Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something creating folders and junk files on my local drives


  • This topic is locked This topic is locked
11 replies to this topic

#1 gigaboy

gigaboy

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 28 January 2017 - 12:42 PM

First of all, thank you for your support!

Haven't had a virus/malware/spyware for about 9 years +, and this one's got me stumped.  I wish I could be more descriptive in the topic title on this.  I've spend several days on line searching using various terms without a whole lot of success.

 

Background:  Windows 10 Pro 64-bit, 32 mb RAM, fully patched.  Bit Defender 2017 AV running.  Problem has been going on for a few weeks.  Have a hardware firewall (pfSense), which is properly configured and has been tested against holes.

 

The Problem:  Windows starts normally.  A moment or two after login, a couple of folders appear in each of the connected LOCAL hard drives, with bogus files.  Folder almost always appear at the first and last alphabetical listings, with different junk files in each of the folders (see annotated screenshot, fileexplorer.jpg, attached).  

 

If I delete these folders, within a few minutes they reappear, named slightly differently, and with different named bogus files inside each of the folders (the files always seem to have a mix of mdb, doc, docx, xls, xlsx, and a txt file inside).

 

If I do not delete these folders, the files contained within will change at an irregular interval, either on their only, or by a cold or warm reboot.

 

These do not appear to affect system performance much.  I found a lot of other malware on the system which I have (I think) removed (more on that in a moment).

 

What I've Done to Attempt Removal:  When I first discovered this, the system was running somewhat slow and sometimes jerky responsiveness (moving the mouse or typing).  I have use the following tools (sometimes repeatedly), which has made the system response, but has not removed the problem that has initiated this forum request.  These are shown in no particular order.

  • Malwarebytes
  • Hitman Pro
  • Ad-Aware
  • Bit Defender Total Security 2017 (my default AV), full scan
  • CCleaner (registry cleaner and crap cleaner)
  • Jv16 Power Tools (registry cleaner)
  • Trend Micro Security (temporarily removed Bit Defender, and ran a full scan)
  • ByteFence
  • CKScanner
  • Emsisoft Emergency Kit
  • Eset Powerlikscleaner
  • Windows Malicious Software Removal Tool
  • Junkware removal tool
  • AdwCleaner
  • Farbor Recovery Scanner
  • Temp File Cleaner
  • Microsoft Safety Scanner
  • RKill
  • TDSKiller (Kasperky)
  • Eset Scanner
  •  

I've also looked for any running processes that would be suspect, using Task Manager and SysInternals Suite (didn't find any).  Also, looked at Event Viewer, a lot of errors there, but I could corroborate those to the problem at hand.  Unless there's something directly applicable to Event Viewer that related to this problem, I'll deal with that later.

 

The FRST.txt log is below.  Thanks again for your help!!

Mark

 

+++++++++++++++++++++++++

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-01-2017 01
Ran by Mark (administrator) on MARK-PC (28-01-2017 10:52:27)
Running from C:\Users\Mark\Desktop\Utilities\Security\Security Tools
Loaded Profiles: Mark (Available Profiles: Mark)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Launch8\Launch8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Launch8\Launch8_64.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start10\Start10_64.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
() C:\Program Files\UCT\HDR Express\HDRExpressService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Microsoft) C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe
(TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
() C:\Program Files\Everything\Everything.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(SanDisk) C:\Program Files (x86)\SanDisk\SSD Dashboard\SanDiskSSDDashboardService.exe
() C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.08.15\AsusFanControlService.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Plantronics, Inc.) C:\Program Files (x86)\Plantronics\Spokes3G\SpokesUpdateService.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.23\aaHMSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(GP Software) C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
() C:\Program Files (x86)\DavidRM Software\The Journal 7\Journal7.exe
() C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\AsPowerBar.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 13\Snagit32.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 13\SnagPriv.exe
(GP Software) C:\Program Files\GPSoftware\Directory Opus\dopus.exe
() C:\Program Files (x86)\Axonic\Lookeen\LookeenDesktopSearch64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE
() C:\Program Files (x86)\TaskCoach\taskcoach.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 13\SnagitEditor.exe
() C:\Program Files\Everything\Everything.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Sand Studio) C:\Program Files (x86)\AirDroid\AirDroid.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Plantronics, Inc.) C:\Program Files (x86)\Plantronics\Spokes3G\PLTHub.exe
(Acresso Corporation) F:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office16\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdwtxcr.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(FastStone Soft) C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe
(Proxima Software) C:\Program Files (x86)\FontExpert\FontExpert.exe
(Micro Fox Software) C:\Program Files (x86)\Screen Ruler\sruler.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office16\ONENOTE.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office16\WINWORD.EXE
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe InDesign CC 2017\InDesign.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe InDesign CC 2017\Resources\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe InDesign CC 2017\Resources\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe InDesign CC 2017\Resources\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe InDesign CC 2017\Resources\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe InDesign CC 2017\Resources\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe InDesign CC 2017\Resources\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe InDesign CC 2017\Resources\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe InDesign CC 2017\Resources\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe InDesign CC 2017\Resources\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Users\Mark\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Swiftpage ACT! LLC) C:\Program Files (x86)\ACT\Act for Windows\Act!.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE
(Ventis Media Inc.) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [jv16 PT 2017 (System Startup Check)] => C:\Program Files (x86)\jv16 PowerTools 2017\jv16pt_PreWorker2.exe [329112 2017-01-15] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [jv16 PT 2017 (Startup Optimizer)] => C:\Program Files (x86)\jv16 PowerTools 2017\jv16pt_PreWorker2.exe [329112 2017-01-15] ()
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2867712 2017-01-09] (Dominik Reichl)
HKLM-x32\...\Run: [FontExpertType1Loader] => C:\Program Files (x86)\FontExpert\Type1Loader.exe [382496 2016-09-30] (Proxima Software)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2016-12-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-02-27] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe [38288 2012-07-17] (Mindjet)
HKLM-x32\...\Run: [Act.Outlook.Service] => C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe [18944 2015-02-20] (Swiftpage ACT! LLC)
HKLM-x32\...\Run: [Act! Preloader] => C:\Program Files (x86)\ACT\Act for Windows\Act!.exe [268984 2015-02-20] (Swiftpage ACT! LLC)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [588288 2016-01-08] (Nikon Corporation)
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-706286989-1995884848-404660261-1001\...\Run: [IBP] => [X]
HKU\S-1-5-21-706286989-1995884848-404660261-1001\...\Run: [Directory Opus Desktop Dblclk] => C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe [694136 2016-12-06] (GP Software)
HKU\S-1-5-21-706286989-1995884848-404660261-1001\...\Run: [Amazon Music] => C:\Users\Mark\AppData\Local\Amazon Music\Amazon Music Helper.exe [3493864 2017-01-11] ()
HKU\S-1-5-21-706286989-1995884848-404660261-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-706286989-1995884848-404660261-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-706286989-1995884848-404660261-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-706286989-1995884848-404660261-1001\...\Policies\Explorer: [NoDrives] 2
HKU\S-1-5-21-706286989-1995884848-404660261-1001\...\MountPoints2: {0ef54511-c3f4-11e6-9bce-f832e4bed24a} - "M:\VZW_Software_upgrade_assistant.exe" 
ShellExecuteHooks: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [1808248 2016-12-06] (GP Software)
ShellExecuteHooks-x32: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll [381304 2016-12-06] (GP Software)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Act! Integration.lnk [2016-12-26]
ShortcutTarget: Act! Integration.lnk -> C:\Program Files (x86)\ACT\Act for Windows\Act!.Integration.exe (Swiftpage ACT! LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2017-01-08]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2016-12-25]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-12-25]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-12-25]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\The Journal 7.lnk [2016-12-23]
ShortcutTarget: The Journal 7.lnk -> C:\Program Files (x86)\DavidRM Software\The Journal 7\Journal7.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TSC_SI_13.lnk [2017-01-24]
ShortcutTarget: TSC_SI_13.lnk -> C:\Program Files (x86)\TechSmith\Snagit 13\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory Opus (Startup).lnk [2016-12-22]
ShortcutTarget: Directory Opus (Startup).lnk -> C:\Program Files\GPSoftware\Directory Opus\dopus.exe (GP Software)
Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lookeen.lnk [2016-12-26]
ShortcutTarget: Lookeen.lnk -> C:\Program Files (x86)\Axonic\Lookeen\LookeenDesktopSearch.exe ()
Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-01-27]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Task Coach.lnk [2016-12-23]
ShortcutTarget: Task Coach.lnk -> C:\Program Files (x86)\TaskCoach\taskcoach.exe ()
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220
Tcpip\..\Interfaces\{8ea44489-2dea-4ea2-9337-d54205cbb74d}: [DhcpNameServer] 208.67.222.222 208.67.220.220
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-706286989-1995884848-404660261-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2017-01-13] (Bitdefender)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-07-12] (Nuance Communications, Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-16] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2017-01-13] (Bitdefender)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-07-12] (Nuance Communications, Inc.)
BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll [2012-07-17] (Mindjet)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-16] (Microsoft Corporation)
BHO-x32: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile -> {D5233FCD-D258-4903-89B8-FB1568E7413D} -> C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2017-01-13] (Bitdefender)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2017-01-13] (Bitdefender)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll [2015-02-27] (Intuit, Inc.)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll No File
 
FireFox:
========
FF DefaultProfile: 0tlckiof.default
FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\0tlckiof.default [2017-01-26]
FF Extension: (Download Manager (S3)) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\0tlckiof.default\Extensions\s3download@statusbar.xpi [2016-12-23]
FF Extension: (All-in-One Sidebar) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\0tlckiof.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2016-12-23]
FF Extension: (Empty Cache Button) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\0tlckiof.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2016-12-23]
FF Extension: (Video DownloadHelper) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\0tlckiof.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-01-09]
FF Extension: (Flash and Video Download) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\0tlckiof.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2017-01-09]
FF Extension: (Web Developer) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\0tlckiof.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2016-12-23]
FF Extension: (Tab Mix Plus) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\0tlckiof.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-12-23]
FF Extension: (DownThemAll!) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\0tlckiof.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-12-23]
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-01-12]
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff [2017-01-19]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext [2017-01-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-24] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2017-01-08] (LastPass)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-07-12] (Nuance Communications, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-24] ()
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2015-12-21] ( Sanford L.P.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-20] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2017-01-08] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-07-12] (Nuance Communications, Inc.)
FF Plugin HKU\S-1-5-21-706286989-1995884848-404660261-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Mark\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-01-19] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-09-13] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://www.trendmicro.com/favicon.ico
CHR DefaultSearchKeyword: Default -> lp
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\WidevineCdm\1.4.8.903\_platform_specific\win_x64\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.166\pepflashplayer.dll => No File
CHR Profile: C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default [2017-01-28]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2017-01-25]
CHR Extension: (Web Developer) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2017-01-26]
CHR Extension: (Adguard AdBlocker) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2017-01-26]
CHR Extension: (OneTab) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-01-25]
CHR Extension: (PerfectPixel by WellDoneCode) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkaagdgjmgdmbnecmcefdhjekcoceebi [2017-01-26]
CHR Extension: (Adobe Acrobat) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-25]
CHR Extension: (Accessibility Developer Tools) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpkknkljclfencbdbgkenhalefipecmb [2017-01-26]
CHR Extension: (Bitdefender Wallet) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2017-01-26]
CHR Extension: (OneNote Web Clipper) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojbdfnpnhogfdgjbigejoaolejmgdhk [2017-01-26]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-01-27]
CHR Extension: (WORM_OTORUN.XXQK - Threat Encyclopedi...) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\kokboemjghjohbohpdadekehocmklgmd [2017-01-25]
CHR Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2017-01-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-25]
CHR Extension: (Responsive Web Design Tester) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\objclahbaimlfnbjdeobicmmlnbhamkg [2017-01-26]
CHR Extension: (Print Friendly & PDF) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2017-01-26]
CHR Extension: (Check My Links) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojkcdipcgfaekbeaelaapakgnjflfglf [2017-01-26]
CHR Extension: (Chrome Media Router) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-25]
CHR Profile: C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-01-25]
CHR Extension: (Context) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aalnjolghjkkogicompabhhbbkljnlka [2016-10-30]
CHR Extension: (No Name) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-30]
CHR Extension: (ShowIp) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\agoljmemkbciolpigpabjfkagboolkcj [2016-10-30]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2016-10-30]
CHR Extension: (No Name) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-30]
CHR Extension: (No Name) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-30]
CHR Extension: (No Name) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-10-30]
CHR Extension: (Signal Private Messenger) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bikioccmkafdpakkkcpdbppfkghcmihk [2016-10-30]
CHR Extension: (No Name) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-30]
CHR Extension: (Bible) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\boljbeanmjklkbfnppfedajbgeongccb [2016-10-30]
CHR Extension: (OneTab) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-10-30]
CHR Extension: (Clear Cache) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [2016-10-30]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2016-10-30]
CHR Extension: (Session Buddy) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2016-10-30]
CHR Extension: (WebRTC Leak Prevent) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eiadekoaikejlgdbkbdfeijglgfdalml [2016-10-30]
CHR Extension: (Video Downloader professional) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-10-30]
CHR Extension: (Avast SafePrice) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-10-30]
CHR Extension: (No Name) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-30]
CHR Extension: (Full Screen Weather) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2016-10-30]
CHR Extension: (EditThisCookie) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2016-10-30]
CHR Extension: (HTTPS Everywhere) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-10-30]
CHR Extension: (No Name) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-30]
CHR Extension: (Click&Clean) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2016-10-30]
CHR Extension: (Avast Online Security) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-30]
CHR Extension: (Open SEO Stats(Formerly: PageRank Status)) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hbdkkfheckcdppiaiabobmennhijkknn [2016-10-30]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-10-30]
CHR Extension: (No Name) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hgmnkflcjcohihpdcniifjbafcdelhlm [2016-10-30]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2016-10-30]
CHR Extension: (New Tab Page by Speed Dial Team) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\idgeoanibcknhniccgaoaiolihidecjn [2016-10-30]
CHR Extension: (No Name) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihklobncbkangkiiamccfgnlihbmjhlh [2016-10-30]
CHR Extension: (No Name) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ikmbfplognnkimohjlbkandjcgclnele [2016-10-30]
CHR Extension: (Cookies) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iphcomljdfghbkdcfndaijbokpgddeno [2016-10-30]
CHR Extension: (No Name) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2016-10-30]
CHR Extension: (Personal Trainer) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kmgohkgndpahjklgpdihieeedjeneoke [2016-10-30]
CHR Extension: (SeoStack Keyword Tool) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\labjajhkfjfncpiddbgdimcaldgeognn [2016-10-30]
CHR Extension: (Skype) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-30]
CHR Extension: (Wordtracker Scout) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lkalodfoplipapmeogaehmiabdhhjapb [2016-10-30]
CHR Extension: (Frontest) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lkpidflkblcpnhpfdpgiabaadlfddmbd [2016-10-30]
CHR Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2016-10-30]
CHR Extension: (Extensions Manager (aka Switcher)) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lpleipinonnoibneeejgjnoeekmbopbc [2016-10-30]
CHR Extension: (Is It Cached?) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\naikbjeckbmjhngcejdmcjhoedhckglk [2016-10-30]
CHR Extension: (No Name) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nlfbhphohgafllkjnakmdppmmkjfbnke [2016-10-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-30]
CHR Extension: (Responsive Web Design Tester) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\objclahbaimlfnbjdeobicmmlnbhamkg [2016-10-30]
CHR Extension: (Cache Hit or Miss) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oldiaemlpkhoeaebcigcpdfdjdhobelo [2016-10-30]
CHR Extension: (No Name) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-10-30]
CHR Extension: (No Name) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-30]
CHR Extension: (Chrome Media Router) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-30]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ActService; C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [27136 2015-02-20] (Microsoft) [File not signed]
R2 ActSmartTaskService; C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [27136 2015-02-20] (Microsoft) [File not signed]
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2016-12-15] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.23\aaHMSvc.exe [963536 2016-04-18] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-07-22] () [File not signed]
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.08.15\AsusFanControlService.exe [419288 2016-05-27] (ASUSTeK Computer Inc.)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2297104 2015-10-12] (Broadcom Corporation.)
R2 CybereasonRansomFree; C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [18368 2017-01-24] (Cybereason)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-27] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-27] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-01-04] (Dropbox, Inc.)
R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [100448 2016-11-29] (Bitdefender)
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-12] (Nuance Communications, Inc.)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33520 2015-12-21] (Sanford, L.P.)
R2 Everything; C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] () [File not signed]
R2 HDRExpressService; C:\Program Files\UCT\HDR Express\HDRExpressService.exe [32440 2012-08-07] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-12-15] (Intel Corporation)
R2 Launch8; C:\Program Files (x86)\Stardock\Launch8\Launch8Srv.exe [274088 2015-08-24] (Stardock Software, Inc)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3877768 2016-12-12] (Paramount Software UK Ltd)
S3 MBAMService; C:\LRB\Malwarebytes\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-11] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-11] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-11] (NVIDIA Corporation)
R2 PlantronicsUpdateService; C:\Program Files (x86)\Plantronics\Spokes3G\SpokesUpdateService.exe [1803320 2016-11-01] (Plantronics, Inc.)
R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [1113008 2016-07-27] (Cyber Power Systems, Inc.)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1100392 2016-10-28] (Bitdefender)
R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [251832 2010-12-02] (arvato digital services llc)
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [2458112 2016-11-30] (Trend Micro Inc.)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-02-27] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2011-08-19] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-08-19] (Intuit Inc.) [File not signed]
R2 SamsungUPDUtilSvc; C:\WINDOWS\SysWoW64\SecUPDUtilSvc.exe [118576 2014-11-26] ()
R2 SanDisk SSD Dashboard Service; C:\Program Files (x86)\SanDisk\SSD Dashboard\SanDiskSSDDashboardService.exe [373760 2016-10-10] (SanDisk) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-12-15] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
R2 Start10; C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe [219664 2015-02-03] (Stardock Software, Inc)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-14] (TechSmith Corporation)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe [218416 2017-01-06] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe [1526528 2017-01-26] (Bitdefender)
R2 vsservp; C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe [524872 2016-08-25] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2016-12-15] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-24] ()
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1605376 2016-09-20] (BitDefender)
R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [878072 2016-09-20] (BitDefender)
S3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [227144 2015-10-12] (Broadcom Corporation.)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23672 2016-03-14] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [128400 2016-06-24] (BitDefender LLC)
R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [182944 2016-10-29] (BitDefender LLC)
R0 ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [309280 2016-11-17] (Bitdefender)
R3 kmloop; C:\WINDOWS\System32\drivers\loop.sys [16384 2016-07-16] (Microsoft Corporation)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-01-25] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [81232 2016-12-15] (Insecure.Com LLC.)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3f929cc119e3b994\nvlddmkm.sys [14200880 2016-12-12] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-12-11] (NVIDIA Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 TotRec8; C:\WINDOWS\system32\drivers\TotRec8.sys [126080 2015-10-20] (High Criteria inc.)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [520032 2016-06-22] (BitDefender S.R.L.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-01-24] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-01-24] (Zemana Ltd.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
U4 npcap_wifi; no ImagePath
U2 TMAgent; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-28 09:22 - 2017-01-28 09:22 - 00000122 _____ C:\Users\Mark\Downloads\10 - Start A Fire.m3u
2017-01-28 09:08 - 2017-01-28 09:08 - 00511043 _____ C:\Users\Akrxr\GLCwnPapZ.xlsx
2017-01-28 09:08 - 2017-01-28 09:08 - 00508059 _____ C:\Users\QmDRs\covering-fighting-convinced.xlsx
2017-01-28 09:08 - 2017-01-28 09:08 - 00212919 _____ C:\Users\Akrxr\pianofamiliardesignedelder.mdb
2017-01-28 09:08 - 2017-01-28 09:08 - 00205913 _____ C:\Users\QmDRs\solely_transform_influence.mdb
2017-01-28 09:08 - 2017-01-28 09:08 - 00076119 _____ C:\Users\Akrxr\hggnUwhGJA.xls
2017-01-28 09:08 - 2017-01-28 09:08 - 00071846 _____ C:\Users\QmDRs\cooperation sleeping admission material.xls
2017-01-28 09:08 - 2017-01-28 09:08 - 00051160 _____ C:\Users\Akrxr\VNwv.pem
2017-01-28 09:08 - 2017-01-28 09:08 - 00050589 _____ C:\Users\QmDRs\lXcBXmb.pem
2017-01-28 09:08 - 2017-01-28 09:08 - 00033227 _____ C:\Users\Akrxr\qYF.txt
2017-01-28 09:08 - 2017-01-28 09:08 - 00022744 _____ C:\Users\QmDRs\natural frustrate.sql
2017-01-28 09:08 - 2017-01-28 09:08 - 00014811 _____ C:\Users\Akrxr\locked.diameter.marginal.controlling.sql
2017-01-28 09:08 - 2017-01-28 09:08 - 00013159 _____ C:\Users\QmDRs\completelyfreelylanguage.txt
2017-01-28 09:08 - 2017-01-28 09:08 - 00000000 __SHD C:\Users\Mark\Desktop\ This folder protects against ransomware. Modifying it will reduce protection
2017-01-28 09:08 - 2017-01-28 09:08 - 00000000 ___HD C:\Users\QmDRs
2017-01-28 09:08 - 2017-01-28 09:08 - 00000000 ___HD C:\Users\Mark\Documents\Umirror219
2017-01-28 09:08 - 2017-01-28 09:08 - 00000000 ___HD C:\Users\Mark\Documents\ABvalues34
2017-01-28 09:08 - 2017-01-28 09:08 - 00000000 ___HD C:\Users\Akrxr
2017-01-28 09:08 - 2017-01-28 09:08 - 00000000 ____D C:\Z97Fuser70
2017-01-28 09:08 - 2017-01-28 09:08 - 00000000 ____D C:\Alog125
2017-01-27 15:41 - 2017-01-27 15:41 - 00001521 _____ C:\Users\Mark\Downloads\addtrustexternalcaroot.crt
2017-01-27 15:40 - 2017-01-27 15:40 - 00003309 _____ C:\Users\Mark\Downloads\[new]instantssl_26may.ca-bundle
2017-01-27 10:59 - 2017-01-27 10:59 - 00460873 _____ C:\Users\Mark\Downloads\Yealink SIP-T48S Datasheet.pdf
2017-01-27 09:36 - 2017-01-27 09:36 - 02747372 _____ C:\Users\Mark\Downloads\themeforest-12528341-zebre-minimal-agency-porfolio-wp-theme-file-and-license20170127-27599-1mqc7th.zip
2017-01-26 05:17 - 2017-01-26 05:17 - 00056831 _____ C:\ProgramData\dm.1485425823.bdinstall.bin
2017-01-26 05:17 - 2017-01-26 05:17 - 00040699 _____ C:\ProgramData\dm.1485425841.bdinstall.bin
2017-01-26 05:16 - 2017-01-26 05:31 - 00003406 _____ C:\WINDOWS\System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C
2017-01-26 05:16 - 2017-01-26 05:16 - 00382187 _____ C:\ProgramData\cl.1485425676.bdinstall.bin
2017-01-26 05:16 - 2017-01-26 05:16 - 00000684 ____H C:\bdr-cf01
2017-01-26 05:16 - 2017-01-26 05:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2017
2017-01-26 05:16 - 2016-09-20 04:17 - 01605376 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2017-01-26 05:16 - 2016-09-20 04:16 - 00878072 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2017-01-26 05:16 - 2016-03-14 22:04 - 00023672 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2017-01-26 05:16 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
2017-01-26 05:15 - 2017-01-26 05:16 - 00253404 ____H C:\bdr-ld01
2017-01-26 05:15 - 2017-01-26 05:16 - 00009216 ____H C:\bdr-ld01.mbr
2017-01-26 05:15 - 2016-11-17 05:00 - 00309280 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2017-01-26 05:15 - 2016-10-18 11:51 - 49758588 ____H C:\bdr-im01.gz
2017-01-26 05:15 - 2013-08-13 13:38 - 03271472 ____H C:\bdr-bz01
2017-01-26 05:14 - 2017-01-26 05:17 - 00000000 ____D C:\Program Files\Bitdefender
2017-01-26 05:14 - 2017-01-26 05:14 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2017-01-26 05:14 - 2016-10-29 08:54 - 00182944 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2017-01-26 05:14 - 2016-06-22 14:40 - 00520032 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2017-01-26 05:12 - 2017-01-26 05:12 - 00029120 _____ C:\ProgramData\agent.1485425561.bdinstall.bin
2017-01-26 04:58 - 2017-01-26 04:58 - 00000085 _____ C:\WINDOWS\wininit.ini
2017-01-25 22:34 - 2017-01-26 05:09 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-25 22:08 - 2017-01-25 22:08 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-01-25 21:36 - 2017-01-25 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2017-01-25 21:36 - 2017-01-25 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
2017-01-25 21:36 - 2017-01-25 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-01-25 21:36 - 2017-01-25 21:36 - 00000000 ____D C:\Program Files (x86)\FFMPEG Core Files
2017-01-25 21:36 - 2017-01-25 21:36 - 00000000 ____D C:\Program Files (x86)\ffdshow
2017-01-25 21:36 - 2017-01-25 21:36 - 00000000 ____D C:\Program Files (x86)\AC3Filter
2017-01-25 21:36 - 2017-01-25 21:36 - 00000000 ____D C:\Program Files (x86)\7-Zip
2017-01-25 21:36 - 2014-09-29 12:23 - 00112640 _____ C:\WINDOWS\SysWOW64\ff_vfw.dll
2017-01-25 21:35 - 2017-01-25 22:31 - 00000000 ____D C:\ProgramData\Zoom Player
2017-01-25 21:35 - 2017-01-25 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom Player
2017-01-25 21:35 - 2017-01-25 21:35 - 00000000 ____D C:\Program Files (x86)\Zoom Player
2017-01-25 21:23 - 2017-01-25 21:23 - 00028060 _____ C:\ProgramData\agent.1485397388.bdinstall.bin
2017-01-25 18:50 - 2017-01-25 18:50 - 00000000 ____D C:\Program Files (x86)\ESET
2017-01-25 17:56 - 2017-01-25 17:56 - 00003794 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2017-01-25 17:31 - 2017-01-25 19:13 - 00000010 _____ C:\Users\Mark\AppData\Local\sponge.last.runtime.cache
2017-01-25 16:52 - 2017-01-25 16:52 - 02870984 _____ (ESET) C:\Users\Mark\Downloads\esetsmartinstaller_enu.exe
2017-01-25 16:24 - 2017-01-26 09:09 - 00000000 ____D C:\Users\Mark\AppData\Local\DP_Tower_3.7
2017-01-25 16:24 - 2017-01-26 05:04 - 00000000 ____D C:\Program Files\Trend Micro
2017-01-25 16:24 - 2017-01-26 05:03 - 00000000 ____D C:\ProgramData\Trend Micro
2017-01-25 16:24 - 2017-01-25 16:35 - 00000000 ____D C:\ProgramData\TMDP_Log
2017-01-25 16:24 - 2017-01-25 16:24 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Trend Micro
2017-01-25 16:24 - 2017-01-25 16:24 - 00000000 ____D C:\ProgramData\TMDP_Setup
2017-01-25 16:24 - 2017-01-25 16:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Password Manager
2017-01-25 16:23 - 2017-01-25 16:23 - 00000036 _____ C:\Users\Mark\AppData\Local\housecall.guid.cache
2017-01-25 16:08 - 2017-01-25 16:08 - 00003119 _____ C:\Users\Mark\Desktop\WORM_OTORUN.XXQK - Threat Encyclopedi.._.lnk
2017-01-25 10:59 - 2017-01-25 10:59 - 00165376 _____ C:\Users\Mark\Downloads\SystemLook_x64.exe
2017-01-25 10:54 - 2017-01-28 10:52 - 00000000 ____D C:\FRST
2017-01-25 10:40 - 2017-01-25 10:40 - 00003550 _____ C:\Users\Mark\Desktop\Rkill.txt
2017-01-25 10:25 - 2017-01-26 05:02 - 00000000 ____D C:\Users\Mark\AppData\Local\Trend Micro
2017-01-25 10:24 - 2017-01-25 16:25 - 00000000 ____D C:\ProgramData\Trend Micro Installer
2017-01-25 09:13 - 2017-01-25 08:24 - 00000017 _____ C:\Users\Mark\Desktop\Clipboard Text.txt
2017-01-25 07:36 - 2017-01-25 07:35 - 00355473 _____ C:\Users\Mark\Desktop\1485314572_1_02.xml
2017-01-24 21:21 - 2017-01-24 21:21 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\2CD93CCC.sys
2017-01-24 21:21 - 2017-01-24 21:21 - 00002092 _____ C:\Users\Public\Desktop\JRT.txt
2017-01-24 21:18 - 2017-01-24 21:18 - 00000000 ____D C:\itok
2017-01-24 21:14 - 2017-01-24 21:18 - 00000000 ____D C:\LRB
2017-01-24 21:14 - 2017-01-24 21:14 - 00000000 ____D C:\Program Files\Fish Software
2017-01-24 21:14 - 2017-01-24 21:14 - 00000000 ____D C:\Bask
2017-01-24 20:34 - 2017-01-24 20:37 - 00000000 ____D C:\EEK
2017-01-24 20:28 - 2017-01-24 20:28 - 28628979 _____ C:\Users\Mark\Downloads\7StepsDSGandDNewman.pdf
2017-01-24 20:28 - 2017-01-24 20:28 - 02679330 _____ C:\Users\Mark\Downloads\7StepsCheatSheet.pdf
2017-01-24 20:10 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-24 20:10 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 19:56 - 2017-01-24 19:56 - 01865768 _____ (LogMeIn, Inc.) C:\Users\Mark\Downloads\Support-LogMeInRescue.exe
2017-01-24 18:00 - 2017-01-24 18:00 - 00000000 ____D C:\Users\Mark\Documents\Add-in Express
2017-01-24 18:00 - 2017-01-24 18:00 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
2017-01-24 16:36 - 2017-01-24 16:36 - 00000000 ____D C:\ProgramData\ProductData
2017-01-24 16:13 - 2017-01-26 09:08 - 00013344 _____ C:\bdlog.txt
2017-01-24 16:04 - 2017-01-24 16:08 - 699286043 _____ C:\Users\Mark\Downloads\GMT20170124-155933_Virtial-me_gallery_1280x720.mp4
2017-01-24 16:04 - 2017-01-24 16:06 - 510366959 _____ C:\Users\Mark\Downloads\GMT20170124-155933_Virtial-me_640x360.mp4
2017-01-24 16:04 - 2017-01-24 16:05 - 45708464 _____ C:\Users\Mark\Downloads\GMT20170124-155933_Virtial-me.m4a
2017-01-24 15:44 - 2017-01-28 10:52 - 11305378 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-01-24 15:44 - 2017-01-28 10:52 - 10794743 _____ C:\WINDOWS\ZAM.krnl.trace
2017-01-24 15:44 - 2017-01-24 15:44 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-01-24 15:44 - 2017-01-24 15:44 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-01-24 15:44 - 2017-01-24 15:44 - 00000000 ____D C:\Users\Mark\AppData\Local\Zemana
2017-01-24 14:45 - 2017-01-24 16:38 - 00000000 ____D C:\Users\Mark\AppData\Temp
2017-01-24 14:36 - 2017-01-25 10:30 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2017-01-24 14:23 - 2017-01-24 14:37 - 00000000 ____D C:\ProgramData\HitmanPro
2017-01-24 14:23 - 2017-01-24 14:23 - 00000000 ____D C:\Program Files\HitmanPro
2017-01-24 14:13 - 2017-01-24 14:13 - 00000000 ____D C:\Users\Mark\Documents\Snagit
2017-01-24 13:57 - 2017-01-24 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cybereason RansomFree
2017-01-23 15:18 - 2017-01-23 15:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-23 15:06 - 2017-01-24 13:57 - 00004090 _____ C:\WINDOWS\System32\Tasks\Cybereason RansomFree Keepalive
2017-01-23 15:06 - 2017-01-24 13:57 - 00003196 _____ C:\WINDOWS\System32\Tasks\Cybereason RansomFree Autostart
2017-01-23 15:06 - 2017-01-23 15:06 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Cybereason
2017-01-23 15:06 - 2017-01-23 15:06 - 00000000 ____D C:\Users\Mark\AppData\Local\Cybereason
2017-01-23 15:06 - 2017-01-23 15:06 - 00000000 ____D C:\ProgramData\Cybereason
2017-01-23 15:06 - 2017-01-23 15:06 - 00000000 ____D C:\Program Files (x86)\Cybereason
2017-01-22 17:45 - 2017-01-28 10:00 - 00000618 _____ C:\Users\Mark\AppData\Roaming\pacemaker.ini
2017-01-22 17:45 - 2017-01-22 17:45 - 00000010 _____ C:\Users\Mark\AppData\Roaming\pacemaker_songparams.txt
2017-01-22 17:38 - 2017-01-22 17:38 - 00450893 _____ C:\Users\Mark\Downloads\PaceMaker plug-in install 2.7.3.exe
2017-01-22 13:26 - 2017-01-22 13:26 - 00000000 ____D C:\ProgramData\Nikon
2017-01-22 12:49 - 2017-01-22 12:49 - 00001024 _____ C:\.rnd
2017-01-22 12:49 - 2017-01-22 12:49 - 00000000 ____D C:\ProgramData\Paessler
2017-01-22 12:49 - 2017-01-22 12:49 - 00000000 ____D C:\Program Files\WinPcap
2017-01-20 22:12 - 2017-01-21 17:51 - 713031680 _____ C:\Users\Mark\Downloads\CentOS-7-x86_64-Minimal-1611.iso
2017-01-20 12:55 - 2017-01-20 12:55 - 00000000 ____D C:\Users\Mark\AppData\Local\KeyMissionUtility
2017-01-20 12:54 - 2017-01-20 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2
2017-01-20 12:54 - 2017-01-20 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon
2017-01-20 12:54 - 2017-01-20 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyMission Utility
2017-01-20 12:54 - 2017-01-20 12:54 - 00000000 ____D C:\Program Files (x86)\Nikon
2017-01-20 04:16 - 2017-01-20 04:16 - 00192660 _____ C:\Users\Mark\Downloads\jefferson120201741638.pdf
2017-01-19 16:15 - 2017-01-26 16:47 - 00003816 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-706286989-1995884848-404660261-1001
2017-01-19 16:15 - 2017-01-26 16:47 - 00003720 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-706286989-1995884848-404660261-1001
2017-01-19 16:15 - 2017-01-26 16:47 - 00000668 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-706286989-1995884848-404660261-1001.job
2017-01-19 16:15 - 2017-01-26 16:47 - 00000572 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-706286989-1995884848-404660261-1001.job
2017-01-19 16:15 - 2017-01-19 16:15 - 00000000 ____D C:\Users\Mark\AppData\Local\Citrix
2017-01-19 11:40 - 2017-01-19 11:40 - 00000000 ____D C:\Users\Mark\dwhelper
2017-01-19 07:50 - 2017-01-19 07:50 - 02303409 _____ C:\Users\Mark\Downloads\ProsperityPrayer.pdf
2017-01-18 17:30 - 2017-01-20 04:03 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2017-01-18 17:30 - 2017-01-20 04:03 - 00000000 ____D C:\Users\Mark\AppData\Roaming\AVS4YOU
2017-01-18 17:30 - 2017-01-20 04:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2017-01-18 17:30 - 2017-01-20 04:03 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2017-01-18 17:30 - 2017-01-18 17:30 - 00000000 ____D C:\ProgramData\AVS4YOU
2017-01-18 17:30 - 2010-05-11 13:17 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3a.dll
2017-01-18 16:39 - 2017-01-28 00:00 - 00000000 ____D C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
2017-01-18 16:39 - 2017-01-18 16:39 - 00000000 ____D C:\Users\Mark\AppData\Local\PowerPanel Personal Edition
2017-01-18 16:39 - 2017-01-18 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberPower PowerPanel Personal Edition
2017-01-15 17:08 - 2017-01-28 09:08 - 00000400 __RSH C:\ProgramData\ntuser.pol
2017-01-14 15:34 - 2017-01-14 15:37 - 00000000 ____D C:\Program Files\Pulseway
2017-01-14 12:38 - 2017-01-14 12:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2017-01-14 12:38 - 2017-01-14 12:38 - 00000000 ____D C:\Program Files (x86)\ImageWriter
2017-01-14 11:54 - 2017-01-14 11:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rawrite32
2017-01-14 11:54 - 2017-01-14 11:54 - 00000000 ____D C:\Program Files (x86)\Rawrite32
2017-01-13 10:37 - 2017-01-13 10:37 - 00000000 ____D C:\Program Files\Common Files\RBSoft
2017-01-13 09:56 - 2017-01-13 09:56 - 00001495 _____ C:\Users\Mark\Desktop\Right Click Enhancer Professional.lnk
2017-01-13 09:56 - 2017-01-13 09:56 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Right Click Enhancer Professional
2017-01-13 09:56 - 2017-01-13 09:56 - 00000000 ____D C:\Program Files (x86)\RBSoft
2017-01-13 08:35 - 2017-01-13 08:35 - 00862232 _____ C:\Users\Mark\Downloads\Statement_Jan 2017.pdf
2017-01-12 14:14 - 2017-01-12 14:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-01-12 14:14 - 2017-01-12 14:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-01-12 14:14 - 2017-01-12 14:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-01-11 16:38 - 2017-01-11 16:38 - 00000000 ____D C:\Users\Mark\Downloads\_Airdroid
2017-01-10 17:31 - 2016-12-21 03:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-10 17:31 - 2016-12-21 03:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-10 17:31 - 2016-12-21 02:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-10 17:31 - 2016-12-21 02:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-10 17:31 - 2016-12-21 02:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-10 17:31 - 2016-12-21 02:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-10 17:31 - 2016-12-21 02:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-10 17:31 - 2016-12-21 02:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-10 17:31 - 2016-12-21 02:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-10 17:31 - 2016-12-21 02:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-10 17:31 - 2016-12-21 02:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 17:31 - 2016-12-21 02:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-10 17:31 - 2016-12-21 02:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-10 17:31 - 2016-12-21 02:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-10 17:31 - 2016-12-21 01:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-10 17:31 - 2016-12-21 01:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-10 17:31 - 2016-12-21 01:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-10 17:31 - 2016-12-21 01:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-10 17:31 - 2016-12-21 01:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 17:31 - 2016-12-21 01:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-10 17:31 - 2016-12-21 01:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-10 17:31 - 2016-12-21 01:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-10 17:31 - 2016-12-21 01:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-10 17:31 - 2016-12-21 01:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-10 17:31 - 2016-12-21 01:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-10 17:31 - 2016-12-21 00:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-10 17:31 - 2016-12-21 00:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 17:31 - 2016-12-21 00:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-10 17:31 - 2016-12-20 23:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 17:31 - 2016-12-20 23:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 17:31 - 2016-12-20 23:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-10 17:31 - 2016-12-20 23:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-10 17:31 - 2016-12-20 23:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 17:31 - 2016-12-20 23:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-10 17:31 - 2016-12-20 23:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-10 17:31 - 2016-12-20 23:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-10 17:31 - 2016-12-20 23:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 17:31 - 2016-12-20 23:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-10 17:31 - 2016-12-20 23:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-10 17:31 - 2016-12-20 23:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 17:31 - 2016-12-20 23:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-10 17:31 - 2016-12-20 23:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-10 17:31 - 2016-12-20 23:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-10 17:31 - 2016-12-20 23:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-10 17:31 - 2016-12-14 00:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-10 17:31 - 2016-12-14 00:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-10 17:31 - 2016-12-14 00:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-10 17:31 - 2016-12-14 00:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-10 17:31 - 2016-12-14 00:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-10 17:31 - 2016-12-14 00:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-10 17:31 - 2016-12-14 00:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-10 17:31 - 2016-12-13 23:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 17:31 - 2016-12-13 23:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 17:31 - 2016-12-13 23:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-10 17:31 - 2016-12-13 23:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-10 17:31 - 2016-12-13 23:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-10 17:31 - 2016-12-13 23:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-10 17:31 - 2016-12-13 23:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-10 17:31 - 2016-12-13 23:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 17:31 - 2016-12-13 23:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 17:31 - 2016-12-13 23:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-10 17:31 - 2016-12-13 23:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-10 17:31 - 2016-12-13 23:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-10 17:31 - 2016-12-13 23:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-10 17:31 - 2016-12-13 23:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-10 17:31 - 2016-12-13 23:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-10 17:31 - 2016-12-13 23:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-10 17:31 - 2016-12-13 23:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-10 17:31 - 2016-12-13 23:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-10 17:31 - 2016-12-13 23:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-10 17:31 - 2016-12-13 23:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-10 17:31 - 2016-12-13 23:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-10 17:31 - 2016-12-13 23:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-10 17:31 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-10 17:31 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 17:31 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-10 17:30 - 2016-12-21 03:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-10 17:30 - 2016-12-21 02:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-10 17:30 - 2016-12-21 02:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-10 17:30 - 2016-12-21 02:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-10 17:30 - 2016-12-21 02:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-10 17:30 - 2016-12-21 02:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 17:30 - 2016-12-21 02:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-10 17:30 - 2016-12-21 02:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-10 17:30 - 2016-12-21 02:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-10 17:30 - 2016-12-21 02:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-10 17:30 - 2016-12-21 02:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-10 17:30 - 2016-12-21 02:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-10 17:30 - 2016-12-21 02:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-10 17:30 - 2016-12-21 02:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 17:30 - 2016-12-21 02:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-10 17:30 - 2016-12-21 02:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 17:30 - 2016-12-21 02:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-10 17:30 - 2016-12-21 02:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-10 17:30 - 2016-12-21 02:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-10 17:30 - 2016-12-21 02:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-10 17:30 - 2016-12-21 02:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-10 17:30 - 2016-12-21 02:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-10 17:30 - 2016-12-21 02:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-10 17:30 - 2016-12-21 02:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-10 17:30 - 2016-12-21 02:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-10 17:30 - 2016-12-21 01:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-10 17:30 - 2016-12-21 01:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-10 17:30 - 2016-12-21 01:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-10 17:30 - 2016-12-21 01:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 17:30 - 2016-12-21 01:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-10 17:30 - 2016-12-21 01:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-10 17:30 - 2016-12-21 01:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-10 17:30 - 2016-12-21 01:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-10 17:30 - 2016-12-21 01:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-10 17:30 - 2016-12-21 00:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-10 17:30 - 2016-12-21 00:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-10 17:30 - 2016-12-21 00:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-10 17:30 - 2016-12-21 00:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-10 17:30 - 2016-12-21 00:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 17:30 - 2016-12-21 00:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-10 17:30 - 2016-12-20 23:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-10 17:30 - 2016-12-20 23:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 17:30 - 2016-12-20 23:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-10 17:30 - 2016-12-20 23:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-10 17:30 - 2016-12-20 23:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-10 17:30 - 2016-12-20 23:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-10 17:30 - 2016-12-20 23:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-10 17:30 - 2016-12-20 23:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-10 17:30 - 2016-12-20 23:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-10 17:30 - 2016-12-20 23:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-10 17:30 - 2016-12-20 23:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-10 17:30 - 2016-12-20 23:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-10 17:30 - 2016-12-14 00:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-10 17:30 - 2016-12-14 00:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-10 17:30 - 2016-12-14 00:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-10 17:30 - 2016-12-14 00:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-10 17:30 - 2016-12-14 00:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-10 17:30 - 2016-12-14 00:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-10 17:30 - 2016-12-14 00:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-01-10 17:30 - 2016-12-14 00:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-10 17:30 - 2016-12-14 00:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-10 17:30 - 2016-12-14 00:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-10 17:30 - 2016-12-14 00:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-10 17:30 - 2016-12-14 00:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-10 17:30 - 2016-12-14 00:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-10 17:30 - 2016-12-14 00:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-10 17:30 - 2016-12-14 00:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-10 17:30 - 2016-12-14 00:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-10 17:30 - 2016-12-14 00:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-01-10 17:30 - 2016-12-14 00:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-10 17:30 - 2016-12-14 00:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-01-10 17:30 - 2016-12-14 00:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-10 17:30 - 2016-12-14 00:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-10 17:30 - 2016-12-14 00:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-10 17:30 - 2016-12-14 00:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-10 17:30 - 2016-12-14 00:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-10 17:30 - 2016-12-14 00:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-10 17:30 - 2016-12-14 00:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-10 17:30 - 2016-12-14 00:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-10 17:30 - 2016-12-14 00:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-10 17:30 - 2016-12-13 23:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-10 17:30 - 2016-12-13 23:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-10 17:30 - 2016-12-13 23:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-10 17:30 - 2016-12-13 23:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 17:30 - 2016-12-13 23:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-10 17:30 - 2016-12-13 23:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-10 17:30 - 2016-12-13 23:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-10 17:30 - 2016-12-13 23:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-10 17:30 - 2016-12-13 23:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 17:30 - 2016-12-13 23:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-10 17:30 - 2016-12-13 23:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-10 17:30 - 2016-12-13 23:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-10 17:30 - 2016-12-13 23:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-10 17:30 - 2016-12-13 23:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-10 17:30 - 2016-12-13 23:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-10 17:30 - 2016-12-13 23:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-10 17:30 - 2016-12-13 23:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-10 17:30 - 2016-12-13 23:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-10 17:30 - 2016-12-13 23:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-10 17:30 - 2016-12-13 23:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-10 17:30 - 2016-12-13 23:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-10 17:30 - 2016-12-13 23:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-10 17:30 - 2016-12-13 23:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 17:30 - 2016-12-13 23:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-10 17:30 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-10 17:30 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-10 17:30 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-09 10:39 - 2017-01-09 10:39 - 00000000 ____D C:\Users\Mark\AppData\Local\Macromedia
2017-01-09 10:28 - 2017-01-09 10:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2017-01-09 10:28 - 2017-01-09 10:28 - 00000000 ____D C:\Program Files (x86)\Samsung
2017-01-09 10:28 - 2014-11-26 06:07 - 00118576 _____ C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe
2017-01-09 10:28 - 2014-05-22 08:22 - 02738496 ____N C:\WINDOWS\TotalUninstaller.exe
2017-01-09 10:23 - 2014-12-25 23:56 - 00000357 _____ C:\WINDOWS\system32\usp02l.smt
2017-01-09 10:23 - 2014-04-16 03:22 - 00029184 _____ () C:\WINDOWS\system32\usp02l.dll
2017-01-09 10:23 - 2013-05-10 04:48 - 00162136 _____ C:\WINDOWS\system32\usp02ci.exe
2017-01-09 10:23 - 2010-10-20 03:46 - 00089600 _____ (SS) C:\WINDOWS\system32\usp02ci.dll
2017-01-08 10:59 - 2017-01-08 10:59 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2017-01-08 10:59 - 2017-01-08 10:59 - 00000000 ____D C:\Users\Mark\AppData\LocalLow\LastPass
2017-01-08 10:59 - 2017-01-08 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2017-01-08 10:58 - 2017-01-08 10:59 - 00000000 ____D C:\Program Files (x86)\LastPass
2017-01-07 22:23 - 2017-01-07 22:23 - 3630563328 _____ C:\Users\Mark\Downloads\Windows.iso
2017-01-07 21:57 - 2017-01-07 21:57 - 00000000 ___HD C:\$Windows.~WS
2017-01-07 21:57 - 2017-01-07 21:57 - 00000000 ____D C:\$WINDOWS.~BT
2017-01-07 20:26 - 2017-01-22 18:28 - 00000600 _____ C:\Users\Mark\AppData\Local\PUTTY.RND
2017-01-07 20:22 - 2017-01-07 20:28 - 00000000 ____D C:\Users\Mark\Documents\MobaXterm
2017-01-07 20:22 - 2017-01-07 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MobaXterm Personal Edition
2017-01-07 20:22 - 2017-01-07 20:22 - 00000000 ____D C:\Program Files (x86)\Mobatek
2017-01-07 14:07 - 2017-01-09 16:09 - 00001794 _____ C:\Users\Mark\AppData\Roaming\SAS7_000.DAT
2017-01-07 14:04 - 2017-01-25 15:35 - 00000000 ___RD C:\Users\Mark\Desktop\Marketing Tools
2017-01-06 11:52 - 2017-01-26 09:09 - 00000000 ____D C:\Users\Mark\Documents\My To-Do Lists
2017-01-06 10:17 - 2017-01-25 10:54 - 00000000 ____D C:\Users\Mark\AppData\LocalLow\Temp
2017-01-06 06:23 - 2017-01-06 06:23 - 00000000 ____D C:\Users\Mark\Documents\Custom Office Templates
2017-01-05 21:41 - 2017-01-15 21:39 - 00000000 ____D C:\Users\Mark\Documents\My Color Impact Palettes
2017-01-04 18:53 - 2017-01-27 03:12 - 00000000 ____D C:\Users\Mark\AppData\Local\Plantronics
2017-01-04 18:53 - 2017-01-04 18:53 - 00000000 ____D C:\ProgramData\Plantronics
2017-01-04 18:53 - 2017-01-04 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plantronics
2017-01-04 18:53 - 2017-01-04 18:53 - 00000000 ____D C:\Program Files\DIFX
2017-01-04 18:53 - 2017-01-04 18:53 - 00000000 ____D C:\Program Files\Common Files\Plantronics
2017-01-04 18:53 - 2017-01-04 18:53 - 00000000 ____D C:\Program Files (x86)\Winamp
2017-01-04 18:53 - 2017-01-04 18:53 - 00000000 ____D C:\Program Files (x86)\Plantronics
2017-01-04 18:53 - 2017-01-04 18:53 - 00000000 ____D C:\Program Files (x86)\BroadSoft
2017-01-04 14:15 - 2017-01-04 14:15 - 00001944 _____ C:\Users\Public\Desktop\P-touch Editor 5.1.lnk
2017-01-04 14:15 - 2017-01-04 14:15 - 00000000 ____D C:\Users\Mark\Documents\My Labels
2017-01-04 14:15 - 2017-01-04 14:15 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Brother
2017-01-04 14:15 - 2017-01-04 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother P-touch
2017-01-04 14:15 - 2017-01-04 14:15 - 00000000 ____D C:\Program Files (x86)\MSECache
2017-01-04 14:15 - 2017-01-04 14:15 - 00000000 ____D C:\Program Files (x86)\Brother
2017-01-04 14:03 - 2017-01-04 14:03 - 00000000 ____D C:\Users\Mark\AppData\Local\Sanford,_L.P
2017-01-04 14:03 - 2017-01-04 14:03 - 00000000 ____D C:\Users\Mark\AppData\Local\DYMO
2017-01-04 14:02 - 2017-01-04 14:02 - 00001225 _____ C:\Users\Public\Desktop\DYMO Label v.8.lnk
2017-01-04 14:02 - 2017-01-04 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DYMO
2017-01-04 14:02 - 2017-01-04 14:02 - 00000000 ____D C:\Program Files\Bonjour
2017-01-04 14:02 - 2017-01-04 14:02 - 00000000 ____D C:\Program Files (x86)\Bonjour
2017-01-04 14:01 - 2017-01-04 14:01 - 00000000 ____D C:\ProgramData\DYMO
2017-01-04 14:01 - 2017-01-04 14:01 - 00000000 ____D C:\Program Files (x86)\DYMO
2017-01-04 11:34 - 2017-01-04 11:35 - 00000000 ____D C:\Users\Mark\AppData\Roaming\OneNoteGem
2017-01-04 11:34 - 2017-01-04 11:34 - 00000000 ____D C:\Users\Public\Documents\OneNoteGem
2017-01-04 11:34 - 2017-01-04 11:34 - 00000000 ____D C:\Users\Mark\Documents\OneNoteGem
2017-01-04 11:34 - 2017-01-04 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNoteGem
2017-01-04 11:34 - 2017-01-04 11:34 - 00000000 ____D C:\Program Files (x86)\OneNoteGem
2017-01-04 00:25 - 2017-01-04 00:25 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-01-03 10:51 - 2017-01-19 12:23 - 00000033 _____ C:\Users\Mark\AppData\Roaming\AdobeWLCMCache.dat
2017-01-03 07:59 - 2017-01-15 08:11 - 00000000 ____D C:\Users\Mark\AppData\Roaming\HandBrake
2017-01-03 07:59 - 2017-01-03 07:59 - 00000000 ____D C:\Users\Mark\AppData\Roaming\HandBrake Team
2017-01-03 00:58 - 2017-01-07 14:05 - 00000000 ____D C:\Users\Mark\Documents\My Dragon Profiles
2017-01-02 19:40 - 2017-01-02 19:40 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Nuance
2017-01-02 19:12 - 2017-01-02 19:12 - 00002815 _____ C:\Users\Public\Desktop\Dragon Naturally Speaking.lnk
2017-01-02 19:12 - 2017-01-02 19:12 - 00001915 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk
2017-01-02 19:12 - 2017-01-02 19:12 - 00000000 ____D C:\Users\Mark\AppData\Roaming\FLEXnet
2017-01-02 19:12 - 2017-01-02 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking
2017-01-02 19:12 - 2017-01-02 19:12 - 00000000 ____D C:\ProgramData\Macrovision
2017-01-02 19:12 - 2017-01-02 19:12 - 00000000 ____D C:\Program Files (x86)\Nuance
2017-01-02 19:09 - 2017-01-02 19:09 - 00000000 ____D C:\Users\Mark\Downloads\NaturallySpeaking
2017-01-02 13:00 - 2017-01-02 13:00 - 00000000 ____D C:\Users\Mark\AppData\Roaming\NVIDIA
2017-01-01 22:30 - 2017-01-02 12:25 - 00000000 ____D C:\Users\Mark\AppData\Local\NVIDIA Corporation
2017-01-01 22:30 - 2017-01-01 22:30 - 00000000 ____D C:\Users\Mark\AppData\Local\NVIDIA
2017-01-01 22:28 - 2017-01-01 22:28 - 00003984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-01 22:28 - 2017-01-01 22:28 - 00003956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-01 22:28 - 2017-01-01 22:28 - 00003920 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-01 22:28 - 2017-01-01 22:28 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-01 22:28 - 2017-01-01 22:28 - 00003732 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-01 22:28 - 2017-01-01 22:28 - 00003690 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-01 22:28 - 2017-01-01 22:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-01-01 22:28 - 2016-12-11 22:03 - 01854400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-01-01 22:28 - 2016-12-11 22:03 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-01-01 22:28 - 2016-12-11 22:03 - 01452480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-01-01 22:28 - 2016-12-11 22:03 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-01-01 22:28 - 2016-12-11 22:03 - 00120256 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-01-01 22:28 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2017-01-01 22:28 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2017-01-01 22:28 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2017-01-01 22:28 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2017-01-01 22:28 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2017-01-01 22:28 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2017-01-01 22:27 - 2017-01-26 09:09 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-01 22:27 - 2017-01-01 22:30 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-01 22:27 - 2017-01-01 22:27 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-01-01 22:27 - 2016-12-11 22:03 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-01-01 22:27 - 2016-12-11 13:47 - 06384576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-01-01 22:27 - 2016-12-11 13:47 - 02475968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-01-01 22:27 - 2016-12-11 13:47 - 01764408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-01-01 22:27 - 2016-12-11 13:47 - 00548408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-01-01 22:27 - 2016-12-11 13:47 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-01-01 22:27 - 2016-12-11 13:47 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-01-01 22:27 - 2016-12-11 13:47 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-01-01 22:27 - 2016-12-11 13:23 - 00134712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-01-01 22:27 - 2016-12-09 03:52 - 07639617 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-01-01 22:27 - 2016-09-09 13:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-01-01 22:27 - 2016-09-09 13:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-01-01 22:27 - 2016-09-09 13:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-01-01 22:27 - 2016-09-09 13:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-01-01 22:26 - 2016-12-11 22:03 - 40125496 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 35222976 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 34710584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 28201408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 10912744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 10803880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 10353960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 09158616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 08913328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 08761560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 03934504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 03474392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 02950200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 02587704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 01953336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437633.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 01595456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 01586744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437633.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 01038392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 00974784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 00942528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 00894400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 00802768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 00801560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 00683640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 00643928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 00642392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 00617696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 00572888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 00438208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 00394888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 00388544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 00386104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 00347072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 00327408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 00212936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2017-01-01 22:26 - 2016-12-11 22:03 - 00101824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 00091584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 00046024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-01-01 22:26 - 2016-12-11 22:03 - 00046016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-01-01 22:26 - 2016-12-11 22:03 - 00042286 _____ C:\WINDOWS\system32\nvinfo.pb
2017-01-01 22:26 - 2016-12-11 22:03 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-01-01 22:26 - 2016-12-11 22:03 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-01-01 22:25 - 2017-01-01 22:25 - 00000000 ____D C:\Users\Mark\Downloads\NVIDIA
2017-01-01 22:22 - 2017-01-01 22:28 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-01 22:22 - 2017-01-01 22:28 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-01 09:24 - 2017-01-09 10:28 - 00000000 ____D C:\ProgramData\Samsung
2017-01-01 09:24 - 2017-01-01 09:24 - 00000000 ____D C:\Program Files\Samsung
2017-01-01 09:24 - 2016-09-05 05:47 - 00165504 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2017-01-01 09:24 - 2016-09-05 05:47 - 00131712 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-28 10:52 - 2011-02-27 17:25 - 00000000 ____D C:\Users\Mark\Documents\Outlook Files
2017-01-28 10:42 - 2016-12-22 12:12 - 00000000 ____D C:\Users\Mark\AppData\Roaming\MediaMonkey
2017-01-28 10:32 - 2016-12-23 21:08 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Mp3tag
2017-01-28 10:11 - 2016-12-25 17:30 - 00000000 ____D C:\Users\Mark\Documents\SnagIt Library
2017-01-28 10:11 - 2016-12-24 22:30 - 00000000 ____D C:\Users\Mark\Documents\FinePrint files
2017-01-28 10:11 - 2016-12-15 17:10 - 00000000 ____D C:\Program Files\Bitdefender Agent
2017-01-28 10:00 - 2016-12-22 13:41 - 00000000 ____D C:\Users\Mark\AppData\Local\Amazon Music
2017-01-28 09:41 - 2016-12-24 18:40 - 00000000 ____D C:\Users\Mark\AppData\Local\Adobe
2017-01-28 09:37 - 2016-12-25 09:15 - 00000000 ____D C:\Users\Mark\Documents\AirDroid
2017-01-28 09:21 - 2016-12-15 12:21 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-28 09:08 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-28 05:41 - 2016-12-26 05:02 - 00000000 ____D C:\Users\Mark\AppData\Local\Lookeen
2017-01-27 22:37 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-27 14:11 - 2016-12-15 10:08 - 00000000 ____D C:\Users\Mark\AppData\Local\Packages
2017-01-27 14:10 - 2016-12-23 14:07 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2017-01-27 14:10 - 2016-12-23 14:07 - 00000000 ____D C:\Users\Mark\AppData\Local\atom
2017-01-27 14:09 - 2016-12-23 14:07 - 00000000 ____D C:\Users\Mark\AppData\Local\SquirrelTemp
2017-01-27 12:00 - 2016-12-23 17:32 - 00000000 ____D C:\ProgramData\TEMP
2017-01-27 08:03 - 2009-11-28 11:56 - 00000000 ____D C:\Users\Mark\Documents\BatchPhoto
2017-01-26 09:15 - 2016-12-15 10:11 - 02073898 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-26 09:12 - 2016-12-27 00:45 - 00000000 ___RD C:\Users\Mark\Dropbox
2017-01-26 09:11 - 2016-12-25 09:15 - 00000000 ____D C:\Users\Mark\AppData\Roaming\AirDroid
2017-01-26 09:11 - 2016-12-25 07:26 - 00000000 ___RD C:\Users\Mark\Creative Cloud Files
2017-01-26 09:11 - 2016-12-25 07:26 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-01-26 09:09 - 2016-12-23 17:23 - 00000000 ____D C:\Temp
2017-01-26 09:09 - 2016-12-15 12:21 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-26 09:08 - 2016-12-23 13:41 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Task Coach
2017-01-26 09:08 - 2016-12-22 12:32 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Everything
2017-01-26 09:08 - 2016-12-15 12:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-26 09:08 - 2016-07-16 01:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-01-26 09:04 - 2016-07-16 01:04 - 00065536 _____ C:\WINDOWS\system32\config\ELAM
2017-01-26 05:31 - 2016-12-15 17:14 - 00000000 ____D C:\ProgramData\Bitdefender
2017-01-26 05:17 - 2016-12-15 17:14 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Bitdefender
2017-01-26 05:17 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-26 05:15 - 2016-12-22 13:46 - 00000000 ____D C:\Users\Mark\AppData\Roaming\KeePass
2017-01-25 21:36 - 2016-12-23 12:41 - 00000000 ____D C:\Program Files (x86)\3DYD Youtube Source
2017-01-25 21:35 - 2016-12-23 12:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
2017-01-25 21:35 - 2016-12-23 12:41 - 00000000 ____D C:\Program Files (x86)\LAV Filters
2017-01-25 21:14 - 2016-12-16 09:52 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-25 21:14 - 2016-12-16 09:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-25 21:07 - 2016-12-15 12:22 - 00000000 ____D C:\Users\Mark
2017-01-25 21:05 - 2009-01-10 20:00 - 00000000 ____D C:\Users\Mark\Documents\My Registry Backups
2017-01-25 18:18 - 2016-12-27 12:13 - 00000000 ____D C:\Program Files (x86)\jv16 PowerTools 2017
2017-01-25 17:30 - 2016-12-27 18:40 - 00003366 _____ C:\WINDOWS\System32\Tasks\Object Desktop-S-1-5-21-706286989-1995884848-404660261-1001
2017-01-25 16:34 - 2015-07-10 06:04 - 00000465 _____ C:\WINDOWS\win.ini
2017-01-25 16:22 - 2016-12-23 21:15 - 00000000 ____D C:\Program Files (x86)\IObit
2017-01-25 16:22 - 2016-12-23 21:14 - 00000000 ____D C:\Users\Mark\AppData\Roaming\IObit
2017-01-25 16:22 - 2016-12-16 09:49 - 00000000 ___RD C:\Users\Mark\Desktop\Utilities
2017-01-25 16:10 - 2016-12-15 11:37 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-01-25 16:08 - 2016-12-22 21:25 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-01-25 16:00 - 2016-12-22 13:44 - 00001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2017-01-25 16:00 - 2016-12-22 13:44 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2017-01-25 15:36 - 2016-12-15 12:21 - 05086320 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-25 15:35 - 2016-12-25 19:49 - 00000000 ___RD C:\Users\Mark\Desktop\Businesses
2017-01-25 15:35 - 2016-12-25 07:54 - 00000000 ___RD C:\Users\Mark\Desktop\Photo Tools
2017-01-25 15:35 - 2016-12-23 17:27 - 00000000 ___RD C:\Users\Mark\Desktop\Ebooks Writing ELearning
2017-01-25 15:35 - 2016-12-23 14:33 - 00000000 ___RD C:\Users\Mark\Desktop\Audio Tools
2017-01-25 15:35 - 2016-12-23 14:31 - 00000000 ___RD C:\Users\Mark\Desktop\Design Tools
2017-01-25 15:35 - 2016-12-23 14:27 - 00000000 ___RD C:\Users\Mark\Desktop\Video Tools
2017-01-25 15:35 - 2016-12-23 14:09 - 00000000 ___RD C:\Users\Mark\Desktop\Developer Tools
2017-01-25 15:35 - 2016-12-22 21:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-25 15:35 - 2016-12-15 15:21 - 00000000 ___DC C:\WINDOWS\Panther
2017-01-25 15:35 - 2015-07-21 15:23 - 00000000 ___RD C:\Users\Mark\Desktop\ACTIVE WORKING FILES
2017-01-25 15:16 - 2016-12-23 21:14 - 00000000 ____D C:\ProgramData\IObit
2017-01-25 10:07 - 2016-12-15 11:36 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-24 23:49 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-24 21:54 - 2016-12-25 07:52 - 00000000 ____D C:\Users\Mark\AppData\Local\CrashDumps
2017-01-24 21:24 - 2016-12-15 17:15 - 00000000 ____D C:\ProgramData\BDLogging
2017-01-24 17:34 - 2016-12-23 13:40 - 00000000 ____D C:\Users\Mark\AppData\Roaming\TeamViewer
2017-01-24 16:09 - 2016-12-27 01:23 - 00000000 ____D C:\Users\Mark\Downloads\_Applications
2017-01-24 16:09 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-24 14:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-24 14:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-24 14:16 - 2016-12-22 21:12 - 00000000 ____D C:\Users\Mark\AppData\LocalLow\Mozilla
2017-01-24 13:17 - 2016-12-15 11:08 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-24 13:16 - 2016-12-25 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2017-01-24 12:38 - 2016-12-24 22:49 - 00000000 ____D C:\Users\Mark\Documents\PDF files
2017-01-23 15:18 - 2016-12-27 00:42 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-23 14:38 - 2016-12-23 17:15 - 00000000 ____D C:\Program Files\HeidiSQL
2017-01-20 12:54 - 2016-12-24 08:27 - 00000000 ____D C:\Users\Mark\AppData\Local\Downloaded Installations
2017-01-20 07:47 - 2016-12-16 09:52 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-20 05:24 - 2016-12-25 21:08 - 00000000 ____D C:\Users\Mark\Desktop\To Sort
2017-01-20 04:29 - 2016-12-23 16:00 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-01-20 04:29 - 2016-12-23 16:00 - 00000000 ____D C:\ProgramData\Oracle
2017-01-20 04:29 - 2016-12-23 16:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-20 04:29 - 2016-12-23 16:00 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-19 18:39 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ELAMBKUP
2017-01-19 16:12 - 2009-01-10 20:00 - 00000000 ____D C:\Users\Mark\Documents\My Self Improvement
2017-01-19 16:01 - 2016-12-24 08:22 - 00000000 ____D C:\Users\Mark\AppData\Local\Mirillis
2017-01-19 13:20 - 2016-12-25 07:51 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-01-19 12:13 - 2016-12-24 22:20 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Obsidium
2017-01-19 12:13 - 2016-12-24 22:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proxima Software
2017-01-19 12:13 - 2016-12-24 22:20 - 00000000 ____D C:\Program Files (x86)\FontExpert
2017-01-19 11:31 - 2016-12-23 14:14 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Audacity
2017-01-19 11:15 - 2016-12-27 12:13 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jv16 PowerTools 2017
2017-01-19 11:15 - 2016-12-27 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jv16 PowerTools 2017
2017-01-18 16:07 - 2016-12-15 10:08 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Adobe
2017-01-18 13:02 - 2016-12-25 09:13 - 00000000 ____D C:\Program Files (x86)\AirDroid
2017-01-15 17:08 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-01-15 17:08 - 2015-07-10 06:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-01-14 15:29 - 2016-12-23 16:07 - 00001708 _____ C:\Users\Mark\advanced_ip_scanner_MAC.bin
2017-01-14 15:29 - 2016-12-23 16:07 - 00000326 _____ C:\Users\Mark\advanced_ip_scanner_Aliases.bin
2017-01-14 09:47 - 2016-12-23 15:59 - 00000000 ____D C:\Users\Mark\Ubiquiti UniFi
2017-01-14 09:47 - 2016-12-23 15:57 - 00000000 ___RD C:\Users\Mark\Desktop\Network  Server Phone Mgmt
2017-01-12 20:14 - 2016-12-25 07:51 - 00002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2017-01-12 20:12 - 2016-12-25 07:52 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-12 07:19 - 2016-12-27 11:23 - 00000000 ___RD C:\Users\Mark\Desktop\Health Fitness
2017-01-12 06:11 - 2009-01-10 20:02 - 00000000 ____D C:\Users\Mark\Documents\My Icons
2017-01-11 13:10 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-11 12:31 - 2016-12-24 22:20 - 00000000 ____D C:\Users\Mark\Documents\My Fonts
2017-01-10 19:15 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-10 19:15 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-10 19:15 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-10 19:15 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-10 19:15 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-10 19:15 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-10 18:19 - 2016-12-15 11:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-10 12:13 - 2016-12-26 04:41 - 00000000 ____D C:\Users\Mark\Documents\Camtasia Studio
2017-01-09 19:55 - 2016-12-25 07:27 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-01-07 19:46 - 2013-01-24 17:44 - 00000000 ____D C:\Users\Mark\Documents\My Bitvise Profiles
2017-01-07 14:42 - 2016-12-23 23:20 - 00000000 ____D C:\Users\Mark\AppData\Roaming\FileZilla
2017-01-07 13:08 - 2016-12-25 08:39 - 00000000 ____D C:\Program Files\Recuva
2017-01-05 17:41 - 2011-12-06 21:16 - 00000000 ____D C:\Users\Mark\Documents\Kindle Content
2017-01-05 17:23 - 2016-12-25 11:34 - 00000000 ___RD C:\Users\Mark\Desktop\Adobe
2017-01-05 16:23 - 2012-12-29 11:32 - 00000000 ____D C:\Users\Mark\Documents\Brother Labels
2017-01-04 21:31 - 2016-12-27 01:24 - 00000000 ____D C:\Users\Mark\Downloads\_Zip Files
2017-01-04 12:25 - 2015-05-14 07:40 - 00000000 ___RD C:\Users\Mark\AirDroid
2017-01-04 05:01 - 2016-12-25 12:45 - 00000000 ____D C:\ProgramData\SQL Anywhere 11
2017-01-03 09:19 - 2016-12-25 07:57 - 00000000 ____D C:\Users\Public\Documents\Adobe
2017-01-02 19:12 - 2016-12-25 12:45 - 00000000 ____D C:\ProgramData\Nuance
2017-01-01 22:27 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Help
2017-01-01 21:55 - 2016-12-15 10:10 - 00000000 __SHD C:\Users\Mark\IntelGraphicsProfiles
2017-01-01 21:04 - 2016-12-15 12:48 - 05129392 _____ C:\WINDOWS\PE_Rom.dll
 
==================== Files in the root of some directories =======
 
2017-01-04 14:01 - 2017-01-04 14:02 - 0046078 __RSH () C:\Program Files (x86)\DLS8Uninstall.log
2017-01-08 10:59 - 2017-01-08 10:59 - 21874200 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2016-12-27 12:13 - 2016-12-27 12:13 - 0000020 ___SH () C:\Users\Mark\AppData\Roaming\1816CA7466166.ind
2016-12-26 05:18 - 2016-12-26 11:48 - 2227000 _____ (Swiftpage ACT LLC                                           ) C:\Users\Mark\AppData\Roaming\act16sp3hf1ss.exe
2016-12-26 05:36 - 2016-12-26 05:36 - 0000000 ____H () C:\Users\Mark\AppData\Roaming\ActUpdate.log
2017-01-03 10:51 - 2017-01-19 12:23 - 0000033 _____ () C:\Users\Mark\AppData\Roaming\AdobeWLCMCache.dat
2016-12-26 05:19 - 2016-12-26 11:50 - 0032545 _____ () C:\Users\Mark\AppData\Roaming\NGEN_AppLog_Install.txt
2016-12-26 05:22 - 2016-12-26 11:48 - 0000531 _____ () C:\Users\Mark\AppData\Roaming\NGEN_AppLog_Uninstall.txt
2017-01-22 17:45 - 2017-01-28 10:00 - 0000618 _____ () C:\Users\Mark\AppData\Roaming\pacemaker.ini
2017-01-22 17:45 - 2017-01-22 17:45 - 0000010 _____ () C:\Users\Mark\AppData\Roaming\pacemaker_songparams.txt
2016-12-27 12:13 - 2016-12-27 12:13 - 0000020 ___SH () C:\Users\Mark\AppData\Roaming\Programs8187ConfigDB.dat
2017-01-07 14:07 - 2017-01-09 16:09 - 0001794 _____ () C:\Users\Mark\AppData\Roaming\SAS7_000.DAT
2016-12-24 19:01 - 2016-12-25 09:46 - 0601088 _____ () C:\Users\Mark\AppData\Roaming\SharedSettings.ccs
2017-01-25 16:23 - 2017-01-25 16:23 - 0000036 _____ () C:\Users\Mark\AppData\Local\housecall.guid.cache
2017-01-07 20:26 - 2017-01-22 18:28 - 0000600 _____ () C:\Users\Mark\AppData\Local\PUTTY.RND
2017-01-25 17:31 - 2017-01-25 19:13 - 0000010 _____ () C:\Users\Mark\AppData\Local\sponge.last.runtime.cache
2016-12-25 11:41 - 2016-12-25 11:41 - 0000000 _____ () C:\Users\Mark\AppData\Local\zenmap.exe.log
2017-01-25 21:23 - 2017-01-25 21:23 - 0028060 _____ () C:\ProgramData\agent.1485397388.bdinstall.bin
2017-01-26 05:12 - 2017-01-26 05:12 - 0029120 _____ () C:\ProgramData\agent.1485425561.bdinstall.bin
2017-01-26 05:16 - 2017-01-26 05:16 - 0382187 _____ () C:\ProgramData\cl.1485425676.bdinstall.bin
2017-01-26 05:17 - 2017-01-26 05:17 - 0056831 _____ () C:\ProgramData\dm.1485425823.bdinstall.bin
2017-01-26 05:17 - 2017-01-26 05:17 - 0040699 _____ () C:\ProgramData\dm.1485425841.bdinstall.bin
2016-12-15 12:21 - 2016-12-15 12:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2006-10-24 07:23 - 2006-10-24 07:23 - 0000000 ____H () C:\ProgramData\sdpsenv.dat
 
Files to move or delete:
====================
C:\ProgramData\sdpsenv.dat
 
 
Some files in TEMP:
====================
2017-01-26 10:03 - 2017-01-26 10:03 - 0702680 _____ (Add-in Express Ltd.) C:\Users\Mark\AppData\Local\Temp\IntResource64.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-21 13:13
 
==================== End of FRST.txt ============================

Edited by hamluis, 28 January 2017 - 12:54 PM.


BC AdBot (Login to Remove)

 


#2 gigaboy

gigaboy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 28 January 2017 - 04:39 PM

Don't know why 3 copies of this were posted.  The forums server kept timing out and a Cloudflare error appeared.  Anyway, don't know why the two attachments didn't post earlier, so here they are again.

 

fileexplorer.jpg
 
Attached File  Addition.txt   90.32KB   2 downloads


#3 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,771 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:28 PM

Posted 29 January 2017 - 11:33 PM

Post the result of the Malwarebytes' Anti-Malware scan

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#4 gigaboy

gigaboy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 31 January 2017 - 12:17 PM

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 1/31/17
Scan Time: 12:04 PM
Logfile: mwb.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1144
License: Free
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: MARK-PC\Mark
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 447571
Time Elapsed: 3 min, 3 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#5 gigaboy

gigaboy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 31 January 2017 - 01:09 PM

The scan posted above did not report any problems.  I had the machine turned off for a day, then came back from travel and turned it on.  The folders and files I described were gone.  I thought "Problem Solved!"  - not so fast.  After about 20 minutes of computer use, the folders and files reappeared, perhaps after I opened Chrome browser.  So I reran MWB again and it did find a problem.  So the results are posted below:

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 1/31/17
Scan Time: 1:01 PM
Logfile: mwby.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1144
License: Free
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: MARK-PC\Mark
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 456073
Time Elapsed: 3 min, 14 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 1
PUM.Optional.NoDrives, HKU\S-1-5-21-706286989-1995884848-404660261-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NODRIVES, No Action By User, [19371], [293343],1.0.1144
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#6 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,771 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:28 PM

Posted 02 February 2017 - 12:31 AM

Sign-out off Google Chrome. Perform the following step afterward.
  • Step #1 ESET Online Scanner
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting check the following box --
      • Enable detection for potentially unwanted programs
    • Click on Advanced Setting --
      • Uncheck the box beside Remove Found Threats;
      • Check the box beside Scan archives
      • Check the box beside Scan for potentially unsafe applications
      • Check the box beside Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.
    Note: Enable your security programs afterwards.
 

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#7 gigaboy

gigaboy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 03 February 2017 - 07:45 AM

Export from eset threats found file:
 
F:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
F:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoicesetup_v4.04.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
F:\Users\Mark\Downloads\eisetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
F:\Users\Mark\Downloads\FoxitReader531.0606_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
F:\Windows\Downloaded Installations\{D764D5AB-33E4-49F7-A517-5898AB6E5564}\YouSendIt Express.msi a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
\\Gigaboy-s1\O\Downloads\_Audio and Video\Rippers and Encoders\FreeRip\freeripmp3-setup.exe Win32/Adware.ADON potentially unwanted application
\\Gigaboy-s1\O\Downloads\_Microsoft\produkey.zip a variant of Win32/PSWTool.ProductKey.B potentially unsafe application
\\Gigaboy-s1\O\Downloads\__2016-17 File Transfer\ac3filter_2_6_0b.exe Win32/OpenCandy potentially unsafe application
\\Gigaboy-s1\O\Downloads\__2016-17 File Transfer\AppData\Roaming\MetaProducts\Inquiry\Data\cat48\cat190\BA9A4A93-EC1E-4E25-B4BC-B20BE05DD316.iqa JS/Kryptik.BP trojan
\\Gigaboy-s1\O\Websites\Business\dev.markleder.com\index.php PHP/Agent.NFR trojan
\\Gigaboy-s1\O\Websites\_coldfusion files to keep\Downloads\zp851free.exe Win32/OpenCandy potentially unsafe application
\\Gigaboy-s1\O\Websites\_coldfusion files to keep\Downloads\_Server Programs\Freecommander\fc_setup_.zip a variant of Win32/Adware.ADON potentially unwanted application
 
From the Program Log File:
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=5f6c6ae63f221b4ca7e752bdb21dc42a
# end=init
# utc_time=2017-02-02 10:01:56
# local_time=2017-02-02 05:01:56 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 32277
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=5f6c6ae63f221b4ca7e752bdb21dc42a
# end=updated
# utc_time=2017-02-02 10:03:27
# local_time=2017-02-02 05:03:27 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=5f6c6ae63f221b4ca7e752bdb21dc42a
# engine=32277
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2017-02-03 08:18:59
# local_time=2017-02-03 03:18:59 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 648047 16518955 0 0
# scanned=2016519
# found=12
# cleaned=0
# scan_time=36931
sh=C61A0A615E498278C9DA16683C0D3E89DE988394 ft=1 fh=9fbc5ca02484dfb6 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="F:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe"
sh=B1363D2D789BD7493F08EAE8FB9B97B66227A1A1 ft=1 fh=7c6699f32a5e013e vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="F:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoicesetup_v4.04.exe"
sh=B1363D2D789BD7493F08EAE8FB9B97B66227A1A1 ft=1 fh=7c6699f32a5e013e vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="F:\Users\Mark\Downloads\eisetup.exe"
sh=EAFFA0F4B976C8F83FFC71868196F8F70DC9C990 ft=1 fh=57adec1c4d44f18a vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="F:\Users\Mark\Downloads\FoxitReader531.0606_enu_Setup.exe"
sh=82487B76948FC977CE533F4E4A040DAC9429917A ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="F:\Windows\Downloaded Installations\{D764D5AB-33E4-49F7-A517-5898AB6E5564}\YouSendIt Express.msi"
sh=AC37307C2976F6E1527A744E166ADE237B59C76C ft=1 fh=9ba30254bcb3d32f vn="Win32/Adware.ADON potentially unwanted application" ac=I fn="\\Gigaboy-s1\O\Downloads\_Audio and Video\Rippers and Encoders\FreeRip\freeripmp3-setup.exe"
sh=4E398C70F46FACE61B69DEFC5EB9CA4859E9C1AC ft=0 fh=0000000000000000 vn="a variant of Win32/PSWTool.ProductKey.B potentially unsafe application" ac=I fn="\\Gigaboy-s1\O\Downloads\_Microsoft\produkey.zip"
sh=832BF5093617711948105FF65094819FB6830C79 ft=1 fh=d853b354b0134743 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="\\Gigaboy-s1\O\Downloads\__2016-17 File Transfer\ac3filter_2_6_0b.exe"
sh=CD4EDF4F927430EA50B0BDC1E0CDC58635BF5845 ft=0 fh=0000000000000000 vn="JS/Kryptik.BP trojan" ac=I fn="\\Gigaboy-s1\O\Downloads\__2016-17 File Transfer\AppData\Roaming\MetaProducts\Inquiry\Data\cat48\cat190\BA9A4A93-EC1E-4E25-B4BC-B20BE05DD316.iqa"
sh=D2CBC5F70873A12BB1150CB1BE53A757A77C8699 ft=0 fh=0000000000000000 vn="PHP/Agent.NFR trojan" ac=I fn="\\Gigaboy-s1\O\Websites\Business\dev.markleder.com\index.php"
sh=8BD5DDFA77D5BB528046067607CB207531F41DE7 ft=1 fh=6c789d0c8a0ddde6 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="\\Gigaboy-s1\O\Websites\_coldfusion files to keep\Downloads\zp851free.exe"
sh=73748111465C81322E7C9E5A90D929E63F07B961 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.ADON potentially unwanted application" ac=I fn="\\Gigaboy-s1\O\Websites\_coldfusion files to keep\Downloads\_Server Programs\Freecommander\fc_setup_.zip"
 

Edited by gigaboy, 03 February 2017 - 07:50 AM.


#8 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,771 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:28 PM

Posted 05 February 2017 - 03:14 AM

Re-run ESET with a tick mark on "Remove Found Threats" and post the log. Inform me about your PC's condition.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#9 gigaboy

gigaboy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 06 February 2017 - 09:35 PM

F:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application cleaned by deleting
F:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoicesetup_v4.04.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted
F:\Users\Mark\Downloads\eisetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted
F:\Users\Mark\Downloads\FoxitReader531.0606_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application cleaned by deleting
F:\Windows\Downloaded Installations\{D764D5AB-33E4-49F7-A517-5898AB6E5564}\YouSendIt Express.msi a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted
\\Gigaboy-s1\O\Downloads\_Audio and Video\Rippers and Encoders\FreeRip\freeripmp3-setup.exe Win32/Adware.ADON potentially unwanted application cleaned by deleting
\\Gigaboy-s1\O\Downloads\_Microsoft\produkey.zip a variant of Win32/PSWTool.ProductKey.B potentially unsafe application deleted
\\Gigaboy-s1\O\Downloads\__2016-17 File Transfer\ac3filter_2_6_0b.exe Win32/OpenCandy potentially unsafe application cleaned by deleting
\\Gigaboy-s1\O\Downloads\__2016-17 File Transfer\AppData\Roaming\MetaProducts\Inquiry\Data\cat48\cat190\BA9A4A93-EC1E-4E25-B4BC-B20BE05DD316.iqa JS/Kryptik.BP trojan deleted
\\Gigaboy-s1\O\Websites\Business\dev.markleder.com\index.php PHP/Agent.NFR trojan cleaned by deleting
\\Gigaboy-s1\O\Websites\_coldfusion files to keep\Downloads\zp851free.exe Win32/OpenCandy potentially unsafe application cleaned by deleting
\\Gigaboy-s1\O\Websites\_coldfusion files to keep\Downloads\_Server Programs\Freecommander\fc_setup_.zip a variant of Win32/Adware.ADON potentially unwanted application deleted
 
 
The PC seems to be working fine, so I think we can close this out.
Greatly appreciate your good work and ability to help.
 
BTW:  I think I discovered the problem with the bogus files / folders being created.  It's a "honeypot" used by Cyberreason Ransomware preventer.  I'm kinda paranoid about ransomware, as the county government offices in the next town over from me got hit last week.  Couldn't do anything but respond to 911 calls.
 
Mark

Edited by gigaboy, 06 February 2017 - 09:36 PM.


#10 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,771 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:28 PM

Posted 06 February 2017 - 10:19 PM

Perusing your logs, I see no infection currently present in your system. Unless you are having any issue(s), the machine appears to be Malware-free as we speak.

 

♣ Removal of Tools and Quarantined Files ♣


 

Despite the tools we have used are clean, they are powerful removal tools and made in a way so that they carry out any commands given to them without (most cases) asking for a confirmation. In the hands of an inept person, they can make the machine un-bootable -- a scenario we do not wish to see. Also, we need to remove the quarantined files/folders from your system as a dormant malware can be as bad as an active one if given the proper environment. I shall now give you the guidelines to remove the tools and the quarantined files from your system.
  • Cleanup with Delfix
    Please download DelFix by Xplode to your Desktop.
    Download Link
    • Double-click to run the program;
      • Note: Windows Vista/7/8/8.1/10 users right-click and choose Run as administrator
    • Make sure that all the boxes are checked;
    • Click Run;
    • A log will be opened after the operation is finished;
    • Copy and Paste it in your next reply
 

♣ Prevention and Future Guidelines ♣


 

Prevention is better than cure -- goes the old saying. As much as we love to see you visit our site, we do not want to see you having your PC infected by malwares again.
  • Keep Windows up-to-date.
    It is extremely important that you keep your operating system (Windows) updated when updates are made available. It is set to alert you, so be sure not to ignore these notices and to allow the updates to install. Many of these are critical security packages which could very possibly be the difference between your picking up a future infiltration and simply passing right by it unharmed.
  • Run antivirus software and keep it up-to-date, too.
    Antivirus software is your safety net if all other protections fail. The first line of defense is smart computing, of course, but everyone needs a backup. I'd recommend Microsoft Security Essentials or avast!, both of which are excellent, as well as free. Once they're installed, check periodically to ensure they have been successfully updating as well. An out-of-date antivirus is not a happy antivirus!
  • Keep your web browser plugins and other programs updated also.
    This tip is rarely shared by technicians and its importance is not widely recognized, but it's absolutely critical. Programs such as Java, Adobe Flash Player and Adobe Reader, Internet Explorer, and myriad other such web-exposed items are deeply vulnerable to attack, which can quickly lead to a hopelessly infected system no matter what protection you currently have installed. The reason is that these programs are ubiquitous, but are also not perfect and are extremely complex... and as such, security vulnerabilities are discovered and exploited by hackers hoping to gain control over your machine. By performing every update for these programs as soon as it's made available, you will greatly reduce your exposure to dangerous internet threats.

    A great way to do this is to install the Filehippo Update Checker and run it regularly. Also, try not to ignore any notifications you receive regarding updates to programs already installed on your PC.

    No scripts is an excellent security device too. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit.

    Download NoSript by Giorgio Maone.

    Note: Sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.
  • And last of all, surf smart.
    It doesn't matter how well the autopilot system works if the pilot keeps flying the plane into mountain ranges. Don't forget that no matter how much you have protecting yourself, your security ultimately begins and ends with you. Don't visit dangerous or questionable web sites, avoid suspicious links on Facebook and emails/email attachments you're unsure about, and just generally keep your wits about you, and you'll be much safer. Also, avoid illegal downloads, cracks, "warez", and all other too-good-to-be-true internet offerings: they're typically laden with malware. Be smart and you can avoid most threats lurking about the darker corners of the internet! And for even more tips, see our article How Did I Get Infected in the First Place? and Keep Your Computer Safe Online.

Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#11 gigaboy

gigaboy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 07 February 2017 - 12:11 PM

# DelFix v1.010 - Logfile created 07/02/2017 at 12:09:43
# Updated 26/04/2015 by Xplode
# Username : Mark - MARK-PC
# Operating System : Windows 10 Pro  (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #79 [Snagit 13 | 02/02/2017 13:40:54]
Deleted : RP #80 [Installed VirtViewer 5.0-256 (32-bit) | 02/03/2017 19:19:47]
Deleted : RP #82 [Revo Uninstaller's restore point - NVIDIA GeForce Experience 3.3.0.95 | 02/04/2017 20:55:24]
Deleted : RP #84 [Revo Uninstaller's restore point - Right Click Enhancer Professional 4.4.2 | 02/05/2017 14:35:26]
Deleted : RP #86 [Revo Uninstaller's restore point - VirtViewer 5.0-256 (32-bit) | 02/05/2017 14:36:47]
Deleted : RP #87 [Removed VirtViewer 5.0-256 (32-bit) | 02/05/2017 14:36:57]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########


#12 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,771 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:28 PM

Posted 07 February 2017 - 09:37 PM

Safe surfing. :)

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users