}] => (Allow) C:\Cadence\LicenseManager\cdslmd.exe
FirewallRules: [{BBF86C6E-7753-4B0F-9771-A1F9BBED96F0}] => (Allow) C:\Cadence\LicenseManager\ambitd.exe
FirewallRules: [{DFFE1B1F-7013-4A25-912D-01FB98DF1D2A}] => (Allow) C:\Cadence\LicenseManager\dsmtlmd.exe
FirewallRules: [{1293C878-518D-4913-ACFF-86134C6B5127}] => (Allow) C:\Cadence\LicenseManager\cadmosd.exe
FirewallRules: [{B3B8406A-EDC6-42E8-9EEC-EA6722E3B0D1}] => (Allow) C:\Cadence\LicenseManager\alta.exe
FirewallRules: [{1380A605-564F-4459-AEB1-4567CE0C6815}] => (Allow) C:\Cadence\LicenseManager\g2c_d.exe
FirewallRules: [{56177A88-DE13-43B6-AF7E-954C98D09D28}] => (Allow) C:\Cadence\LicenseManager\CKOUT.exe
FirewallRules: [{6B70C4B3-9AA2-4C74-9848-ED596EC7D020}] => (Allow) C:\Cadence\LicenseManager\hlds.exe
FirewallRules: [{FE32444F-0F23-4516-930D-B8581FED301D}] => (Allow) C:\Cadence\LicenseManager\installs.exe
FirewallRules: [{E706AE5D-72B2-4C4D-A44E-1D1552566BF9}] => (Allow) C:\Cadence\LicenseManager\LicenseClientConfiguration.exe
FirewallRules: [{6AC39053-C5C9-4180-ADD0-2EA786D1AD94}] => (Allow) C:\Cadence\LicenseManager\k2techld.exe
FirewallRules: [{86FA4870-2174-4127-8DF3-6A4224281264}] => (Allow) C:\Cadence\LicenseManager\LicenseServerConfiguration.exe
FirewallRules: [{230BA69F-AC46-45DE-80EE-1424CCFC8390}] => (Allow) C:\Cadence\LicenseManager\lmCheckExpiration.exe
FirewallRules: [{0612EDA9-34AC-44FB-8E0E-0A06FCEAD7F0}] => (Allow) C:\Cadence\LicenseManager\lmgrd.exe
FirewallRules: [{6A7EC965-671C-4554-AAC6-03D66A259B25}] => (Allow) C:\Cadence\LicenseManager\lmtools.exe
FirewallRules: [{177765FC-5BBE-4B71-AD47-FFC65DC537F1}] => (Allow) C:\Cadence\LicenseManager\lmutil.exe
FirewallRules: [{AEB5A3C8-5C14-43EF-93A8-586FE3CAE4E4}] => (Allow) C:\Cadence\LicenseManager\NEOLINLD.exe
FirewallRules: [{597C0A8C-BBE1-4261-AF5A-6CECA00398AA}] => (Allow) C:\Cadence\LicenseManager\perf_test.exe
FirewallRules: [{2640D3BD-94A7-4EB0-9A61-8E5030BE7489}] => (Allow) C:\Cadence\LicenseManager\platod.exe
FirewallRules: [{E05FC7CF-3FAE-4984-8BCB-C39B3D188597}] => (Allow) C:\Cadence\LicenseManager\qtdaemon.exe
FirewallRules: [{E32C8EB2-0B43-4FCA-8CA1-BDB8BFD597AE}] => (Allow) C:\Cadence\LicenseManager\qtrekd.exe
FirewallRules: [{6BF5FE04-7267-46AC-A296-3F9B1563BCA8}] => (Allow) C:\Cadence\LicenseManager\sigrity.exe
FirewallRules: [{130300EB-A780-4433-BAF6-3BDF546C960D}] => (Allow) C:\Cadence\LicenseManager\simplexlmd.exe
FirewallRules: [{97BC7862-DE89-46A5-B533-AA156921C43A}] => (Allow) C:\Cadence\LicenseManager\spdaemon.exe
FirewallRules: [{9166CA0A-643F-4DCC-86B8-10D38548442A}] => (Allow) C:\Cadence\LicenseManager\speedd.exe
FirewallRules: [{CE3ADEC4-5480-42F2-8EEA-D0177F52DA9A}] => (Allow) C:\Cadence\LicenseManager\verisityd.exe
FirewallRules: [{DE8BDC17-A35B-4A3A-AE69-6DFF3B80FF78}] => (Allow) C:\Cadence\LicenseManager\verplex.exe
FirewallRules: [{885066B9-A617-43B3-849B-024B112B43E3}] => (Allow) C:\Cadence\LicenseManager\flexid\FLEXId_Dongle_Driver_Installer.exe
FirewallRules: [{599F0879-D0CB-43B5-B06F-51048DAE2042}] => (Allow) LPort=5280
FirewallRules: [{6BE42C5F-21FC-425A-A765-06B677794261}] => (Allow) LPort=3000
FirewallRules: [{7B00D475-ADEB-44BF-A037-4C3CEA2DCF7B}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{19D639C1-FF3D-446E-8C23-61BDD9FBC0A2}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{505CC45A-F556-4C86-B79D-41E73757CDE9}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{DA6CD2F2-89D6-4914-AFFC-029891698104}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{6CF65C96-A4FE-4B3A-B8E2-A4566DDDD0A8}] => (Allow) C:\Cadence\SPB_16.6\tools\pcb\bin\allegro_viewer_plus.exe
FirewallRules: [{7C3DD1D1-018B-442C-BF58-A4504D858DA5}] => (Allow) C:\Cadence\SPB_16.6\tools\pcb\bin\smpd.exe
FirewallRules: [{7D7E93AD-485E-4680-9509-6D63C994AC24}] => (Allow) C:\Cadence\SPB_16.6\tools\pcb\bin\mpiexec.exe
FirewallRules: [{309039C0-4646-491A-A8CC-CBEC9B2A86A7}] => (Allow) C:\Cadence\SPB_16.6\tools\pcb\bin\ems3d.exe
FirewallRules: [{02C4F160-7E7F-4160-B041-1BD2E18E539E}] => (Allow) C:\Cadence\SPB_16.6\tools\pcb\bin\sigwave.exe
FirewallRules: [{01E0FF13-A363-40BC-A341-E3D99AD4AAAB}] => (Allow) C:\Cadence\SPB_16.6\tools\pcb\bin\sigxsect.exe
FirewallRules: [{A14FA83B-E5C7-4A46-9BA8-FD415E8F6191}] => (Allow) C:\Cadence\SPB_16.6\tools\pcb\bin\productserver.exe
FirewallRules: [{DD7786D7-FD93-445B-A709-909DEC2EEEA9}] => (Allow) C:\Cadence\SPB_16.6\openaccess\bin\win32\opt\oadmturboserver.exe
FirewallRules: [{D9A4D724-4F75-42EC-B0D2-214C2DADD602}] => (Allow) C:\Cadence\SPB_16.6\OpenAccess\bin\win32\opt\oaFSLockD.exe
FirewallRules: [{09017CDC-756A-42B6-8E7D-36FAFBF48989}] => (Allow) C:\Cadence\SPB_16.6\tools\bin\cdsmsgserver.exe
FirewallRules: [{D7424CAA-B8A1-4B3F-B8D6-E6BE0696E5EE}] => (Allow) C:\Cadence\SPB_16.6\tools\bin\cdsnameserver.exe
FirewallRules: [{C6E8715E-BE35-4A63-A062-F08AC3F966AF}] => (Allow) C:\Cadence\SPB_16.6\tools\bin\cdsmps.exe
FirewallRules: [{4CF16326-D786-4C10-9002-449787F237A5}] => (Allow) C:\Cadence\SPB_16.6\tools\jre\bin\javaw.exe
FirewallRules: [{9DCB6497-1C08-4A67-98BC-DBACD9180841}] => (Allow) C:\Cadence\SPB_16.6\tools\bin\clsbd.exe
FirewallRules: [{59C914B3-CFAC-4781-979F-905F996B1B93}] => (Allow) C:\Cadence\SPB_16.6\tools\capture\Capture.exe
FirewallRules: [{E2959A53-7C6D-4B17-8B65-65BD4FB0F422}] => (Allow) C:\Cadence\SPB_16.6\tools\pcb\bin\allegro_viewer_plus.exe
FirewallRules: [{D87F4CA9-970F-4431-ACDC-DEF68D5A647A}] => (Allow) C:\Cadence\SPB_16.6\tools\pcb\bin\smpd.exe
FirewallRules: [{49B2B1C6-C553-4319-9AE8-12E853F61A03}] => (Allow) C:\Cadence\SPB_16.6\tools\pcb\bin\mpiexec.exe
FirewallRules: [{6EBF4842-A55C-4FB5-B5A0-A3583E155864}] => (Allow) C:\Cadence\SPB_16.6\tools\pcb\bin\ems3d.exe
FirewallRules: [{93B312CA-4209-47C5-82F5-8949B962F69F}] => (Allow) C:\Cadence\SPB_16.6\tools\pcb\bin\sigwave.exe
FirewallRules: [{762D2BAF-AC5A-4444-9FE1-D52EE4EF92FB}] => (Allow) C:\Cadence\SPB_16.6\tools\pcb\bin\sigxsect.exe
FirewallRules: [{BCA6D5B4-A6B9-4378-8AF7-AC059623F366}] => (Allow) C:\Cadence\SPB_16.6\tools\pcb\bin\productserver.exe
FirewallRules: [{416BDDB0-4669-40EE-859F-6FC319866675}] => (Allow) C:\Cadence\SPB_16.6\openaccess\bin\win32\opt\oadmturboserver.exe
FirewallRules: [{5115B35F-9D33-4B57-8B06-D53B0AD5A71D}] => (Allow) C:\Cadence\SPB_16.6\OpenAccess\bin\win32\opt\oaFSLockD.exe
FirewallRules: [{E1DEB440-102B-43C1-81EA-E913AD4247F6}] => (Allow) C:\Cadence\SPB_16.6\tools\bin\cdsmsgserver.exe
FirewallRules: [{FCA72E91-3A27-4A85-9F84-0AD147846C9C}] => (Allow) C:\Cadence\SPB_16.6\tools\bin\cdsnameserver.exe
FirewallRules: [{B5D2E1F1-ECFC-4E45-815D-38E356B5290B}] => (Allow) C:\Cadence\SPB_16.6\tools\bin\cdsmps.exe
FirewallRules: [{F87A8DEE-FC3B-4528-B587-8D8D4EF08C43}] => (Allow) C:\Cadence\SPB_16.6\tools\jre\bin\javaw.exe
FirewallRules: [{D4D1ACB2-B3DD-4613-BA6B-2C475D5952D0}] => (Allow) C:\Cadence\SPB_16.6\tools\bin\clsbd.exe
FirewallRules: [{843905F1-75DC-4452-822C-5B57006C30C6}] => (Allow) C:\Cadence\SPB_16.6\tools\capture\Capture.exe
FirewallRules: [TCP Query User{9D0B4F68-E621-4D9A-B919-39575F4F5FA2}C:\lscc\icecube2.2013.12\synpbase\win64\mbin\synbatch.exe] => (Block) C:\lscc\icecube2.2013.12\synpbase\win64\mbin\synbatch.exe
FirewallRules: [UDP Query User{D22177B9-D13A-4921-990E-BCD8C0CA9890}C:\lscc\icecube2.2013.12\synpbase\win64\mbin\synbatch.exe] => (Block) C:\lscc\icecube2.2013.12\synpbase\win64\mbin\synbatch.exe
FirewallRules: [TCP Query User{57B4CE68-6016-4139-9DFF-3B54CE5E730E}C:\lscc\icecube2.2013.12\sbt_backend\bin\win32\opt\oafslockd.exe] => (Block) C:\lscc\icecube2.2013.12\sbt_backend\bin\win32\opt\oafslockd.exe
FirewallRules: [UDP Query User{47EDF94D-1651-4A3C-8798-7BC9E2268E7A}C:\lscc\icecube2.2013.12\sbt_backend\bin\win32\opt\oafslockd.exe] => (Block) C:\lscc\icecube2.2013.12\sbt_backend\bin\win32\opt\oafslockd.exe
FirewallRules: [TCP Query User{05173327-69C7-44DF-A68B-DC22F6526845}C:\program files (x86)\altium\ad14\dxp.exe] => (Block) C:\program files (x86)\altium\ad14\dxp.exe
FirewallRules: [UDP Query User{E23A47BB-9F3D-42C1-917A-FB64A8FA365D}C:\program files (x86)\altium\ad14\dxp.exe] => (Block) C:\program files (x86)\altium\ad14\dxp.exe
FirewallRules: [TCP Query User{99D8037F-4C86-4A9E-8E94-ACF716345BB1}C:\lscc\icecube2.2014.04\synpbase\win64\mbin\synbatch.exe] => (Block) C:\lscc\icecube2.2014.04\synpbase\win64\mbin\synbatch.exe
FirewallRules: [UDP Query User{AA3BB7D5-D1B6-4E68-A0CA-24A996349C45}C:\lscc\icecube2.2014.04\synpbase\win64\mbin\synbatch.exe] => (Block) C:\lscc\icecube2.2014.04\synpbase\win64\mbin\synbatch.exe
FirewallRules: [{9E953F69-68C6-4548-BF97-58A548B99FFA}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{9B3FBFC0-4F78-4F66-B410-06DCE87602C2}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [TCP Query User{8D11FBF6-3602-4773-9165-D613C12FB349}C:\lscc\icecube2.2014.04\sbt_backend\bin\win32\opt\oafslockd.exe] => (Block) C:\lscc\icecube2.2014.04\sbt_backend\bin\win32\opt\oafslockd.exe
FirewallRules: [UDP Query User{E38EDD18-6454-453B-8E20-D3720449D778}C:\lscc\icecube2.2014.04\sbt_backend\bin\win32\opt\oafslockd.exe] => (Block) C:\lscc\icecube2.2014.04\sbt_backend\bin\win32\opt\oafslockd.exe
FirewallRules: [TCP Query User{D5DA818C-7D6B-4598-BAD4-4B2DE36D4F94}C:\program files (x86)\altium\ad14.3\dxp.exe] => (Block) C:\program files (x86)\altium\ad14.3\dxp.exe
FirewallRules: [UDP Query User{F57918FC-D168-4EB8-AD81-8BA7B99B55EC}C:\program files (x86)\altium\ad14.3\dxp.exe] => (Block) C:\program files (x86)\altium\ad14.3\dxp.exe
FirewallRules: [TCP Query User{2ECFFFD6-3C2A-41F9-AA77-AD0DC585E771}C:\program files (x86)\altium\ad15\dxp.exe] => (Block) C:\program files (x86)\altium\ad15\dxp.exe
FirewallRules: [UDP Query User{619140EC-C8B8-49BB-AC1A-A3C240AAF9CA}C:\program files (x86)\altium\ad15\dxp.exe] => (Block) C:\program files (x86)\altium\ad15\dxp.exe
FirewallRules: [{CFE9E6DD-9F57-4498-9D4C-161A46D13E42}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{1477EE7E-3503-41E7-A6D4-1CEF56E0F3B7}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{CD873B83-E193-4C0E-81B9-39B2B7674925}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{2F67A73C-0A10-4478-827E-7EB4CFF8CAAE}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{EF32E540-E5C0-4B2B-8491-3FC21C707B73}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1A6DF675-833E-45D4-BE47-D62A210281AC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{907AF18A-8018-44F6-B6E3-0157223A3B7C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{43F6AC3E-93CA-469F-968A-85001C5FCD9A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{BA6FDF24-B8A4-4641-9D8C-1750F3DDDD15}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{050EA5C4-A6F1-4800-92A7-F7C428329E31}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AAA1FB51-D0D0-4D64-BC5B-B8E288945103}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{92638B0D-DD2C-4CEC-BABE-20FD1BCE2F16}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DA6B6DFD-4F48-44A3-AB2B-F980D744AE12}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{88781376-EDA3-4420-8E78-4B86BB7A2162}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8D6F1D5C-8DA1-4264-8712-9119DAE61BDC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{53249F23-77B1-465F-8E59-3014148067EE}] => (Allow) LPort=9089
FirewallRules: [{49EC3B3E-8EA5-468A-B759-A7C2187DDED0}] => (Allow) LPort=56789
FirewallRules: [{27FB5AC3-B00A-400C-93C3-9E729E4798ED}] => (Allow) C:\Users\GPontis\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [TCP Query User{57DC5892-DA52-4046-A7AC-8AB65B37652F}C:\xilinx\14.7\ise_ds\ise\bin\nt64\unwrapped\isimgui.exe] => (Block) C:\xilinx\14.7\ise_ds\ise\bin\nt64\unwrapped\isimgui.exe
FirewallRules: [UDP Query User{72A67AD3-B44C-4E4B-A776-1F3B577CED87}C:\xilinx\14.7\ise_ds\ise\bin\nt64\unwrapped\isimgui.exe] => (Block) C:\xilinx\14.7\ise_ds\ise\bin\nt64\unwrapped\isimgui.exe
FirewallRules: [TCP Query User{6E4B7DDD-25CB-44B6-A531-E4CC60973FE0}C:\program files (x86)\altium\ad16\dxp.exe] => (Block) C:\program files (x86)\altium\ad16\dxp.exe
FirewallRules: [UDP Query User{CA0F970C-C4D0-4D5C-8B40-F88AB16669DD}C:\program files (x86)\altium\ad16\dxp.exe] => (Block) C:\program files (x86)\altium\ad16\dxp.exe
FirewallRules: [{F619195C-9547-4FED-8940-03AE6918928B}] => (Allow) C:\Program Files\Newsbin\newsbinpro64.exe
FirewallRules: [{6A5A3216-FF39-4EBF-A90D-2AF2E9FD2789}] => (Allow) C:\Program Files\Newsbin\newsbinpro64.exe
FirewallRules: [{B94DD145-A8C1-4AB5-BE9A-C7B8A3ABAC63}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{39872CEC-A93F-48DB-BB4E-8E3F5F782710}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{10441A4B-3110-4A79-8D28-8CBA6A723BFE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{1EE132C3-D764-4D6A-88FF-FAF277599FA0}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

24-06-2016 08:36:04 Windows Update
24-06-2016 11:44:34 Windows Update
28-06-2016 09:48:23 Windows Update
05-07-2016 10:07:52 Scheduled Checkpoint
06-07-2016 08:41:01 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/09/2016 07:43:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/08/2016 07:14:13 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (07/08/2016 07:14:13 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {A8A8B86E-54E5-46F9-9F7D-4DE6921C1E03}

Error: (07/08/2016 07:14:13 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {A8A8B86E-54E5-46F9-9F7D-4DE6921C1E03}

Error: (07/08/2016 10:15:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8003

Error: (07/08/2016 10:15:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8003

Error: (07/08/2016 10:15:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/08/2016 10:15:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7005

Error: (07/08/2016 10:15:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7005

Error: (07/08/2016 10:15:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (07/05/2016 09:59:27 PM) (Source: DCOM) (EventID: 10016) (User: El_Negro)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}El_NegroGPontisS-1-5-21-587778828-1590401162-796269308-1000LocalHost (Using LRPC)

Error: (07/05/2016 09:59:27 PM) (Source: DCOM) (EventID: 10016) (User: El_Negro)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}El_NegroGPontisS-1-5-21-587778828-1590401162-796269308-1000LocalHost (Using LRPC)

Error: (07/05/2016 12:58:20 PM) (Source: DCOM) (EventID: 10016) (User: El_Negro)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}El_NegroGPontisS-1-5-21-587778828-1590401162-796269308-1000LocalHost (Using LRPC)

Error: (07/05/2016 12:58:20 PM) (Source: DCOM) (EventID: 10016) (User: El_Negro)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}El_NegroGPontisS-1-5-21-587778828-1590401162-796269308-1000LocalHost (Using LRPC)

Error: (07/03/2016 10:54:39 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (07/03/2016 10:54:34 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (07/03/2016 10:54:29 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (07/03/2016 10:54:24 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (07/03/2016 10:54:19 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (07/02/2016 07:30:34 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.


CodeIntegrity:
===================================
Date: 2013-08-12 08:15:51.179
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-12 08:15:51.159
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-12 08:15:51.129
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksdf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-12 08:15:51.109
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksdf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-05 08:35:12.328
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-05 08:35:12.308
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-05 08:35:12.288
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksdf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-05 08:35:12.268
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksdf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-29 14:00:10.097
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-29 14:00:10.077
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Xeon® CPU E3-1245 V2 @ 3.40GHz
Percentage of memory in use: 24%
Total physical RAM: 16351.1 MB
Available physical RAM: 12272.1 MB
Total Virtual: 32700.39 MB
Available Virtual: 27835.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.84 GB) (Free:238.5 GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:665.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: 7947C24C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=476.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F12B08AA)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#5 gpontis

gpontis
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 10 July 2016 - 11:19 AM

Hello nasdaq,

 

Thanks so much for your help. Eventually I was able to find the source of the outgoing connection attempts. They were coming from a program ( PIA ) that I no longer use, and the vendor had a good explanation for what it was doing. I uninstalled the program and the connection attempts went away. I think that all is well now.

 

George



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:24 PM

Posted 10 July 2016 - 01:02 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users