Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Farbar Recovery


  • This topic is locked This topic is locked
2 replies to this topic

#1 Rockbro

Rockbro

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 06 April 2017 - 04:30 PM

I have run the scan and I believe I need some help with a fixlist.txt file.  Will someone take a look?  Thanks in advance,
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran  (06-04-2017 16:37:38)
Running from C:\Users\\Downloads
Loaded Profiles: (Available Profiles: )
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteSetup.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-1344346136-3590594737-479990825-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware2\SUPERAntiSpyware.exe
HKU\S-1-5-21-1344346136-3590594737-479990825-1000\...\Policies\Explorer: [RestrictRun] 0
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [154256 2015-05-28] (NVIDIA Corporation)
AppInit_DLLs-x32:  C:\PROGRA~2\Google\GOOGLE~4\GoogleDesktopNetwork3.dll => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2013-08-30] (Google)
AppInit_DLLs-x32:  C:\PROGRA~2\Google\GOOGLE~4\GoogleDesktopNetwork3.dll => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2013-08-30] (Google)
AppInit_DLLs-x32:  C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [154256 2015-05-28] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [    Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [    Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [    Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [    Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [    Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [    Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
BootExecute: autocheck autochk *  BootDefrag.exe
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{259867FE-172C-4133-85D7-DCB9B0357F17}: [DhcpNameServer] 192.168.1.2
Tcpip\..\Interfaces\{3D818A99-E0E9-49FE-B72D-795365BD6F67}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1344346136-3590594737-479990825-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1344346136-3590594737-479990825-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1344346136-3590594737-479990825-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKU\S-1-5-21-1344346136-3590594737-479990825-1000 -> {BC26A89D-687D-4627-BE98-61E2BFFFC65D} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1344346136-3590594737-479990825-1000 -> {EBCF73BE-4B5E-497F-9EEB-EEB78F7AF87D} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Vocalocity Plug-In -> {c020aebe-ae08-48bc-9b23-198365018e24} -> C:\Program Files\Vocalocity\Vocalocity IE Addin\adxloader64.dll [2011-03-24] ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-04-04] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-04] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\4oefep96.default [2017-04-06]
FF Extension: (GoSavE) - C:\Users\Ed \AppData\Roaming\Mozilla\Firefox\Profiles\4oefep96.default\Extensions\AyohK@Y.net [2014-10-14] [not signed]
FF Extension: (GPU Process on Windows (Beta 53)) - C:\Users\Ed \AppData\Roaming\Mozilla\Firefox\Profiles\4oefep96.default\Extensions\gpu-process-beta53@experiments.mozilla.org.xpi [2017-03-28]
FF Extension: (Lightbeam) - C:\Users\Ed \AppData\Roaming\Mozilla\Firefox\Profiles\4oefep96.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2017-03-23]
FF Extension: (TLS 1.3 A/B Test Experiment) - C:\Users\Ed \AppData\Roaming\Mozilla\Firefox\Profiles\4oefep96.default\features\{1fc7a8bc-6eca-4ca7-b72e-ba6d11e61d89}\tls13-comparison-all-v1@mozilla.org.xpi [2017-03-28]
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-22] [not signed]
FF HKU\S-1-5-21-1344346136-3590594737-479990825-1000\...\Firefox\Extensions: [firefox@vocalocity.com.org] - C:\Program Files (x86)\Vocalocity\Desktop Tools\Firefox
FF Extension: (Vocalocity) - C:\Program Files (x86)\Vocalocity\Desktop Tools\Firefox [2012-05-02] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-24] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-24] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2011-07-19] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1344346136-3590594737-479990825-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Ed \AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-09-01] (Citrix Online)
FF Plugin HKU\S-1-5-21-1344346136-3590594737-479990825-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ed \AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1344346136-3590594737-479990825-1000: @talk.google.com/O1DPlugin -> C:\Users\Ed \AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1344346136-3590594737-479990825-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1344346136-3590594737-479990825-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1344346136-3590594737-479990825-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ed \AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-01-10] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Ed \AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ed \AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.ceoexpress.com/"
CHR Profile: C:\Users\Ed \AppData\Local\Google\Chrome\User Data\Default [2017-04-06]
CHR Extension: (Google Slides) - C:\Users\Ed \AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\Ed \AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Ed \AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Ed \AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Ed \AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Clipchamp - convert, compress, record video) - C:\Users\Ed \AppData\Local\Google\Chrome\User Data\Default\Extensions\delkpojpfkkfgmknffmblbhmlamkjioi [2016-12-04]
CHR Extension: (Vocalocity) - C:\Users\Ed \AppData\Local\Google\Chrome\User Data\Default\Extensions\dnmpgcjajkhehfbgepldcjgpkibflnon [2014-10-13]
CHR Extension: (Google Earth The Instant Way) - C:\Users\Ed \AppData\Local\Google\Chrome\User Data\Default\Extensions\dpifhlbldgbpgcgpcmiakanpghoddbme [2015-04-20]
CHR Extension: (Google Sheets) - C:\Users\Ed \AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\Ed \AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (Click&Clean) - C:\Users\Ed \AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2017-03-31]
CHR Extension: (AdBlock) - C:\Users\Ed \AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-03-30]
CHR Extension: (Add Coupons and Cashback - Piggy!) - C:\Users\Ed \AppData\Local\Google\Chrome\User Data\Default\Extensions\hfapbcheiepjppjbnkphkmegjlipojba [2017-04-04]
CHR Extension: (Multiple Images to PDF) - C:\Users\Ed \AppData\Local\Google\Chrome\User Data\Default\Extensions\jmgffnfpmjbignenkflohmgagidjcomp [2015-12-12]
CHR Extension: (Video Converter) - C:\Users\Ed \AppData\Local\Google\Chrome\User Data\Default\Extensions\mcjjnhgakghmggnimjkldjmmpabhnhne [2015-04-20]
CHR Extension: (FreeConferenceCall.com Extension) - C:\Users\Ed \AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhjonocnlnodflomblbjnjdpllkeljo [2016-09-28]
CHR Extension: (Mailtrack for Gmail & Inbox: Email tracking) - C:\Users\Ed \AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkapkpjkkb [2017-04-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ed \AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Texas Holdem Poker) - C:\Users\Ed \AppData\Local\Google\Chrome\User Data\Default\Extensions\ojbaogcpfpkhbmjmefladpimcmfggkjl [2015-04-26]
CHR Extension: (Click&Clean App) - C:\Users\Ed \AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2017-03-31]
CHR Extension: (Gmail) - C:\Users\Ed \AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Ed \AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-17]
CHR Extension: (ConvertFrom.net - Online Video Converter) - C:\Users\Ed \AppData\Local\Google\Chrome\User Data\Default\Extensions\pkkgokjflcdgonbeppjecnmccbbknide [2015-04-20]
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dnmpgcjajkhehfbgepldcjgpkibflnon] - C:\Program Files (x86)\Vocalocity\Desktop Tools\Chrome\Chrome.crx [2012-05-02]
StartMenuInternet: Google Chrome - C:\Users\Ed \AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 CAMService; C:\Program Files\Intel\CAM\bin\CAMService.exe [1243344 2014-09-03] (Intel® Corporation)
S4 dlcx_device; C:\Windows\system32\dlcxcoms.exe [561152 2006-10-11] ( )
S4 dlcx_device; C:\Windows\SysWOW64\dlcxcoms.exe [532480 2006-10-11] ( ) [File not signed]
S4 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S4 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
S4 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2013-08-30] (Google)
S4 KjsUpdateService2; C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe [12800 2011-08-02] (Kinetic Jump Software, LLC) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-11-19] ()
S4 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [6144 2014-08-06] (The Neat Company) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S4 NitroDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [342544 2012-02-01] (Nitro PDF Software)
S4 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S4 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-10-04] (NVIDIA Corporation)
S4 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-11-19] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-06-16] (Glarysoft Ltd)
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
S1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2016-03-08] (Glarysoft Ltd)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
S3 htcusbnet; C:\Windows\System32\DRIVERS\htcusbnet.sys [159232 2012-01-30] (HTC Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-04-06] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11523584 2014-12-19] (Intel Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [299664 2015-05-28] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2017-01-20] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-03-23] ()
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2009-07-13] (Microsoft Corporation)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9A4A1EEE802BF2F878EE8EAB407B21B7
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\AMPPAL.sys 888B1D8C4F7B6D2106D178204724ECAD
C:\Windows\system32\drivers\appid.sys B84DDCCB03A9CEDC1E90A88EDA5306DB
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\drivers\BootDefragDriver.sys 369D7E0E01117A1A4A23C9C6A04EED06
C:\Windows\System32\DRIVERS\bowser.sys ABA3984C822E4D3F889699912D85D6C5
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\btmaux.sys 4428C299BE7B9841ECFA82044B69FA6A
C:\Windows\System32\DRIVERS\btmhsf.sys F15D822936DC4D9F3E374C73E9AA6D3F
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 3D67C27DD17B254D7915FA16A5AE3573
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys A98CED39AD91B445E2E442A9BD67E8B4
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dc3d.sys C6E1C081C0849E08FECEC18DF73B10C4
C:\Windows\System32\Drivers\dfsc.sys 9B38580063D281A99E68EF5813022A5F
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\Windows\System32\drivers\dxgkrnl.sys 3A9D7D464BDB3B70D7ECF689ADABBD4D
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\drivers\ftdibus.sys 35FD2BB5131714E657B7AB3A78642854
C:\Windows\System32\drivers\ftser2k.sys 196C9BDDBEF9B6D0973F398BEF5B2EEE
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys ==> MD5 is legit
C:\Windows\System32\drivers\GUBootStartup.sys C06C3D6C5A0805B314E3E940632C97CB
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ANDROIDUSB.sys F47CEC45FB85791D4AB237563AD0FA8F
C:\Windows\System32\DRIVERS\htcusbnet.sys A5585BA2016DF005A57606A7D20FEA1F
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\iBtFltCoex.sys 23E22B130EFE5A225E279467BE146317
C:\Windows\System32\DRIVERS\igdkmd64.sys 8C44E6B688790E2AD3846C97661C54F1
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 3AAA10BAF3F194F7CD34F4C78F8222EE
C:\Windows\System32\Drivers\ksecpkg.sys 7B7C28D4E71E4A4365F2B7528DA619F8
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys 173666119D217E3739205C169E2BF0E5
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys 78BFF5425E044086E74E78650A359FBB
C:\Windows\system32\drivers\MBAMSwissArmy.sys 78488AF2AB2111D67B3C4044707A519B
C:\Windows\system32\drivers\mwac.sys 452ACB7A9914398D9E18CCCFFCF92208
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 8ADB5445B29941CB41AF2846FD5C93C7
C:\Windows\System32\DRIVERS\MpFilter.sys 3665AB2F67F4024F5F3F80335ED5322A
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 98DB1790F0A584E0A2528B92B052417F
C:\Windows\System32\DRIVERS\mrxsmb.sys 819426D736BCBD31CC7CA27221954E04
C:\Windows\System32\DRIVERS\mrxsmb10.sys 85CB449B319AF69A3538BB1B97EEA2E5
C:\Windows\System32\DRIVERS\mrxsmb20.sys C0B2DC34587FE163997055AA38EB883A
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys E47D571FEC2C76E867935109AB2A770C
C:\Windows\System32\DRIVERS\NETwsw01.sys F0EAD8863514E25E62D008C0D752A79F
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys CE5F6E635FE4506AE6F2D6EB87425128
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 47B2D0B31BDC3EBE6090228E2BA3764D
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvhda64v.sys 624C1453F9109D98F7E2612DAD76BBB1
C:\Windows\System32\DRIVERS\nvkflt.sys 258A5A264C32E494BBAD17A715CBB54F
C:\Windows\System32\DRIVERS\nvlddmkm.sys 017E0B4AEFCB291E7CF1CD4BF120A7A8
C:\Windows\System32\DRIVERS\nvpciflt.sys BED3EDDC4B361B9023022B8ED4B04AEA
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys 6C672A80B4FBF160E2814EAE0AB3020B
C:\Windows\System32\drivers\nvvad64v.sys 47E9348591CAACC64E41C9FD88D17A5B
C:\Windows\System32\DRIVERS\nvvhci.sys 61BD2E2560FD1C5E0A8B8738816A0B93
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys EA4D67448BE493D543F1730D6CD04694
C:\Windows\System32\DRIVERS\point64.sys 4F0878FD62D5F7444C5F1C4C66D9D293
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\silabenm.sys 720088AAD691FF1D90BE8EC28727F6CA
C:\Windows\System32\DRIVERS\silabser.sys 77D4F56682AB668DD7D4BD4F1178D3C9
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys EB15C46477EB84B6B520871ED5936CCF
C:\Windows\System32\DRIVERS\srv2.sys 7F4FDC9528BCE6FB919615B6A77D5724
C:\Windows\System32\DRIVERS\srvnet.sys 3F20CD2A11872284BD667DAD6D4801CC
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\serscan.sys DECACB6921DED1A38642642685D77DAC
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78
C:\Windows\System32\DRIVERS\SynTP.sys AAD83760A0887975D8F524B4D2C86060
C:\Windows\System32\drivers\tcpip.sys B2875D7ABB82867DC3AA03D991940201
C:\Windows\System32\DRIVERS\tcpip.sys B2875D7ABB82867DC3AA03D991940201
C:\Windows\System32\drivers\tcpipreg.sys 7FE5586314EE7D6AA8483264A089E5AF
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys AA77EB517D2F07A947294F260E3ACA83
C:\Windows\System32\DRIVERS\teamviewervpn.sys F5520DBB47C60EE83024B38720ABDA24
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\terminpt.sys EF4469AB69EB15E5D3754E6AEAFBCD3D
C:\Windows\System32\DRIVERS\tihub3.sys 68FE3D89829E27D4FD5EEA7BD2C41985
C:\Windows\System32\DRIVERS\tixhci.sys 0102C9633CE1F18A6AC021F28B734DB5
C:\Windows\System32\drivers\TrueSight.sys 0D5A09B08568760AE85A801FCBC0F83D
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbccgp.sys 28B81917A195B67617AF7DCF4DFE5736
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys B626F048318DAE65A3317F0592BE592C
C:\Windows\system32\drivers\usbhub.sys 390109E8E05BA00375DCB1ED64DC60AF
C:\Windows\system32\drivers\usbohci.sys B4DF0F4C1D9D25DFE1DAD1D8670F1D4F
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usb80236.sys 54EAFFD31C377C8C1055D33E6B6B4B27
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
C:\Windows\system32\drivers\usbuhci.sys CFEAAF96E666E3DCBD8F6DFF516784AE
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\DRIVERS\usb8023x.sys 7B28E2FBE75115660FAB31079C0A9F29
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\system32\drivers\WSDScan.sys 4A2A5C50DD1A63577D3ACA94269FBC7F
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Three Months Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-06 15:50 - 2017-04-06 15:51 - 16792584 _____ (Carbonite, Inc.) C:\Users\Ed \Downloads\CarboniteSetup-personal-client.exe
2017-04-06 15:30 - 2017-04-06 15:30 - 00003010 _____ C:\Windows\System32\Tasks\{97095CC0-897F-4A69-A116-B5DCE80BB4F9}
2017-04-06 15:30 - 2017-04-06 15:30 - 00003010 _____ C:\Windows\System32\Tasks\{86418BB2-2563-4760-9B1D-0978B8BA13AB}
2017-04-06 15:30 - 2017-04-06 15:30 - 00003010 _____ C:\Windows\System32\Tasks\{616CF37E-874A-411C-B9DC-282416E8F9AB}
2017-04-06 15:29 - 2017-04-06 15:29 - 00003010 _____ C:\Windows\System32\Tasks\{A1A0FE73-C418-46AE-B6D2-987DA828C499}
2017-04-05 15:31 - 2017-04-05 15:34 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2
2017-04-05 15:25 - 2017-04-05 15:26 - 00221724 _____ C:\TDSSKiller.3.1.0.12_05.04.2017_15.25.48_log.txt
2017-04-04 16:52 - 2017-04-04 16:52 - 00324152 _____ C:\Windows\Minidump\040417-24429-01.dmp
2017-04-04 16:51 - 2017-04-06 16:12 - 00403116 _____ C:\Windows\ntbtlog.txt
2017-04-04 16:51 - 2017-04-04 16:51 - 602358123 _____ C:\Windows\MEMORY.DMP
2017-04-04 10:48 - 2017-04-04 10:28 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-04-04 10:26 - 2017-04-04 10:26 - 00738880 _____ (Oracle Corporation) C:\Users\Ed \Downloads\chromeinstall-8u121.exe
2017-04-02 16:33 - 2017-04-02 16:33 - 04089296 _____ C:\Users\Ed \Downloads\adwcleaner_6.045.exe
2017-04-02 16:12 - 2017-04-02 16:13 - 00221248 _____ C:\TDSSKiller.3.1.0.12_02.04.2017_16.12.48_log.txt
2017-03-29 16:23 - 2017-03-29 16:24 - 50934906 _____ C:\Users\Ed \Downloads\As Built Plans.compressed.pdf
2017-03-29 13:59 - 2017-04-03 15:51 - 00004056 _____ C:\wavetsp.out
2017-03-27 19:44 - 2017-03-27 19:44 - 02887787 _____ C:\Users\Ed \Downloads\LNTH_Company Presentation_FINAL_030617.pdf
2017-03-27 17:43 - 2017-03-27 17:43 - 00010578 _____ C:\Users\Ed \Downloads\WF Tally sheet.xlsx
2017-03-24 18:48 - 2017-02-22 19:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-24 18:48 - 2017-02-22 19:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-24 18:48 - 2017-02-18 10:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-24 18:48 - 2017-02-18 10:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-24 18:48 - 2016-12-31 11:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-24 18:48 - 2016-12-31 11:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-24 18:48 - 2016-12-31 11:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-24 18:48 - 2016-12-31 11:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-24 18:48 - 2016-12-31 11:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-23 17:11 - 2017-03-04 13:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-23 17:11 - 2017-03-04 12:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-23 17:11 - 2017-03-04 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-23 17:11 - 2017-03-04 04:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-23 17:11 - 2017-03-04 04:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-23 17:11 - 2017-03-04 04:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-23 17:11 - 2017-03-04 04:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-23 17:11 - 2017-03-04 04:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-23 17:11 - 2017-03-04 04:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-23 17:11 - 2017-03-04 03:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-23 17:11 - 2017-03-04 03:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-23 17:11 - 2017-03-04 03:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-23 17:11 - 2017-03-04 03:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-23 17:11 - 2017-03-04 03:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-23 17:11 - 2017-03-04 03:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-23 17:11 - 2017-03-04 03:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-23 17:11 - 2017-03-04 03:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-23 17:11 - 2017-03-04 03:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-23 17:11 - 2017-03-04 03:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-23 17:11 - 2017-03-04 03:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-23 17:11 - 2017-03-04 03:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-23 17:11 - 2017-03-04 03:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-23 17:11 - 2017-03-04 03:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-23 17:11 - 2017-03-04 03:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-23 17:11 - 2017-03-04 03:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-23 17:11 - 2017-03-04 03:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-23 17:11 - 2017-03-04 03:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-23 17:11 - 2017-03-04 02:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-23 17:11 - 2017-03-04 02:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-23 17:11 - 2017-03-04 02:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-23 17:11 - 2017-03-04 02:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-23 17:11 - 2017-03-04 02:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-23 17:11 - 2017-03-04 02:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-23 17:11 - 2017-03-04 02:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-23 17:11 - 2017-03-04 02:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-23 17:11 - 2017-03-04 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-23 17:11 - 2017-03-04 00:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-23 17:11 - 2017-03-02 14:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-03-23 17:11 - 2017-03-02 14:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-03-23 17:11 - 2017-03-02 14:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-23 17:11 - 2017-03-02 14:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-03-23 17:11 - 2017-03-02 14:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-03-23 17:11 - 2017-03-02 14:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-23 17:11 - 2017-03-02 13:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-23 17:11 - 2017-03-02 13:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-03-23 17:11 - 2017-03-02 13:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-03-23 17:11 - 2017-03-02 13:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-03-23 17:11 - 2017-03-02 13:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-03-23 17:11 - 2017-03-02 13:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-23 17:11 - 2017-03-02 13:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-03-23 17:11 - 2017-03-02 13:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-03-23 17:11 - 2017-03-02 13:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-23 17:11 - 2017-03-02 13:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-03-23 17:11 - 2017-03-02 13:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-03-23 17:11 - 2017-03-02 13:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-23 17:11 - 2017-03-02 13:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-23 17:11 - 2017-03-02 13:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-03-23 17:11 - 2017-03-02 13:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-23 17:11 - 2017-03-02 13:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-23 17:11 - 2017-03-02 13:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-23 17:11 - 2017-03-02 13:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-23 17:11 - 2017-03-02 13:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-03-23 17:11 - 2017-03-02 13:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-23 17:11 - 2017-03-02 12:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-23 17:11 - 2017-03-02 12:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-23 17:11 - 2017-03-02 12:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-23 17:11 - 2017-02-11 11:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-23 17:11 - 2017-02-11 11:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-23 17:11 - 2017-02-11 11:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-23 17:11 - 2017-02-10 12:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-23 17:11 - 2017-02-10 12:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-23 17:11 - 2017-02-10 12:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-23 17:11 - 2017-02-10 12:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-23 17:11 - 2017-02-10 10:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-23 17:11 - 2017-02-09 12:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-23 17:11 - 2017-02-09 12:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-23 17:11 - 2017-02-09 12:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-23 17:11 - 2017-02-09 12:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-23 17:11 - 2017-02-09 12:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-23 17:11 - 2017-02-09 12:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-23 17:11 - 2017-02-09 12:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-23 17:11 - 2017-02-09 12:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-23 17:11 - 2017-02-09 12:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-03-23 17:11 - 2017-02-09 12:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-23 17:11 - 2017-02-09 12:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-23 17:11 - 2017-02-09 12:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-03-23 17:11 - 2017-02-09 12:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-23 17:11 - 2017-02-09 12:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-23 17:11 - 2017-02-09 12:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-23 17:11 - 2017-02-09 12:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-23 17:11 - 2017-02-09 12:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-23 17:11 - 2017-02-09 12:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-23 17:11 - 2017-02-09 12:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-23 17:11 - 2017-02-09 12:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-23 17:11 - 2017-02-09 12:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-23 17:11 - 2017-02-09 12:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-03-23 17:11 - 2017-02-09 12:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-03-23 17:11 - 2017-02-09 12:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-03-23 17:11 - 2017-02-09 12:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 12:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-23 17:11 - 2017-02-09 12:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-23 17:11 - 2017-02-09 12:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-23 17:11 - 2017-02-09 12:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-23 17:11 - 2017-02-09 12:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-23 17:11 - 2017-02-09 11:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-03-23 17:11 - 2017-02-09 11:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-23 17:11 - 2017-02-09 11:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-23 17:11 - 2017-02-09 11:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-23 17:11 - 2017-02-09 11:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-23 17:11 - 2017-02-09 11:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-23 17:11 - 2017-02-09 11:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-23 17:11 - 2017-02-09 11:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-03-23 17:11 - 2017-02-09 11:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-23 17:11 - 2017-02-09 11:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-03-23 17:11 - 2017-02-09 11:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-03-23 17:11 - 2017-02-09 11:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-03-23 17:11 - 2017-02-09 11:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-03-23 17:11 - 2017-02-09 11:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-03-23 17:11 - 2017-02-09 11:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 11:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 11:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 11:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-23 17:11 - 2017-02-09 10:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-23 17:11 - 2017-02-09 10:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-23 17:11 - 2017-02-06 12:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-23 17:11 - 2017-01-13 14:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-23 17:11 - 2017-01-13 14:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-23 17:11 - 2017-01-13 13:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-23 17:11 - 2017-01-13 13:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-23 17:11 - 2017-01-11 14:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-23 17:11 - 2017-01-11 14:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-23 17:11 - 2017-01-11 13:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-23 17:11 - 2017-01-11 13:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-23 17:11 - 2017-01-06 14:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-23 17:11 - 2017-01-06 13:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-23 14:55 - 2017-03-23 14:55 - 00000207 _____ C:\Windows\tweaking.com-regbackup-E-14Z-Windows-7-Ultimate-(64-bit).dat
2017-03-23 14:55 - 2017-03-23 14:55 - 00000000 ____D C:\RegBackup
2017-03-23 14:26 - 2017-03-23 14:26 - 00000000 ___DL C:\Users\Guest\Documents\My Videos
2017-03-23 14:26 - 2017-03-23 14:26 - 00000000 ___DL C:\Users\Guest\Documents\My Pictures
2017-03-23 14:26 - 2017-03-23 14:26 - 00000000 ___DL C:\Users\Guest\Documents\My Music
2017-03-23 14:26 - 2017-03-23 14:26 - 00000000 ___DL C:\Users\Administrator\Documents\My Videos
2017-03-23 14:26 - 2017-03-23 14:26 - 00000000 ___DL C:\Users\Administrator\Documents\My Pictures
2017-03-23 14:25 - 2017-03-23 14:25 - 00000000 ___DL C:\Users\Administrator\Documents\My Music
2017-03-23 14:24 - 2017-03-23 14:24 - 00000000 ___DL C:\Users\Guest\My Documents
2017-03-23 14:24 - 2017-03-23 14:24 - 00000000 ___DL C:\Users\Administrator\My Documents
2017-03-23 14:23 - 2017-03-23 14:23 - 00000000 ___DL C:\Users\Default\Documents\My Videos
2017-03-23 14:23 - 2017-03-23 14:23 - 00000000 ___DL C:\Users\Default\Documents\My Pictures
2017-03-23 14:23 - 2017-03-23 14:23 - 00000000 ___DL C:\Users\Default\Documents\My Music
2017-03-23 14:23 - 2017-03-23 14:23 - 00000000 ___DL C:\Users\Default User\Documents\My Videos
2017-03-23 14:23 - 2017-03-23 14:23 - 00000000 ___DL C:\Users\Default User\Documents\My Pictures
2017-03-23 14:23 - 2017-03-23 14:23 - 00000000 ___DL C:\Users\Default User\Documents\My Music
2017-03-23 13:32 - 2017-03-23 13:33 - 32824320 _____ (Tweaking.com) C:\Users\Ed \Downloads\tweaking.com_windows_repair_aio_setup (1).exe
2017-03-23 13:30 - 2017-03-23 13:35 - 00002165 _____ C:\Users\Ed \Desktop\Tweaking.com - Windows Repair.lnk
2017-03-23 13:30 - 2017-03-23 13:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-03-23 13:30 - 2017-03-23 13:30 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-03-23 11:57 - 2017-03-23 12:37 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-03-23 11:55 - 2017-03-23 12:36 - 00000864 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-03-23 11:55 - 2017-03-23 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-03-23 11:55 - 2017-03-23 12:36 - 00000000 ____D C:\Program Files\RogueKiller
2017-03-23 11:49 - 2017-03-23 11:50 - 35109888 _____ (Adlice Software ) C:\Users\Ed \Downloads\setup (4).exe
2017-03-23 09:58 - 2017-03-23 10:04 - 00225182 _____ C:\TDSSKiller.3.1.0.12_23.03.2017_09.58.32_log.txt
2017-03-17 15:20 - 2017-04-04 16:45 - 00000000 ____D C:\Users\Ed \AppData\Local\CrashDumps
2017-03-15 13:57 - 2017-03-15 13:57 - 00050799 _____ C:\Users\Ed \Downloads\01241e2b-024f-4a62-add8-9c645a2e376f.pdf
2017-03-15 11:27 - 2017-03-15 11:27 - 00001407 _____ C:\Users\Public\Desktop\SeaTools for Windows.lnk
2017-03-15 11:27 - 2017-03-15 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2017-03-15 11:27 - 2017-03-15 11:27 - 00000000 ____D C:\Program Files (x86)\Seagate
2017-03-15 11:26 - 2017-03-15 11:26 - 26157600 _____ C:\Users\Ed \Downloads\SeaToolsforWindowsSetup.exe
2017-03-15 10:41 - 2017-03-15 10:42 - 00225180 _____ C:\TDSSKiller.3.1.0.12_15.03.2017_10.41.11_log.txt
2017-03-14 13:52 - 2017-03-14 13:52 - 00195072 _____ C:\Users\Ed \Downloads\Lesson 9.7 Special Right Triangles with sides labeled a.ppt
2017-03-10 19:27 - 2017-04-06 16:02 - 00002688 _____ C:\Users\Ed \Desktop\Rkill.txt
2017-03-10 17:20 - 2017-03-23 13:35 - 00003668 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2017-03-10 17:17 - 2017-03-10 17:17 - 32823032 _____ (Tweaking.com) C:\Users\Ed \Downloads\tweaking.com_windows_repair_aio_setup.exe
2017-03-08 17:11 - 2017-03-08 17:11 - 00631401 _____ C:\Users\Ed \Downloads\Statement_Mar 2017.pdf
2017-03-06 14:35 - 2017-03-06 14:37 - 00452056 _____ C:\TDSSKiller.3.1.0.12_06.03.2017_13.35.00_log.txt
2017-03-03 17:22 - 2017-03-03 17:22 - 01760809 _____ C:\Users\Ed \Downloads\Hillary R. Clinton Part 07.pdf
2017-03-03 13:58 - 2017-03-03 13:58 - 00000623 _____ C:\Users\Ed \Downloads\proExponentGood.vbp
2017-03-03 13:29 - 2017-03-03 13:29 - 00320710 _____ C:\Users\Ed \Downloads\NNSA Sigma Training.pdf
2017-03-02 15:57 - 2017-03-02 15:57 - 03426592 _____ C:\Users\Ed \Downloads\Mobile_Engagement.pdf
2017-03-02 11:31 - 2017-03-02 11:39 - 325916587 _____ C:\Users\Ed \Downloads\Windows6.1-KB947821-v12-x64.msu
2017-03-02 10:50 - 2017-03-02 11:04 - 564744309 _____ C:\Users\Ed \Downloads\Windows6.1-KB947821-v34-x64 (2).msu
2017-02-28 12:54 - 2017-02-28 12:54 - 00716700 _____ C:\Users\Ed \Downloads\civiq-press-kit (1).zip
2017-02-28 12:54 - 2017-02-28 12:54 - 00000000 ____D C:\Users\Ed \Downloads\__MACOSX
2017-02-28 12:54 - 2015-08-24 16:08 - 02777566 _____ C:\Users\Ed \Downloads\logo_vert_all.eps
2017-02-28 12:54 - 2015-08-24 13:50 - 02132026 _____ C:\Users\Ed \Downloads\logo_horz_all.eps
2017-02-28 12:52 - 2017-02-28 12:52 - 00716700 _____ C:\Users\Ed \Downloads\civiq-press-kit.zip
2017-02-27 10:42 - 2017-02-27 10:52 - 00228400 _____ C:\TDSSKiller.3.1.0.12_27.02.2017_09.42.40_log.txt
2017-02-22 18:53 - 2017-02-22 18:53 - 00002138 _____ C:\Users\Public\Desktop\Carbonite.lnk
2017-02-22 18:53 - 2017-02-22 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
2017-02-17 10:42 - 2016-07-22 10:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-02-17 10:42 - 2016-07-22 10:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-02-16 19:59 - 2017-02-16 19:59 - 00000000 ____D C:\Windows\TempADEA4619-B0ED-885F-4EFD-23BA500E28F9-Signatures
2017-02-16 19:20 - 2017-02-16 19:21 - 00228526 _____ C:\TDSSKiller.3.1.0.12_16.02.2017_18.20.16_log.txt
2017-02-16 19:20 - 2017-02-16 19:20 - 00000492 _____ C:\TDSSKiller.3.1.0.12_16.02.2017_18.20.08_log.txt
2017-02-16 19:11 - 2017-02-16 19:12 - 16761896 _____ C:\Users\Ed \Downloads\gu5setup.exe
2017-02-15 18:35 - 2017-02-15 18:35 - 01429869 _____ C:\Users\Ed \Downloads\48f3e272-444b-44bd-8cbc-01442d9a1905.pdf
2017-02-15 18:13 - 2017-01-20 14:39 - 00156608 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-02-15 18:13 - 2017-01-20 14:39 - 00124352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-02-15 18:13 - 2017-01-20 14:39 - 00057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-02-15 18:13 - 2017-01-20 14:39 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-02-15 15:22 - 2017-02-15 15:23 - 00228592 _____ C:\TDSSKiller.3.1.0.12_15.02.2017_14.22.12_log.txt
2017-02-14 19:16 - 2017-02-14 19:16 - 04807902 _____ C:\Users\Ed \Downloads\30-days-hiit-program-150515083925-lva1-app6891 (1).pdf
2017-02-14 12:54 - 2017-02-14 12:55 - 64292849 _____ C:\Users\Ed \Downloads\25834 (1).pdf
2017-02-10 16:05 - 2017-02-10 16:05 - 02285017 _____ C:\Users\Ed \Downloads\PWR+2016+Nov+Dec+Investor+Deck+vF.pdf
2017-02-09 09:53 - 2017-02-09 10:10 - 00006650 _____ C:\TDSSKiller.3.1.0.12_09.02.2017_08.53.42_log.txt
2017-02-07 18:51 - 2017-02-07 18:51 - 04807902 _____ C:\Users\Ed \Downloads\30-days-hiit-program-150515083925-lva1-app6891.pdf
2017-02-07 17:29 - 2017-02-07 17:30 - 00774120 _____ C:\Users\Ed \Downloads\Statement_Jan 2017.pdf
2017-02-03 16:14 - 2017-02-03 16:14 - 00824651 _____ C:\Users\Ed \Downloads\Trump Shuttle Part 01.pdf
2017-02-03 16:09 - 2017-02-03 16:10 - 26893631 _____ C:\Users\Ed \Downloads\Asian American Political Alliance Part 01 of 04.pdf
2017-02-02 13:55 - 2017-02-02 13:55 - 00861696 _____ C:\Users\Ed \Downloads\CCOA_National_Rate_Card_1.15.2016 (1).xls
2017-01-31 11:18 - 2017-01-31 11:19 - 00229724 _____ C:\TDSSKiller.3.1.0.12_31.01.2017_10.18.09_log.txt
2017-01-31 09:53 - 2017-01-31 09:53 - 64292849 _____ C:\Users\Ed \Downloads\25834.pdf
2017-01-30 18:38 - 2017-01-31 13:23 - 00000000 ___RD C:\Users\Ed \Dropbox
2017-01-30 18:22 - 2017-01-30 18:22 - 00690080 _____ (Dropbox, Inc.) C:\Users\Ed \Downloads\DropboxInstaller.exe
2017-01-27 18:38 - 2017-01-27 18:38 - 00500759 _____ C:\Users\Ed \Downloads\Survey.pdf
2017-01-27 18:10 - 2017-01-27 18:10 - 00350624 _____ C:\Users\Ed \Downloads\2017_CFPB_CAB_Application.pdf
2017-01-27 17:44 - 2017-01-27 17:44 - 00000893 _____ C:\Users\Ed \AppData\Local\recently-used.xbel
2017-01-27 12:46 - 2017-01-27 12:46 - 05550460 _____ C:\Users\Ed \Downloads\9 Things You Should Know About Malls and Mall REITs (8).pdf
2017-01-27 12:13 - 2017-01-27 12:15 - 00227658 _____ C:\TDSSKiller.3.1.0.12_27.01.2017_11.13.58_log.txt
2017-01-23 11:56 - 2017-01-23 11:56 - 00035360 _____ C:\Users\Ed \Downloads\DocumentFragment_6770228.tif
2017-01-23 11:55 - 2017-01-23 11:55 - 00077646 _____ C:\Users\Ed \Downloads\DocumentFragment_6762256 (1).tif
2017-01-23 11:54 - 2017-01-23 11:54 - 00027316 _____ C:\Users\Ed \Downloads\DocumentFragment_6263775 (3).tif
2017-01-23 11:53 - 2017-01-23 11:53 - 00029378 _____ C:\Users\Ed \Downloads\DocumentFragment_7640624.tif
2017-01-23 11:52 - 2017-01-23 11:52 - 00060724 _____ C:\Users\Ed \Downloads\DocumentFragment_7452509 (5).tif
2017-01-23 11:51 - 2017-01-23 11:51 - 00031970 _____ C:\Users\Ed \Downloads\DocumentFragment_7483012 (2).tif
2017-01-23 11:50 - 2017-01-23 11:50 - 00032390 _____ C:\Users\Ed \Downloads\DocumentFragment_7923197.tif
2017-01-23 11:49 - 2017-01-23 11:49 - 00037524 _____ C:\Users\Ed \Downloads\DocumentFragment_7710871.tif
2017-01-23 11:49 - 2017-01-23 11:49 - 00037166 _____ C:\Users\Ed \Downloads\DocumentFragment_7783501.tif
2017-01-23 11:47 - 2017-01-23 11:47 - 00128574 _____ C:\Users\Ed \Downloads\DocumentFragment_7591436 (1).tif
2017-01-23 11:45 - 2017-01-23 11:45 - 00128574 _____ C:\Users\Ed \Downloads\DocumentFragment_7591436.tif
2017-01-18 15:09 - 2017-01-18 15:09 - 07813432 _____ C:\Users\Ed \Downloads\322750029-Digi-Media-Brochure.pdf
2017-01-17 18:24 - 2017-01-17 18:25 - 00227716 _____ C:\TDSSKiller.3.1.0.12_17.01.2017_17.24.41_log.txt
2017-01-17 18:16 - 2017-01-17 18:16 - 06647847 _____ C:\Users\Ed \Downloads\MAET_11-10_FINAL (1).pdf
2017-01-17 18:15 - 2017-01-17 18:15 - 06647847 _____ C:\Users\Ed \Downloads\MAET_11-10_FINAL.pdf
2017-01-17 11:21 - 2017-01-17 11:21 - 00098199 _____ C:\Users\Ed \Downloads\DS11_Complete.pdf
2017-01-14 10:06 - 2017-01-14 10:06 - 00412947 _____ C:\Users\Ed \Downloads\eStmt_2016-05-31 (4).pdf
2017-01-10 10:55 - 2017-01-10 10:55 - 00132282 _____ C:\Users\Ed \Downloads\AAPL.M4-List-of-trades.xlsx
2017-01-07 15:35 - 2017-01-07 15:46 - 00000000 ____D C:\98e58e25360751027e
2017-01-07 15:31 - 2016-11-21 14:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2017-01-07 15:31 - 2016-11-20 12:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2017-01-07 15:31 - 2016-11-20 10:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-01-07 15:31 - 2016-11-17 12:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-01-07 15:31 - 2016-11-10 12:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-01-07 15:31 - 2016-11-10 12:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-01-07 15:31 - 2016-11-09 12:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2017-01-07 15:31 - 2016-11-09 12:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2017-01-07 15:31 - 2016-11-09 12:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-01-07 15:31 - 2016-11-09 12:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2017-01-07 15:31 - 2016-11-09 12:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2017-01-07 15:31 - 2016-11-09 12:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2017-01-07 15:31 - 2016-11-09 12:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-01-07 15:31 - 2016-11-09 12:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2017-01-07 15:31 - 2016-11-09 12:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-01-07 15:31 - 2016-11-09 12:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2017-01-07 15:31 - 2016-11-09 12:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2017-01-07 15:31 - 2016-11-09 12:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-01-07 15:31 - 2016-11-09 12:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2017-01-07 15:31 - 2016-11-09 11:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2017-01-07 15:31 - 2016-10-11 11:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2017-01-07 15:31 - 2016-10-11 11:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2017-01-07 15:31 - 2016-10-11 10:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2017-01-07 15:31 - 2016-10-11 09:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2017-01-07 15:31 - 2016-10-11 09:17 - 00419648 _____ C:\Windows\system32\locale.nls
2017-01-07 15:31 - 2016-10-08 09:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-01-07 15:31 - 2016-10-04 11:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-01-07 15:31 - 2016-10-04 11:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-01-07 15:31 - 2016-10-04 11:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-01-07 15:31 - 2016-10-04 11:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-01-07 15:31 - 2016-10-04 11:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-01-07 15:31 - 2016-10-04 11:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-01-07 15:31 - 2016-10-04 11:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-01-07 15:31 - 2016-10-04 11:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-01-07 12:15 - 2017-01-07 12:18 - 00227716 _____ C:\TDSSKiller.3.1.0.12_07.01.2017_11.15.37_log.txt
 
==================== Three Months Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-06 16:38 - 2016-11-12 17:42 - 00043157 _____ C:\Users\Ed \Downloads\FRST.txt
2017-04-06 16:37 - 2016-11-12 17:42 - 00000000 ____D C:\FRST
2017-04-06 16:18 - 2012-06-11 17:11 - 00000000 ____D C:\Users\Ed \AppData\Local\ElevatedDiagnostics
2017-04-06 16:12 - 2014-06-24 09:39 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-06 16:02 - 2009-07-14 01:13 - 00776420 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-06 16:02 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-04-06 15:48 - 2009-07-14 00:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-06 15:48 - 2009-07-14 00:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-06 15:41 - 2014-06-09 14:11 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2017-04-06 15:39 - 2012-05-02 09:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-06 15:39 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-06 15:38 - 2012-04-13 19:41 - 00000000 ____D C:\Users\Ed \Documents\Outlook Files
2017-04-06 15:38 - 2012-04-13 18:53 - 00000000 ____D C:\Users\Ed \Documents\email data
2017-04-06 15:27 - 2016-11-11 13:49 - 00000000 ____D C:\Users\Ed \AppData\LocalLow\Mozilla
2017-04-06 13:42 - 2016-11-08 15:56 - 00000295 _____ C:\Users\Ed \Documents\.mq_params
2017-04-06 13:40 - 2012-04-13 19:40 - 00000000 ____D C:\Users\Ed \Documents\My MQ Workspaces
2017-04-06 10:46 - 2016-09-26 12:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-05 15:31 - 2012-04-13 15:54 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-04-05 15:25 - 2016-11-12 18:07 - 00001890 _____ C:\Users\Ed \Desktop\JRT.txt
2017-04-05 15:23 - 2014-10-13 16:24 - 00000000 ____D C:\AdwCleaner
2017-04-05 00:21 - 2010-11-20 23:27 - 00523432 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-04-04 16:52 - 2012-07-12 03:32 - 00000000 ____D C:\Windows\Minidump
2017-04-04 10:49 - 2014-07-17 12:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-04 10:49 - 2012-04-15 20:21 - 00000000 ____D C:\Program Files (x86)\Java
2017-04-04 10:28 - 2014-07-17 12:18 - 00268864 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2017-04-03 09:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2017-04-02 16:29 - 2016-11-12 17:46 - 00056950 _____ C:\Users\Ed \Downloads\Addition.txt
2017-04-02 16:16 - 2012-04-13 13:54 - 00109688 _____ C:\Users\Ed \AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-02 11:11 - 2009-07-14 01:08 - 00032656 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-04-01 19:19 - 2009-07-14 00:45 - 00411424 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-01 19:18 - 2010-11-21 03:16 - 00000000 ____D C:\Windows\CSC
2017-04-01 19:15 - 2009-07-13 22:34 - 00000514 _____ C:\Windows\win.ini
2017-04-01 19:11 - 2012-04-13 15:54 - 00776420 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-03-29 15:40 - 2012-04-13 15:16 - 00002403 _____ C:\Users\Ed \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-29 15:40 - 2012-04-13 15:16 - 00002395 _____ C:\Users\Ed \Desktop\Google Chrome.lnk
2017-03-29 09:36 - 2015-01-22 12:44 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-29 09:36 - 2014-10-16 17:03 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-24 17:37 - 2012-04-17 14:52 - 00000000 ____D C:\Users\Ed \AppData\Local\Adobe
2017-03-24 17:35 - 2012-08-23 09:18 - 00004314 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-24 17:35 - 2012-07-26 15:38 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-24 17:35 - 2012-07-26 15:38 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-24 17:35 - 2012-07-26 15:38 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-24 17:35 - 2012-07-26 15:38 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-23 18:10 - 2016-12-04 22:05 - 00000000 ____D C:\Users\Ed \Downloads\FRST-OlderVersion
2017-03-23 18:10 - 2016-11-12 17:41 - 02424832 _____ (Farbar) C:\Users\Ed \Downloads\FRST64.exe
2017-03-23 17:56 - 2012-05-27 19:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-23 17:56 - 2012-05-27 19:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-23 17:55 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-23 17:50 - 2013-10-06 17:58 - 00000000 ____D C:\Windows\system32\MRT
2017-03-23 17:45 - 2012-04-13 16:17 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-23 17:39 - 2012-05-27 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-23 16:27 - 2012-10-13 17:51 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-23 16:12 - 2009-07-13 22:34 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_640
2017-03-23 15:27 - 2012-04-13 20:00 - 00000000 ____D C:\Users\Ed \Documents\Personal
2017-03-23 15:27 - 2012-04-13 19:41 - 00000000 ____D C:\Users\Ed \Documents\Old HP Laptop
2017-03-23 15:27 - 2012-04-13 18:59 - 00000000 ____D C:\Users\Ed \Documents\Fusion
2017-03-23 15:27 - 2012-04-13 18:53 - 00000000 ____D C:\Users\Ed \Documents\eFax Messenger 4.3
2017-03-23 15:27 - 2012-04-13 18:38 - 00000000 ____D C:\Users\Ed \Documents\Azureus Downloads
2017-03-23 15:27 - 2009-07-13 22:34 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_848
2017-03-23 14:24 - 2014-10-11 18:23 - 00000000 ____D C:\Users\Guest
2017-03-23 14:24 - 2014-10-11 18:23 - 00000000 ____D C:\Users\Administrator
2017-03-23 13:12 - 2016-12-04 21:54 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-15 10:47 - 2012-04-13 13:01 - 00000000 ____D C:\Users\Ed
2017-03-13 17:50 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-03-10 17:58 - 2013-06-19 10:38 - 00000000 ____D C:\Users\Ed \AppData\Roaming\Samsung
2017-03-10 17:58 - 2013-06-19 10:38 - 00000000 ____D C:\Users\Ed \AppData\Local\Samsung
2017-03-10 17:58 - 2013-06-19 10:19 - 00000000 ____D C:\Program Files (x86)\Samsung
2017-03-10 17:56 - 2013-06-19 10:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2017-03-10 17:56 - 2013-06-19 10:19 - 00000000 ____D C:\ProgramData\Samsung
2017-03-10 17:56 - 2012-04-13 13:02 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-03-10 17:51 - 2012-05-25 14:25 - 00000000 ____D C:\Program Files (x86)\Vuze
2017-03-10 17:51 - 2012-04-17 14:16 - 00000000 ____D C:\ProgramData\WebEx
2017-03-10 17:48 - 2014-11-13 12:52 - 00020266 _____ C:\Users\Ed \Desktop\zsnesw.cfg
2017-03-10 17:48 - 2014-11-13 12:52 - 00003806 _____ C:\Users\Ed \Desktop\zinput.cfg
2017-03-10 17:48 - 2014-11-13 12:52 - 00002480 _____ C:\Users\Ed \Desktop\zmovie.cfg
 
==================== Files in the root of some directories =======
 
2016-01-27 19:32 - 2016-01-27 19:32 - 0038465 _____ () C:\Users\Ed \AppData\Roaming\Comma Separated Values (Windows).ADR
2014-11-05 22:26 - 2014-11-05 22:26 - 0000100 _____ () C:\Users\Ed \AppData\Roaming\settings.xml
2017-01-27 17:44 - 2017-01-27 17:44 - 0000893 _____ () C:\Users\Ed \AppData\Local\recently-used.xbel
2012-09-07 15:10 - 2016-11-11 11:26 - 0007616 _____ () C:\Users\Ed \AppData\Local\resmon.resmoncfg
2014-04-18 09:57 - 2014-04-18 09:57 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-12-15 10:05 - 2017-02-15 18:15 - 0005943 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-15 10:05 - 2017-02-15 16:47 - 0011971 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
 
Some files in TEMP:
====================
2017-04-04 10:30 - 2017-04-06 10:49 - 0061440 _____ () C:\Users\Ed \AppData\Local\Temp\ClientIp.dll
2017-04-04 10:30 - 2017-04-06 10:49 - 0191488 _____ () C:\Users\Ed \AppData\Local\Temp\JavaESRTD.dll
2017-04-04 10:30 - 2017-04-06 10:49 - 0230400 _____ () C:\Users\Ed \AppData\Local\Temp\NativeWindowsUtility.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {d99ae282-7f76-11e1-aa8f-d4bed9019ffe}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {d99ae280-7f76-11e1-aa8f-d4bed9019ffe}
device                  ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{d99ae281-7f76-11e1-aa8f-d4bed9019ffe}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{d99ae281-7f76-11e1-aa8f-d4bed9019ffe}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {d99ae284-7f76-11e1-aa8f-d4bed9019ffe}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {d99ae282-7f76-11e1-aa8f-d4bed9019ffe}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {d99ae284-7f76-11e1-aa8f-d4bed9019ffe}
device                  ramdisk=[C:]\Recovery\d99ae284-7f76-11e1-aa8f-d4bed9019ffe\Winre.wim,{d99ae285-7f76-11e1-aa8f-d4bed9019ffe}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\d99ae284-7f76-11e1-aa8f-d4bed9019ffe\Winre.wim,{d99ae285-7f76-11e1-aa8f-d4bed9019ffe}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {d99ae282-7f76-11e1-aa8f-d4bed9019ffe}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {d99ae281-7f76-11e1-aa8f-d4bed9019ffe}
description             Ramdisk Options
ramdisksdidevice        partition=D:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
Device options
--------------
identifier              {d99ae285-7f76-11e1-aa8f-d4bed9019ffe}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\d99ae284-7f76-11e1-aa8f-d4bed9019ffe\boot.sdi
 
 
LastRegBack: 2017-04-03 14:18
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Ed (06-04-2017 16:38:36)
Running from C:\Users\Ed \Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2012-04-13 17:01:15)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1344346136-3590594737-479990825-500 - Administrator - Disabled)
Ed (S-1-5-21-1344346136-3590594737-479990825-1000 - Administrator - Enabled) => C:\Users\Ed
Guest (S-1-5-21-1344346136-3590594737-479990825-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1344346136-3590594737-479990825-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AppLifeSetup (x32 Version: 1.0.0 - Microsoft) Hidden
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.)
AVerMedia H339 Hybrid TV Tuner 2.2.64.64 (HKLM-x32\...\AVerMedia H339 Hybrid TV Tuner) (Version: 2.2.64.64 - AVerMedia TECHNOLOGIES, Inc.)
Browntech Image Plugin for Internet Explorer (HKLM-x32\...\{30EF82DA-D159-4A2E-A6B0-F95D10F55B4A}) (Version: 3.02.0000 - BrownTech, Inc.)
CaddieSync Express 1.5.109 (HKLM-x32\...\CaddieSync Express) (Version: 1.5.109 - SkyHawke Technologies)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.2.11 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.3.1.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.4.1.9 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.8 (HKLM-x32\...\DPP) (Version: 3.8.1.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.8.1.0 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.7.0.0 - Canon Inc.)
Canon Utilities WFT Utility (HKLM-x32\...\WFTK) (Version: 3.5.1.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.5.1.15 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)
Carbonite (HKLM-x32\...\{C7D98EFB-A351-4098-B474-1A5B362DB648}) (Version: 6.2.2 build 6819 (Jan-25-2017) - Carbonite)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Dell Photo AIO Printer 926 (HKLM\...\Dell Photo AIO Printer 926) (Version:  - Dell, Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.61 - Dell)
Dell System Detect (HKU\S-1-5-21-1344346136-3590594737-479990825-1000\...\58d94f3ce2c27db0) (Version: 7.11.0.6 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 15.3.2.1 - Synaptics Incorporated)
Download Navigator (HKLM-x32\...\{D0735505-251C-41E4-A64A-D6D0A5E8FB4D}) (Version: 3.4.2 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-2530 Series Printer Uninstall (HKLM\...\EPSON WF-2530 Series) (Version:  - SEIKO EPSON Corporation)
ffdshow v1.3.4500 [2013-01-06] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4500.0 - )
Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.)
Foxit Reader (HKLM-x32\...\{9507C52B-E482-4914-85A6-D4786ADD3512}) (Version: 5.1.4.104 - Foxit Corporation)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Glary Utilities 5.69 (HKLM-x32\...\Glary Utilities 5) (Version: 5.69.0.90 - Glarysoft Ltd)
Google Apps Migration For Microsoft Outlook® 4.0.29.9 (HKLM-x32\...\{E8248BD6-6294-4CF6-9CF9-BDAAC0CC8253}) (Version: 4.0.29.9 - Google, Inc.)
Google Apps Sync™ for Microsoft Outlook® 3.8.440.1250 (HKLM-x32\...\{091C294E-F243-432C-93E1-DEC4C2B9635B}) (Version: 3.8.440.1250 - Google, Inc.)
Google Chrome (HKU\S-1-5-21-1344346136-3590594737-479990825-1000\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Desktop (HKLM-x32\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Hudl Mercury (HKLM-x32\...\{BB93E1B1-1149-4303-9504-45993A2489CB}_is1) (Version: 1.4.20 - Agile Sports Technologies, Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel® Chipset Device Software (x32 Version: 10.0.27 - Intel® Corporation) Hidden
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1342.2) (HKLM\...\{302600C1-6BDF-4FD1-1311-148929CC1385}) (Version: 3.1.1311.0402 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{89a03d4c-5e14-4180-984e-6932893138fc}) (Version: 17.14.0 - Intel Corporation)
iTunes (HKLM\...\{CF8FFD12-602B-422D-AF1D-511B411E7632}) (Version: 10.6.1.7 - Apple Inc.)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
K-Lite Codec Pack 11.1.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.1.0 - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 53.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0 (x86 en-US)) (Version: 53.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.0.6302 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Neat (HKLM-x32\...\Neat) (Version: 5.5.2.7 - The Neat Company)
Neat ADF Scanner 2008 Driver (HKLM\...\{8A2BC7D4-A7D3-45D5-B3D2-394718C53C41}) (Version: 2.0.1.5 - The Neat Company)
Neat ADF Scanner Driver (HKLM\...\{A55F1206-BFA7-4027-92B8-CE4EFDBC3CF2}) (Version: 2.0.2.5 - The Neat Company)
Neat Core Files (x32 Version: 5.5.2.7 - The Neat Company) Hidden
Neat Mobile Scanner (Silver) Driver (HKLM\...\{D1108D4B-72F8-419F-88C5-ABB8DC09B3C7}) (Version: 2.0.1.5 - The Neat Company)
Neat Mobile Scanner 2008 Driver (HKLM\...\{DDE25FC9-892D-4D24-9325-3BAA5C15ACA9}) (Version: 2.0.1.4 - The Neat Company)
Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company)
NeatConnect Scanner Driver (HKLM\...\{6895EF47-6BD8-468E-BA09-B33636C65B7C}) (Version: 2.0.2.26 - The Neat Company)
Nitro PDF Professional (HKLM\...\{F4BCFCA0-F7C1-44F2-AA62-82CB396B9435}) (Version: 6.2.3.6 - Nitro PDF Software)
NVIDIA 3D Vision Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Provider Add (Version: 1.0.0 - Vocalocity) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
RogueKiller version 12.10.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.1.0 - Adlice Software)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Send To Neat (HKLM\...\{237E305C-B625-466A-88CE-1E121BF4FDB1}) (Version: 1.1.0.0 - The Neat Company)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Shotcut (HKLM-x32\...\Shotcut) (Version:  - )
Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)
Shutterfly Express Uploader (x32 Version: 1.2.0 - Shutterfly, Inc.) Hidden
SkyCaddie Desktop (HKLM-x32\...\SkyCaddieDesktop) (Version:  - SkyHawke Technologies)
SkyHawke CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version:  - )
Skype™ 5.9 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 5.9.114 - Skype Technologies S.A.)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13082_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13082_1 - Samsung Electronics Co., Ltd.) Hidden
TeamViewer 7 Host (HKLM-x32\...\TeamViewer 7 Host) (Version: 7.0.12313 - TeamViewer)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.27 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-1344346136-3590594737-479990825-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{7D75F678-4499-436C-B219-9E6DC24EE82D}) (Version: 2.13.0903 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{2B15112E-0FEF-42C2-8B36-B76CD995FD47}) (Version: 2.13.0901 - Samsung Electronics Co., Ltd.)
Vocalocity Desktop Tools (HKLM-x32\...\Vocalocity Desktop Tools) (Version: 1.0 - Vocalocity)
Vocalocity IE Addin (Version: 1.0.0 - Vocalocity) Hidden
VSDC Free Video Editor version 2.3.0.337 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 2.3.0.337 - Flash-Integro LLC)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WModem Driver Installer (HKLM-x32\...\HTC_WModemDriver) (Version: 2.0.6.14 - HTC)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ed \AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05E0A111-06F4-43CA-9129-0D534856F98A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {1D24186F-EF13-46B1-9201-FED33EA4C2C5} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe 
Task: {2177CBC3-BC1F-4EB7-B65F-B6963153C170} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1344346136-3590594737-479990825-1000UA => C:\Users\Ed \AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2701F74D-A92E-4C63-A4DB-736CCFE2A751} - System32\Tasks\{616CF37E-874A-411C-B9DC-282416E8F9AB} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [2017-01-25] (Carbonite, Inc.)
Task: {2A3C3815-2864-45D7-8D41-5B43AFFCEF48} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {2AD43900-9820-4639-B30F-D4A8F61A184B} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe 
Task: {53CF4CD7-ADD6-4C50-B5BD-D00944C208B7} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-20] (NVIDIA Corporation)
Task: {56EB4961-2D85-4F46-A2AE-5039A5337C21} - System32\Tasks\{97095CC0-897F-4A69-A116-B5DCE80BB4F9} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [2017-01-25] (Carbonite, Inc.)
Task: {5F58DC88-6B15-41C7-9C06-667C40EFEE95} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {6348C41B-2A9C-440D-8F12-94127D1C6144} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2017-02-10] (Glarysoft Ltd)
Task: {74C2D3AB-18F4-4E29-A4F1-6FC127EC3760} - System32\Tasks\{EF36D73A-B15E-4828-8CB3-434006B4FAD4} => pcalua.exe -a C:\Users\EDLAST~1\AppData\Local\Temp\7zO3D8C.tmp\Standard_Monitor_Driver_Unsigned_x64.exe -d C:\Users\EDLAST~1\AppData\Local\Temp\7zO3D8C.tmp\ <==== ATTENTION
Task: {76584964-0100-4044-9D30-8982691A6A6D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1344346136-3590594737-479990825-1000Core => C:\Users\Ed \AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {98694B2B-69D2-494D-AE63-9F57379D7EA6} - System32\Tasks\{86418BB2-2563-4760-9B1D-0978B8BA13AB} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [2017-01-25] (Carbonite, Inc.)
Task: {A1342903-228A-4E86-962A-55C0F143897D} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {A2451085-62E9-42DC-9533-453F2662C8F6} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {AAB8655C-0B03-4B12-ABF2-E9696FE8C21E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {B9B913D5-AEB1-4BED-9204-1730AF020022} - System32\Tasks\{A1A0FE73-C418-46AE-B6D2-987DA828C499} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [2017-01-25] (Carbonite, Inc.)
Task: {C0C2FA65-3AAA-48F9-B669-44760ED6108E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-24] (Adobe Systems Incorporated)
Task: {D92C43F6-C0C7-4453-A286-444397013C36} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {DB0B5F62-5E79-4552-8376-17C0ED5A4B78} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe 
Task: {F14E906B-0446-4817-8A28-E2AEA8811E11} - System32\Tasks\{23AD138C-4E68-47C2-BEC9-EC6F7A8A42B5} => C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe 
Task: {F46A9703-7575-4B44-8DF5-D2A6F93B4F51} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-20] (NVIDIA Corporation)
Task: {F747DC6C-D5FD-4EF1-A4A2-850A9A290AA8} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {F8C74658-826D-4D43-9A66-38D7C373ED0A} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2017-02-10] (Glarysoft Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Ed \Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-02-01 11:08 - 2012-02-01 11:08 - 00124944 _____ () C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NPShellExtension64.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
river"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\16792447.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1344346136-3590594737-479990825-1000\...\bankofamerica.com -> hxxps://bankofamerica.com
IE trusted site: HKU\S-1-5-21-1344346136-3590594737-479990825-1000\...\dell.com -> dell.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2017-04-01 19:15 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1344346136-3590594737-479990825-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ed \AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Bluetooth Device Monitor => 3
MSCONFIG\Services: Bluetooth Media Service => 2
MSCONFIG\Services: Bluetooth OBEX Service => 3
MSCONFIG\Services: CAMService => 2
MSCONFIG\Services: CarboniteService => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: dlcx_device => 2
MSCONFIG\Services: EpsonScanSvc => 3
MSCONFIG\Services: EPSON_PM_RPCV4_05 => 3
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: Fitbit Connect => 2
MSCONFIG\Services: GoogleDesktopManager-051210-111108 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: KjsUpdateService2 => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: Neat Startup Service => 3
MSCONFIG\Services: NitroDriverReadSpool => 2
MSCONFIG\Services: nlsX86cc => 2
MSCONFIG\Services: NvContainerLocalSystem => 3
MSCONFIG\Services: NvContainerNetworkService => 3
MSCONFIG\Services: NvNetworkService => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: NvTelemetryContainer => 3
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: Stereo Service => 3
MSCONFIG\Services: TeamViewer7 => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: ZeroConfigService => 2
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
MSCONFIG\startupreg: CaddieSyncConduit => C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe
MSCONFIG\startupreg: Carbonite Backup => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe /shownag /nagdelay:180
MSCONFIG\startupreg: dlcxmon.exe => "C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe"
MSCONFIG\startupreg: Fitbit Connect => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: Google Update => "C:\Users\Ed \AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: Hudl Mercury => "C:\Program Files (x86)\Hudl Mercury\HudlMercury.exe" -startup
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: MemoryCardManager => "C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{AB5FB28E-5F6E-466D-B232-326317446AB5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{7C01CC31-CA7F-4562-AAFB-A9DEE7D3DDAD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{A49AA4DF-4ADC-494D-9364-A9470A2924CE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{9308B5DE-34D2-4FF5-964E-2D47F4782B2C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{373F2420-02F8-4693-A8A6-9A368A8F0DEF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E06049D0-A9CF-49D1-A33E-C5F4598348C9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4297CF1B-F4E4-4BED-9164-EF5C7570767C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{596C07D9-2015-4FB1-9FB0-8BD95AD3457F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2E41909B-D8C8-45E7-829F-4902343D9B7C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{70953A2D-36D2-4D64-A168-A0F4C6DC7C84}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{AA3F229B-C528-437F-8234-1B09A1852944}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{F0E4FEA8-6CE0-4F2A-B838-0044B34C2564}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{B9EF269D-4C8C-404D-B1D2-F1743C48831A}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{AC97E242-150C-4278-A0B1-612A7CC3F995}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [{F4B2ACD6-9A7A-4334-9559-1CD5AD2C611B}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{0B53D971-138F-4F7A-A154-C50419496EE3}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [TCP Query User{2FF75D59-657E-4A5D-B3FA-0CAF8B466109}C:\program files (x86)\vuze\azureus.exe] => (Block) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [UDP Query User{C5AAAAA3-A231-46FC-A357-1BFEB7E6A8EB}C:\program files (x86)\vuze\azureus.exe] => (Block) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [TCP Query User{22684F8C-29BF-4F26-A2C1-9212958353D2}C:\program files (x86)\java\jre6\bin\java.exe] => (Block) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{0B23B169-BAA5-46EB-A7F5-75B8A8223F1A}C:\program files (x86)\java\jre6\bin\java.exe] => (Block) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [TCP Query User{434E42D2-A469-43A1-A21E-8F7117257CEB}C:\users\ed \appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\ed \appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{F0B9C910-9600-4B9F-B729-C490F3622528}C:\users\ed \appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\ed \appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{E65916A5-5B2E-4A7B-9A49-A61118418AFB}] => (Allow) C:\Users\Ed \AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{CEA26A50-0F25-4FE8-9CD0-51592076C669}] => (Allow) C:\Users\Ed \AppData\Roaming\Spotify\spotify.exe
FirewallRules: [TCP Query User{778454E7-D858-4061-B5F2-8F4FBB64D931}C:\users\ed \appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\ed \appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{6642B49F-4CE6-49DE-A8CC-ED71533D2837}C:\users\ed \appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\ed \appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{A9BC79FC-F032-406D-B12B-6056BC423812}] => (Allow) C:\Windows\SysWOW64\dlcxcoms.exe
FirewallRules: [{6D4C789F-C6B1-4206-9032-D7C05CEAF9C3}] => (Allow) C:\Windows\SysWOW64\dlcxcoms.exe
FirewallRules: [{E9DD68DA-6910-4FDC-9281-9C6617375FA9}] => (Allow) C:\Windows\System32\dlcxcoms.exe
FirewallRules: [{8FEF06B3-CB63-4AFA-AED6-CAD022416270}] => (Allow) C:\Windows\System32\dlcxcoms.exe
FirewallRules: [{A5635534-CAA2-465A-9EF1-F87BC396F41D}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
FirewallRules: [{4D84D9A7-A6A8-495C-BB1C-97DAA45DB612}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
FirewallRules: [{A8C0B7BD-6ED4-416E-B38D-1E4282A708C8}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxaiox.exe
FirewallRules: [{A9808146-CDE6-42E0-9404-28682FD9EBBF}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxaiox.exe
FirewallRules: [TCP Query User{14EE23F2-862E-43E0-8E38-05AAF2657F8C}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{9FDF9ED2-961E-4837-8573-F8EE25815DB5}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{58416963-B3FE-476E-BB69-8B9E8710EC7A}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{73E6718A-5ECB-4880-8923-88D3EC7DDDD4}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{71B44FF6-4F0D-4F74-AFF8-658B353691C6}C:\users\ed \appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\ed \appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{B8150077-60A3-4D72-88D5-612E0E909B89}C:\users\ed \appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\ed \appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{FC55FD32-E829-4B2D-8072-EEEBA920BD84}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{1ABFF8A1-E5FF-4CA3-BC27-15E3161FDBA2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{C7F42743-D102-41B4-B043-331C8868F550}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{48A7688B-2B1F-4445-8494-C96E431C47B3}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{843448A8-8545-478B-808B-8C0FA3997E87}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{1287A725-F8D7-4B31-8ADF-E97CB09C2A10}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{3539004E-6C16-417B-87DF-9B54768720AC}C:\users\ed \appdata\local\temp\lmie09f.tmp\logmein client.exe] => (Block) C:\users\ed \appdata\local\temp\lmie09f.tmp\logmein client.exe
FirewallRules: [UDP Query User{4A1397E3-FB7E-4057-9D98-7352889C23DE}C:\users\ed \appdata\local\temp\lmie09f.tmp\logmein client.exe] => (Block) C:\users\ed \appdata\local\temp\lmie09f.tmp\logmein client.exe
FirewallRules: [TCP Query User{43E3AD9D-53C3-4DD5-97DE-3614D6A986AE}E:\clickthis.exe] => (Allow) E:\clickthis.exe
FirewallRules: [UDP Query User{70979273-28AA-4E6C-A75C-7CE022393533}E:\clickthis.exe] => (Allow) E:\clickthis.exe
FirewallRules: [{CC12611D-FEAC-4A93-9770-CB1ED64734A4}] => (Block) C:\users\ed \appdata\local\temp\lmicc91.tmp\logmein client.exe
FirewallRules: [{18E83A76-0CFE-4366-83DD-28B5285463F1}] => (Block) C:\users\ed \appdata\local\temp\lmicc91.tmp\logmein client.exe
FirewallRules: [{2A6308ED-012A-465A-9F51-453B92C3E4D0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{82F3521A-7B37-421E-9278-F144247B7002}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{71EC7BF2-F25F-4EEF-9D6A-B7E3B251D8BB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{2B03D8DB-A6ED-48B3-9F90-17E55066260F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{1BE0EAA7-1E7E-482F-9B3E-5DA9D5D65D0A}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{DD9BF924-67A6-4F6B-9712-12932CE5A764}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{AFC467FC-C34B-4D12-B083-67BAC9E6F113}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{ED3A8176-1655-4B50-9C0E-BC6819FD0221}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [TCP Query User{A5BDDB52-F4D7-44D0-BACE-287ADE496510}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CF9EE13D-2344-4B16-8960-DA86E353D51B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{C8944F99-A1D8-4666-9924-1C17965770CB}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{DE9086DE-BC6B-4F4F-B144-F45844E244B0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A3E407AE-F183-4573-9147-0223DE2B1F87}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{00271562-6E69-4EC4-AEAA-8AEDE9BEEEF7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B1FF0489-B29B-466C-8DF3-E232419D8216}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{3785CA4D-582A-4686-9ED8-B924B17636AD}C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe
FirewallRules: [UDP Query User{A98CC190-E38B-449B-A474-1798A1E91717}C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe
FirewallRules: [{652F182A-A2B4-47C5-9C16-8F4F6347E7DB}] => (Allow) C:\Users\Ed \AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{2E73A34C-2874-4F03-905F-EF20F3195D4D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{3EEAE99D-CB72-4035-A873-DA2EE902E0AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{58561A54-8B76-4BA9-AEB1-CBC8F449EFF2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{0BD35CED-9368-4B1F-94C4-CA38C43EB52A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F09695BE-F727-4214-89B5-76860ABD0315}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{F2F4593B-8D0C-4105-AC25-954C9FEB0ABC}C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe
FirewallRules: [UDP Query User{2CFE19B7-15CA-4ED2-9345-A63A3FBC3968}C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe
FirewallRules: [{4A04B13F-FC27-49E9-8E6D-CC216DACC299}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{D838E785-D199-43C9-A58F-920CCF6BFDCA}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [TCP Query User{71630C31-6465-4A8C-9953-2CDCE9B6E58F}C:\program files (x86)\java\jre1.8.0_121\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\jp2launcher.exe
FirewallRules: [UDP Query User{0EF2A61F-91E1-43A9-85FD-5CCD7DA83F78}C:\program files (x86)\java\jre1.8.0_121\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\jp2launcher.exe
 
==================== Restore Points =========================
 
06-04-2017 15:51:41 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Consumer IR Devices
Description: Consumer IR Devices
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: circlass
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: PCI Device
Description: PCI Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/06/2017 03:29:40 PM) (Source: ESENT) (EventID: 481) (User: )
Description: Windows (960) Windows: An attempt to read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 40566784 (0x00000000026b0000) for 32768 (0x00008000) bytes failed after 84 seconds with system error 1117 (0x0000045d): "The request could not be performed because of an I/O device error. ".  The read operation will fail with error -1022 (0xfffffc02).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (04/06/2017 03:17:47 PM) (Source: ESENT) (EventID: 481) (User: )
Description: Windows (960) Windows: An attempt to read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 40566784 (0x00000000026b0000) for 32768 (0x00008000) bytes failed after 23 seconds with system error 1117 (0x0000045d): "The request could not be performed because of an I/O device error. ".  The read operation will fail with error -1022 (0xfffffc02).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (04/06/2017 03:06:46 PM) (Source: ESENT) (EventID: 481) (User: )
Description: Windows (960) Windows: An attempt to read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 40566784 (0x00000000026b0000) for 32768 (0x00008000) bytes failed after 22 seconds with system error 1117 (0x0000045d): "The request could not be performed because of an I/O device error. ".  The read operation will fail with error -1022 (0xfffffc02).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (04/06/2017 02:56:03 PM) (Source: ESENT) (EventID: 481) (User: )
Description: Windows (960) Windows: An attempt to read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 40566784 (0x00000000026b0000) for 32768 (0x00008000) bytes failed after 19 seconds with system error 1117 (0x0000045d): "The request could not be performed because of an I/O device error. ".  The read operation will fail with error -1022 (0xfffffc02).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (04/06/2017 01:39:56 PM) (Source: ESENT) (EventID: 481) (User: )
Description: Windows (960) Windows: An attempt to read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 40566784 (0x00000000026b0000) for 32768 (0x00008000) bytes failed after 21 seconds with system error 1117 (0x0000045d): "The request could not be performed because of an I/O device error. ".  The read operation will fail with error -1022 (0xfffffc02).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (04/06/2017 01:29:21 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1344346136-3590594737-479990825-1000.db for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.
 
Program: Host Process for Windows Services
File: C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1344346136-3590594737-479990825-1000.db
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000185
Disk type: 3
 
Error: (04/06/2017 01:29:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db
Exception code: 0xc0000006
Fault offset: 0x000000000001d49d
Faulting process id: 0x3f0
Faulting application start time: 0x01d2aed3d3268941
Faulting application path: C:\Windows\System32\svchost.exe
Faulting module path: c:\windows\system32\sysmain.dll
Report Id: 91bbc09d-1aee-11e7-b21a-88532e539336
 
Error: (04/06/2017 01:29:00 PM) (Source: ESENT) (EventID: 481) (User: )
Description: Windows (960) Windows: An attempt to read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 40566784 (0x00000000026b0000) for 32768 (0x00008000) bytes failed after 23 seconds with system error 1117 (0x0000045d): "The request could not be performed because of an I/O device error. ".  The read operation will fail with error -1022 (0xfffffc02).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (04/06/2017 01:18:05 PM) (Source: ESENT) (EventID: 481) (User: )
Description: Windows (960) Windows: An attempt to read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 40566784 (0x00000000026b0000) for 32768 (0x00008000) bytes failed after 19 seconds with system error 1117 (0x0000045d): "The request could not be performed because of an I/O device error. ".  The read operation will fail with error -1022 (0xfffffc02).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (04/06/2017 01:07:29 PM) (Source: ESENT) (EventID: 481) (User: )
Description: Windows (960) Windows: An attempt to read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 40566784 (0x00000000026b0000) for 32768 (0x00008000) bytes failed after 21 seconds with system error 1117 (0x0000045d): "The request could not be performed because of an I/O device error. ".  The read operation will fail with error -1022 (0xfffffc02).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
 
System errors:
=============
Error: (04/06/2017 04:15:40 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service lltdsvc with arguments "" in order to run the server:
{5BF9AA75-D7FF-4AEE-AA2C-96810586456D}
 
Error: (04/06/2017 03:58:44 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (04/06/2017 03:58:44 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (04/06/2017 03:58:42 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (04/06/2017 03:58:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
Error Code: 21
 
Error: (04/06/2017 03:58:36 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (04/06/2017 03:58:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
discache
GUBootStartup
MpFilter
spldr
Wanarpv6
 
Error: (04/06/2017 03:58:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (04/06/2017 03:58:13 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.
 
Feature: On Access
 
Error Code: 0x8007043c
 
Error description: This service cannot be started in Safe Mode 
 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Error: (04/06/2017 03:57:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
  Date: 2016-03-31 10:31:10.688
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-31 10:31:10.623
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-13 12:47:35.494
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-13 12:47:35.447
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-18 11:06:14.529
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-18 11:06:14.399
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 13%
Total physical RAM: 8139.86 MB
Available physical RAM: 7026.98 MB
Total Virtual: 16277.9 MB
Available Virtual: 15304.39 MB
 
==================== Drives ================================
 
Drive c: (OSDisk) (Fixed) (Total:684.96 GB) (Free:359.74 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:13.67 GB) (Free:6.96 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 64ABCAD5)
Partition 1: (Active) - (Size=685 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


Edited by hamluis, 06 April 2017 - 04:35 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:57 PM

Posted 07 April 2017 - 10:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicyScripts: Restriction <======= ATTENTION
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1344346136-3590594737-479990825-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Extension: (GoSavE) - C:\Users\Ed \AppData\Roaming\Mozilla\Firefox\Profiles\4oefep96.default\Extensions\AyohK@Y.net [2014-10-14] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ed \AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Chrome Media Router) - C:\Users\Ed \AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-17]
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys 
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ed \AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1344346136-3590594737-479990825-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ed \AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {2AD43900-9820-4639-B30F-D4A8F61A184B} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {74C2D3AB-18F4-4E29-A4F1-6FC127EC3760} - System32\Tasks\{EF36D73A-B15E-4828-8CB3-434006B4FAD4} => pcalua.exe -a C:\Users\EDLAST~1\AppData\Local\Temp\7zO3D8C.tmp\Standard_Monitor_Driver_Unsigned_x64.exe -d C:\Users\EDLAST~1\AppData\Local\Temp\7zO3D8C.tmp\ <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixldog.txt and let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:57 PM

Posted 13 April 2017 - 07:35 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users