Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not confident that system is clean.


  • This topic is locked This topic is locked
2 replies to this topic

#1 jsn32

jsn32

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 26 July 2017 - 03:47 AM

HI, I have fixed a ton of registry permission issues and DCOM issues as well as things that have prevented Windows Update from working correctly over many months.   I'm concerned about some of the things like alternative data streams, the files in root folders, and services like iBtSiva with the file location.  I would greatly appreciate any guidance!  I've been through alot with dism and sfc lately to get things working right.  I'm not confident that a keylogger, rootkit, or infection of some sort doesn't exist.  Registry searches are suddenly taking forever and I've had to rebuild the windows search index.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-07-2017
Ran by jason (administrator) on S540 (26-07-2017 03:21:34)
Running from D:\Downloads
Loaded Profiles: jason (Available Profiles: jason.temp & jason)
Platform: Windows 8.1 Enterprise (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkManager.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\avfaudiosw.exe
() C:\Program Files (x86)\VMware\Plug-in Service\vmware-cip-msg-proxy.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\IPCWebComponents\IPCPlgSvr.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes' Managed Client\SCComm.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe
(Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sdcservice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUI.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(%CFullName%) C:\Program Files\Lenovo\Fingerprint Manager Pro\opvapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Mad Catz Inc) C:\Program Files\Mad Catz\M.O.U.S.9\MOUS9_Profiler.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\jason\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SunplusIT, Inc.) C:\Program Files (x86)\Integrated Camera\Monitor.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Secure By Design Inc.) C:\Program Files (x86)\Ninite Updater\NiniteUpdater.exe
(ShareX Team) C:\Program Files\ShareX\ShareX.exe
(AgileBits) C:\Program Files (x86)\1Password 4\Agile1pAgent.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\tpknrres.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\OpenVPN\bin\openvpn-gui.exe
(The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpn.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [347216 2017-02-23] (Lenovo Group Limited)
HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [939976 2015-02-20] (Lenovo)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [LMCSSTART1] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [35856 2016-04-12] (Lenovo Corporation)
HKLM\...\Run: [LMCSSTART2] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [35856 2016-04-12] (Lenovo Corporation)
HKLM\...\Run: [LMCSSTART3] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [35856 2016-04-12] (Lenovo Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-27] (Intel Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-10-19] (NVIDIA Corporation)
HKLM\...\Run: [M.O.U.S.9] => C:\Program Files\Mad Catz\M.O.U.S.9\MOUS9_Profiler.exe [56320 2016-04-08] (Mad Catz Inc)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
HKLM-x32\...\Run: [Integrated Camera_Monitor] => C:\Program Files (x86)\Integrated Camera\monitor.exe [1723040 2014-09-01] (SunplusIT, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Ninite Updater] => C:\Program Files (x86)\Ninite Updater\NiniteUpdater.exe [305664 2015-05-25] (Secure By Design Inc.)
HKLM-x32\...\Run: [Agile1pAgent] => C:\Program Files (x86)\1Password 4\Agile1pAgent.exe [4956304 2017-07-07] (AgileBits)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3486520 2017-07-12] (Dropbox, Inc.)
HKLM-x32\...\Run: [CDSBupd.exe] => C:\Program Files (x86)\ConceptDraw Office\ConceptDraw Solution Browser\CDSBupd.exe [5116296 2016-05-12] (CS Odessa Corp.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1480688 2016-07-21] (Sophos Limited)
HKLM-x32\...\Run: [IMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe [1178400 2015-07-06] (Intel Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2645960 2017-05-15] (Malwarebytes Corporation)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112104 2017-06-19] (VMware, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-19\...\RunOnce: [tril_scp] => c:\econfig\tril_scp.bat [54 2016-02-29] ()
HKU\S-1-5-20\...\RunOnce: [tril_scp] => c:\econfig\tril_scp.bat [54 2016-02-29] ()
HKU\S-1-5-21-800081787-2276684998-592242169-1608\...\Run: [CDSBupd.exe] => C:\Program Files (x86)\ConceptDraw Office\ConceptDraw Solution Browser\CDSBupd.exe [5116296 2016-05-12] (CS Odessa Corp.)
HKU\S-1-5-21-800081787-2276684998-592242169-1608\...\Run: [Zoom] => [X]
HKU\S-1-5-21-800081787-2276684998-592242169-1608\...\Run: [OPENVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [632448 2017-05-11] ()
HKU\S-1-5-21-800081787-2276684998-592242169-1608\...\Run: [Spotify Web Helper] => C:\Users\jason\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1579120 2017-07-24] (Spotify Ltd)
HKU\S-1-5-21-800081787-2276684998-592242169-1608\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-800081787-2276684998-592242169-1608\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-800081787-2276684998-592242169-1608\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-800081787-2276684998-592242169-1608\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-800081787-2276684998-592242169-1608\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-800081787-2276684998-592242169-1608\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-800081787-2276684998-592242169-1608\...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-800081787-2276684998-592242169-1608\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-800081787-2276684998-592242169-1608\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-800081787-2276684998-592242169-1608\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-800081787-2276684998-592242169-1608\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-800081787-2276684998-592242169-1608\...\Policies\Explorer: [NoSharedDocuments] 1
HKU\S-1-5-21-800081787-2276684998-592242169-1608\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-18\...\RunOnce: [tril_scp] => c:\econfig\tril_scp.bat [54 2016-02-29] ()
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [289712 2016-09-22] (Sophos Limited)
IFEO\notepad.exe: [Debugger] C:\Program Files (x86)\Notepad Replacer\NotepadReplacer.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Color Calibrator Tray.lnk [2016-05-15]
ShortcutTarget: Color Calibrator Tray.lnk -> C:\Program Files (x86)\X-Rite\PANTONE Color Calibrator\ColorCalibratorTray.exe ()
Startup: C:\Users\jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-04-14]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2017-07-07]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
GroupPolicyScripts\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1    vmware-plugin
Tcpip\Parameters: [DhcpNameServer] 10.4.1.1
Tcpip\..\Interfaces\{94AE7FCB-00F1-4769-B63F-61A32BC9BB31}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B66E7198-D076-4A48-BA5A-D28E99B373A9}: [DhcpNameServer] 10.4.1.1

Internet Explorer:
==================
HKU\S-1-5-21-800081787-2276684998-592242169-1608\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-800081787-2276684998-592242169-1608\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-800081787-2276684998-592242169-1608\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://pcsupport.lenovo.com/us/en/products/Laptops-and-netbooks/ThinkPad-W-Series-laptops/ThinkPad-W540/downloads
BHO: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> C:\Program Files (x86)\1Password 4\x64\Agile1pIE4.dll [2017-07-07] (AgileBits)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-07-06] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-14] (Microsoft Corporation)
BHO-x32: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> C:\Program Files (x86)\1Password 4\x86\Agile1pIE4.dll [2017-07-07] (AgileBits)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-06-12] (Microsoft Corporation)
BHO-x32: PDF-XChange V6 IE Plugin -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} -> C:\Program Files\Tracker Software\PDF-XChange 6\PXCIEAddin6.dll [2016-11-28] (Tracker Software Products (Canada) Ltd.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [2017-07-24] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-03-20] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-24] (Oracle Corporation)
Toolbar: HKLM-x32 - PDF-XChange V6 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 6\PXCIEAddin6.dll [2016-11-28] (Tracker Software Products (Canada) Ltd.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: ft4cl5i1.Personal
FF ProfilePath: C:\Users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\l1oa7wfk.default [2017-07-25]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\l1oa7wfk.default -> Google
FF Session Restore: Mozilla\Firefox\Profiles\l1oa7wfk.default -> is enabled.
FF NetworkProxy: Mozilla\Firefox\Profiles\l1oa7wfk.default -> type", 0
FF Extension: (Add Bookmark Here ²) - C:\Users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\l1oa7wfk.default\Extensions\abhere2@moztw.org.xpi [2017-03-13]
FF Extension: (Terms of Service; Didn’t Read) - C:\Users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\l1oa7wfk.default\Extensions\jid0-3GUEt1r69sQNSrca5p8kx9Ezc3U@jetpack.xpi [2016-04-27]
FF Extension: (Movable Firefox Button) - C:\Users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\l1oa7wfk.default\Extensions\movableAppButton@Merci.chao.xpi [2015-06-09]
FF Extension: (uBlock Origin) - C:\Users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\l1oa7wfk.default\Extensions\uBlock0@raymondhill.net.xpi [2017-07-20]
FF Extension: (Tab Mix Plus) - C:\Users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\l1oa7wfk.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2017-05-15]
FF Extension: (Download Manager Tweak) - C:\Users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\l1oa7wfk.default\Extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi [2017-04-27]
FF ProfilePath: C:\Users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\ft4cl5i1.Personal [2017-07-26]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\ft4cl5i1.Personal -> Google
FF Session Restore: Mozilla\Firefox\Profiles\ft4cl5i1.Personal -> is enabled.
FF NetworkProxy: Mozilla\Firefox\Profiles\ft4cl5i1.Personal -> type", 0
FF Extension: (Add Bookmark Here ²) - C:\Users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\ft4cl5i1.Personal\Extensions\abhere2@moztw.org.xpi [2017-03-13]
FF Extension: (Terms of Service; Didn’t Read) - C:\Users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\ft4cl5i1.Personal\Extensions\jid0-3GUEt1r69sQNSrca5p8kx9Ezc3U@jetpack.xpi [2016-04-27]
FF Extension: (Reddit Enhancement Suite) - C:\Users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\ft4cl5i1.Personal\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2017-07-24]
FF Extension: (1Password) - C:\Users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\ft4cl5i1.Personal\Extensions\onepassword4@agilebits.com.xpi [2017-06-29]
FF Extension: (uBlock Origin) - C:\Users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\ft4cl5i1.Personal\Extensions\uBlock0@raymondhill.net.xpi [2017-07-20]
FF Extension: (Download Status Bar) - C:\Users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\ft4cl5i1.Personal\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2016-09-27]
FF Extension: (Tab Mix Plus) - C:\Users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\ft4cl5i1.Personal\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2017-05-15]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-06-12] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2016-11-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll [2016-07-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-06-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-06-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2016-11-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @vmware.com/vmrc,version=2.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll [No File]
FF Plugin-x32: @vmware.com/vmrc,version=5.1.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Firefox\np-vmware-vmrc.dll [No File]
FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll [2015-08-28] (VMware, Inc.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2016-11-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-800081787-2276684998-592242169-1608: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2016-11-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-800081787-2276684998-592242169-1608: LWA64Plugin15.8 -> C:\Users\jason\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-800081787-2276684998-592242169-1608: LWAPlugin15.8 -> C:\Users\jason\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\jason\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-03-11] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\jason\AppData\Roaming\mozilla\plugins\npLWA64Plugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\jason\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\jason\AppData\Local\Google\Chrome\User Data\Default [2017-07-25]
CHR Extension: (No Name) - C:\Users\jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (No Name) - C:\Users\jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (No Name) - C:\Users\jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (No Name) - C:\Users\jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Tampermonkey) - C:\Users\jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-07-12]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2014-10-12]
CHR Extension: (No Name) - C:\Users\jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (Terms of Service; Didn’t Read) - C:\Users\jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjdoplcnndgiblooccencgcggcoihigg [2014-10-09]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-07-12]
CHR Extension: (Morpheon Dark) - C:\Users\jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2016-03-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-12]
CHR Extension: (No Name) - C:\Users\jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-12]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [566288 2016-04-12] (Lenovo Corporation)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 CipMsgProxyService; C:\Program Files (x86)\VMware\Plug-in Service\vmware-cip-msg-proxy.exe [1897960 2017-01-17] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4412104 2017-07-18] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-07] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-07] (Dropbox, Inc.)
S4 DbxSvc; C:\Windows\system32\DbxSvc.exe [49992 2017-07-12] (Dropbox, Inc.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkManager.exe [11871976 2016-08-23] (DisplayLink Corp.)
S3 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [816816 2016-03-01] (FileZilla Project)
R2 FosCloudSvr; C:\Program Files (x86)\IPCWebComponents\IPCPlgSvr.exe [90128 2016-07-15] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-27] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-11-16] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-24] (Intel Corporation)
R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [395744 2015-01-14] (Intel)
R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2023592 2015-09-25] (Lenovo Group Limited)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [631312 2016-04-12] (Lenovo Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [120400 2017-04-03] (Lenovo Group Limited)
S3 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [480712 2015-03-23] (Lenovo)
R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [469720 2015-05-12] ()
R2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [711248 2017-04-01] (Lenovo.)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155080 2017-05-15] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [452576 2016-02-09] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [901088 2016-02-09] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-02-13] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2014-04-28] (Hewlett-Packard) [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2017-02-17] (NVIDIA Corporation)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [4165568 2017-01-24] (NVIDIA Corporation)
R2 O2FLASH; C:\Windows\System32\drivers\o2flash.exe [82096 2015-05-21] (BayHubTech/O2Micro International)
R2 O2FLASH; C:\Windows\SysWOW64\drivers\o2flash.exe [82096 2015-05-21] (BayHubTech/O2Micro International)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [15872 2016-11-25] ( ) [File not signed]
R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [72832 2017-05-11] (The OpenVPN Project)
S3 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [72832 2017-05-11] (The OpenVPN Project)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2014-04-28] (Hewlett-Packard) [File not signed]
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [315800 2016-09-22] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [289448 2016-09-22] (Sophos Limited)
R2 SCCommService; C:\Program Files (x86)\Malwarebytes' Managed Client\SCComm.exe [135680 2016-03-29] (Malwarebytes) [File not signed]
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
S3 SMmonitor; C:\Program Files (x86)\IBM_DS\client\monitor\SMmonitor.exe [69632 2014-11-18] () [File not signed]
S3 SolarWinds TFTP Server; C:\Program Files (x86)\SolarWinds\TFTP Server\SolarWinds TFTP Server.exe [60928 2013-11-25] (SolarWinds) [File not signed]
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [780944 2016-07-21] (Sophos Limited)
R3 Sophos Device Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sdcservice.exe [691496 2016-09-22] (Sophos Limited)
R2 Sophos MCS Agent; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe [331016 2015-09-11] (Sophos Limited)
R2 Sophos MCS Client; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe [910088 2015-09-11] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [360040 2016-09-22] (Sophos Limited)
R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [475384 2016-09-22] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3615280 2016-09-22] (Sophos Limited)
S3 ThunderboltService; C:\Program Files\Intel\Thunderbolt Software\tbtsvc.exe [1179944 2014-03-06] (Intel Corporation)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [49968 2015-01-29] (Synaptics Incorporated)
S4 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12482024 2017-06-19] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 xrdd.exe; C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [83312 2014-06-23] (X-Rite Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3743648 2017-02-13] (Intel® Corporation)
S2 Browser; %SystemRoot%\System32\browser.dll [X]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [141624 2014-10-28] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1448248 2014-11-26] (Motorola Solutions, Inc.)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d62x64.sys [533496 2017-02-01] (Intel Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77408 2017-05-15] ()
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [229632 2016-11-28] (Intel Corporation)
S3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [77992 2013-10-04] (Intel Corporation)
S3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 kmloop; C:\Windows\system32\DRIVERS\loop.sys [15360 2013-08-22] (Microsoft Corporation)
R3 LnvHIDHW; C:\Windows\System32\drivers\LnvHIDHW.sys [29496 2014-04-07] (Lenovo)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-02-09] (Malwarebytes Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3526400 2017-03-09] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3504408 2014-12-16] (Intel Corporation)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [71888 2017-06-06] (Insecure.Com LLC.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [316464 2017-03-31] (NVIDIA Corporation)
S3 O2FJ2RDR; C:\Windows\System32\drivers\O2FJ2x64.sys [199864 2015-05-21] (BayHubTech/O2Micro )
R1 OMNISMI; C:\Windows\SysWOW64\drivers\omnismi.sys [14776 2014-01-26] ()
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2017-05-28] ()
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
R3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [25120 2013-04-16] (Saitek)
R3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [51576 2016-04-08] (Saitek)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [201168 2016-09-22] (Sophos Limited)
R3 sdcfilter; C:\Windows\system32\DRIVERS\sdcfilter.sys [38144 2016-09-22] (Sophos Limited)
S3 ser2at; C:\Windows\system32\DRIVERS\ser2at64.sys [167936 2013-10-22] (ATEN)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [41576 2016-06-17] (Synaptics Incorporated)
S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [27904 2016-09-22] (Sophos Limited)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv64.sys [725264 2016-12-19] (Sunplus Innovation Technology Inc.)
R1 swi_callout; C:\Windows\system32\DRIVERS\swi_callout.sys [47760 2016-09-22] (Sophos Limited)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [212056 2015-01-14] (Windows ® Win 7 DDK provider)
S3 vl810filter; C:\Windows\system32\DRIVERS\vl810filter.sys [17008 2011-11-17] (VIA Labs, Inc.)
R0 vsock; C:\Windows\system32\DRIVERS\vsock.sys [91712 2016-09-02] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [38376 2017-05-05] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 _hid_0738_1715; C:\Windows\system32\DRIVERS\_hid_0738_1715.sys [182272 2016-04-08] (Saitek)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-26 01:24 - 2017-07-26 01:24 - 00000207 _____ C:\Windows\tweaking.com-regbackup-S540-Windows-8.1-Enterprise-(64-bit).dat
2017-07-26 01:24 - 2017-07-26 01:24 - 00000000 ____D C:\RegBackup
2017-07-26 00:58 - 2017-07-26 00:58 - 00000000 ____D C:\Users\jason\Documents\Security
2017-07-26 00:47 - 2017-07-26 00:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-07-26 00:47 - 2017-07-26 00:47 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-07-26 00:46 - 2017-07-26 00:47 - 00194217 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2017-07-25 22:53 - 2017-07-25 22:56 - 00524288 _____ C:\Windows\system32\wusa.etl
2017-07-25 22:53 - 2017-07-25 22:56 - 00196608 _____ C:\Windows\system32\wusa.etl.dpx
2017-07-25 22:09 - 2017-07-25 22:09 - 00000792 _____ C:\Users\jason\Desktop\JRT.txt
2017-07-25 21:37 - 2017-07-26 03:21 - 00000000 ____D C:\FRST
2017-07-25 21:31 - 2017-07-25 21:36 - 00284194 _____ C:\TDSSKiller.3.1.0.15_25.07.2017_21.31.07_log.txt
2017-07-25 20:31 - 2017-07-25 20:31 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-07-25 20:30 - 2017-07-25 21:23 - 00000000 ____D C:\ProgramData\RogueKiller
2017-07-25 18:39 - 2017-07-25 18:39 - 00000000 ____D C:\Users\jason\AppData\Roaming\Devolutions inc
2017-07-25 18:15 - 2017-07-25 18:15 - 00000000 ____D C:\Windows\SysWOW64\Npcap
2017-07-25 18:15 - 2017-07-25 18:15 - 00000000 ____D C:\Windows\system32\Npcap
2017-07-25 18:15 - 2017-07-25 18:15 - 00000000 ____D C:\Program Files\Npcap
2017-07-25 17:26 - 2017-07-25 20:08 - 00000000 ____D C:\Users\jason\.zenmap
2017-07-25 14:08 - 2017-07-25 14:08 - 00000000 _____ C:\Users\jason\Desktop\import.txt
2017-07-25 05:25 - 2016-09-22 15:19 - 00047760 _____ (Sophos Limited) C:\Windows\system32\Drivers\swi_callout.sys
2017-07-24 17:54 - 2017-07-24 17:54 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-07-24 12:58 - 2017-07-26 03:09 - 00000540 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-800081787-2276684998-592242169-1608.job
2017-07-24 12:58 - 2017-07-26 02:18 - 00000636 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-800081787-2276684998-592242169-1608.job
2017-07-24 12:58 - 2017-07-24 12:58 - 00003624 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-800081787-2276684998-592242169-1608
2017-07-24 12:58 - 2017-07-24 12:58 - 00003528 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-800081787-2276684998-592242169-1608
2017-07-24 12:58 - 2017-07-24 12:58 - 00001329 _____ C:\Users\jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoToMeeting.lnk
2017-07-24 12:58 - 2017-07-24 12:58 - 00001321 _____ C:\Users\jason\Desktop\GoToMeeting.lnk
2017-07-24 10:03 - 2017-07-24 10:03 - 00001770 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-07-24 10:03 - 2017-07-24 10:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-07-24 10:03 - 2017-07-24 10:03 - 00000000 ____D C:\Program Files\iTunes
2017-07-24 10:03 - 2017-07-24 10:03 - 00000000 ____D C:\Program Files\iPod
2017-07-14 22:08 - 2017-07-14 22:11 - 00001896 _____ C:\Users\jason\Desktop\VMware PowerCLI - Jason.lnk
2017-07-14 21:43 - 2017-07-14 21:43 - 00000000 ____D C:\Users\jason\AppData\Roaming\NuGet
2017-07-14 21:43 - 2017-07-14 21:43 - 00000000 ____D C:\Program Files\PackageManagement
2017-07-14 20:21 - 2017-07-14 20:21 - 00000000 ____D C:\Users\jason\.dcli
2017-07-14 19:27 - 2017-07-14 19:27 - 00000000 ____D C:\Users\jason\AppData\Roaming\ActiveState
2017-07-14 19:10 - 2017-07-14 19:10 - 00000000 ___SD C:\Windows\SysWOW64\Configuration
2017-07-14 19:02 - 2016-12-08 23:07 - 02592256 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-07-14 19:02 - 2016-12-08 23:07 - 00280576 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-07-14 19:02 - 2016-12-08 23:07 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\mpeval.dll
2017-07-14 19:02 - 2016-12-08 23:07 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\miutils.dll
2017-07-14 19:02 - 2016-12-08 23:07 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\wmitomi.dll
2017-07-14 19:02 - 2016-12-08 23:07 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2017-07-14 19:02 - 2016-12-08 23:07 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\mimofcodec.dll
2017-07-14 19:02 - 2016-12-08 23:07 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\Wsmselpl.dll
2017-07-14 19:02 - 2016-12-08 23:07 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\mi.dll
2017-07-14 19:02 - 2016-12-08 23:07 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\prvdmofcomp.dll
2017-07-14 19:02 - 2016-12-08 23:07 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2017-07-14 19:02 - 2016-12-08 23:07 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2017-07-14 19:02 - 2016-12-08 23:07 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2017-07-14 19:02 - 2016-12-08 23:07 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\WsmAgent.dll
2017-07-14 19:02 - 2016-12-08 23:07 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2017-07-14 19:02 - 2016-12-08 23:07 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winrssrv.dll
2017-07-14 19:02 - 2016-12-08 23:07 - 00002560 _____ (Microsoft Corporation) C:\Windows\system32\Wsmselrr.dll
2017-07-14 19:02 - 2016-12-08 23:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\winrsmgr.dll
2017-07-14 19:02 - 2016-12-08 23:06 - 00489472 _____ (Microsoft Corporation) C:\Windows\system32\mpunits.dll
2017-07-14 19:02 - 2016-12-08 23:06 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\wbemcomn.dll
2017-07-14 19:02 - 2016-12-08 23:06 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll
2017-07-14 19:02 - 2016-12-08 23:06 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll
2017-07-14 19:02 - 2016-12-08 23:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\wmidcom.dll
2017-07-14 19:02 - 2016-12-08 23:06 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\winrscmd.dll
2017-07-14 19:02 - 2016-12-08 23:06 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\mibincodec.dll
2017-07-14 19:02 - 2016-12-08 23:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2017-07-14 19:02 - 2016-12-08 23:06 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\ncobjapi.dll
2017-07-14 19:02 - 2016-12-08 23:06 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\PSModuleDiscoveryProvider.dll
2017-07-14 19:02 - 2016-12-08 23:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\winrs.exe
2017-07-14 19:02 - 2016-12-08 23:06 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\winrshost.exe
2017-07-14 19:02 - 2016-12-08 23:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Register-CimProvider.exe
2017-07-14 19:02 - 2016-12-08 21:51 - 02175488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-07-14 19:02 - 2016-12-08 21:51 - 00234496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2017-07-14 19:02 - 2016-12-08 21:51 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\miutils.dll
2017-07-14 19:02 - 2016-12-08 21:51 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmitomi.dll
2017-07-14 19:02 - 2016-12-08 21:51 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2017-07-14 19:02 - 2016-12-08 21:51 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mimofcodec.dll
2017-07-14 19:02 - 2016-12-08 21:51 - 00095744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mi.dll
2017-07-14 19:02 - 2016-12-08 21:51 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prvdmofcomp.dll
2017-07-14 19:02 - 2016-12-08 21:51 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2017-07-14 19:02 - 2016-12-08 21:51 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2017-07-14 19:02 - 2016-12-08 21:51 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PSModuleDiscoveryProvider.dll
2017-07-14 19:02 - 2016-12-08 21:51 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2017-07-14 19:02 - 2016-12-08 21:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2017-07-14 19:02 - 2016-12-08 21:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAgent.dll
2017-07-14 19:02 - 2016-12-08 21:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2017-07-14 19:02 - 2016-12-08 21:51 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrssrv.dll
2017-07-14 19:02 - 2016-12-08 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrsmgr.dll
2017-07-14 19:02 - 2016-12-08 21:50 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemcomn.dll
2017-07-14 19:02 - 2016-12-08 21:50 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll
2017-07-14 19:02 - 2016-12-08 21:50 - 00198144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll
2017-07-14 19:02 - 2016-12-08 21:50 - 00129024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmidcom.dll
2017-07-14 19:02 - 2016-12-08 21:50 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrscmd.dll
2017-07-14 19:02 - 2016-12-08 21:50 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mibincodec.dll
2017-07-14 19:02 - 2016-12-08 21:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncobjapi.dll
2017-07-14 19:02 - 2016-12-08 21:50 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrs.exe
2017-07-14 19:02 - 2016-12-08 21:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrshost.exe
2017-07-14 19:02 - 2016-12-08 21:50 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Register-CimProvider.exe
2017-07-14 19:02 - 2016-12-08 21:39 - 00471552 _____ (Microsoft Corporation) C:\Windows\system32\DscCore.dll
2017-07-14 19:02 - 2016-12-08 21:38 - 00203776 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\DscCoreConfProv.dll
2017-07-14 19:02 - 2016-12-08 21:37 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\wecutil.exe
2017-07-14 19:02 - 2016-12-08 21:37 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\wevtfwd.dll
2017-07-14 19:02 - 2016-12-08 21:36 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\wecapi.dll
2017-07-14 19:02 - 2016-12-08 21:35 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\dscproxy.dll
2017-07-14 19:02 - 2016-12-08 21:34 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\pwrshplugin.dll
2017-07-14 19:02 - 2016-12-08 21:34 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\dscTimer.dll
2017-07-14 19:02 - 2016-12-08 21:33 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\wecsvc.dll
2017-07-14 19:02 - 2016-12-08 20:39 - 00141824 _____ (Windows ® Win 7 DDK provider) C:\Windows\SysWOW64\DscCoreConfProv.dll
2017-07-14 19:02 - 2016-12-08 20:37 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtfwd.dll
2017-07-14 19:02 - 2016-12-08 20:37 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wecutil.exe
2017-07-14 19:02 - 2016-12-08 20:37 - 00057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wecapi.dll
2017-07-14 19:02 - 2016-12-08 20:35 - 00071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pwrshplugin.dll
2017-07-14 19:02 - 2016-10-26 19:47 - 00000199 _____ C:\Windows\system32\winrm.cmd
2017-07-14 19:02 - 2016-10-03 01:22 - 00000199 _____ C:\Windows\SysWOW64\winrm.cmd
2017-07-14 18:58 - 2015-07-17 09:15 - 00951296 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2017-07-14 18:58 - 2015-07-17 09:10 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2017-07-14 18:58 - 2015-03-13 19:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2017-07-13 14:19 - 2017-07-13 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-07-12 20:55 - 2017-07-12 20:55 - 00000000 ____D C:\Windows\SysWOW64\NV
2017-07-12 20:55 - 2017-07-12 20:55 - 00000000 ____D C:\Windows\system32\NV
2017-07-12 14:58 - 2017-07-12 14:58 - 00049992 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-07-12 14:58 - 2017-07-12 14:58 - 00045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-07-12 14:58 - 2017-07-12 14:58 - 00045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-07-12 14:58 - 2017-07-12 14:58 - 00045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-07-11 13:13 - 2017-04-01 02:44 - 00711248 _____ (Lenovo.) C:\Windows\system32\LPlatSvc.exe
2017-07-11 13:13 - 2017-04-01 02:44 - 00187984 _____ (Lenovo.) C:\Windows\system32\ibmpmsvc.exe
2017-07-11 13:13 - 2017-04-01 02:44 - 00088144 _____ (Lenovo.) C:\Windows\system32\ibmpmctl.exe
2017-07-11 13:13 - 2017-04-01 02:44 - 00082816 _____ (Lenovo.) C:\Windows\system32\Drivers\ibmpmdrv.sys
2017-07-11 13:13 - 2017-04-01 02:44 - 00058448 _____ (Lenovo.) C:\Windows\system32\tpinspm.dll
2017-07-11 13:12 - 2017-07-11 13:16 - 00003254 _____ C:\Windows\System32\Tasks\Color Calibrator Tray Start up
2017-07-11 13:11 - 2016-08-23 04:07 - 00457488 _____ (DisplayLink Corp.) C:\Windows\system32\Drivers\dlkmd.sys
2017-07-11 13:11 - 2016-08-23 04:07 - 00027920 _____ (DisplayLink Corp.) C:\Windows\system32\Drivers\dlkmdldr.sys
2017-07-11 13:09 - 2016-08-23 04:07 - 01750544 _____ (DisplayLink Corp.) C:\Windows\system32\dlumd9.dll
2017-07-11 13:09 - 2016-08-23 04:07 - 01750544 _____ (DisplayLink Corp.) C:\Windows\system32\dlumd64.dll
2017-07-11 13:09 - 2016-08-23 04:07 - 01750544 _____ (DisplayLink Corp.) C:\Windows\system32\dlumd11.dll
2017-07-11 13:09 - 2016-08-23 04:07 - 01750544 _____ (DisplayLink Corp.) C:\Windows\system32\dlumd10.dll
2017-07-11 13:09 - 2016-08-23 04:07 - 01365000 _____ (DisplayLink Corp.) C:\Windows\SysWOW64\dlumd9.dll
2017-07-11 13:09 - 2016-08-23 04:07 - 01365000 _____ (DisplayLink Corp.) C:\Windows\SysWOW64\dlumd32.dll
2017-07-11 13:09 - 2016-08-23 04:07 - 01365000 _____ (DisplayLink Corp.) C:\Windows\SysWOW64\dlumd11.dll
2017-07-11 13:09 - 2016-08-23 04:07 - 01365000 _____ (DisplayLink Corp.) C:\Windows\SysWOW64\dlumd10.dll
2017-07-11 13:04 - 2017-07-11 13:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM
2017-07-11 13:04 - 2017-07-11 13:04 - 00000000 ____D C:\Program Files (x86)\IBM
2017-07-11 12:33 - 2017-07-06 03:52 - 00119296 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2017-07-11 12:33 - 2017-06-29 01:27 - 25734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-11 12:33 - 2017-06-29 01:02 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-11 12:33 - 2017-06-29 00:50 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-11 12:33 - 2017-06-29 00:44 - 05975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-11 12:33 - 2017-06-29 00:23 - 20270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-11 12:33 - 2017-06-29 00:23 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-11 12:33 - 2017-06-29 00:17 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-07-11 12:33 - 2017-06-29 00:13 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-11 12:33 - 2017-06-29 00:09 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-11 12:33 - 2017-06-28 23:58 - 15253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-11 12:33 - 2017-06-28 23:53 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-11 12:33 - 2017-06-28 23:52 - 04549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-11 12:33 - 2017-06-28 23:51 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-07-11 12:33 - 2017-06-28 23:47 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-11 12:33 - 2017-06-28 23:43 - 13663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-11 12:33 - 2017-06-28 23:41 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-11 12:33 - 2017-06-28 23:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-11 12:33 - 2017-06-28 23:28 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-11 12:33 - 2017-06-28 23:24 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-11 12:33 - 2017-06-28 23:23 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-11 12:33 - 2017-06-27 09:29 - 07796736 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-07-11 12:33 - 2017-06-27 09:29 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-07-11 12:33 - 2017-06-27 09:26 - 05274112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-07-11 12:33 - 2017-06-27 09:26 - 05268992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-07-11 12:33 - 2017-06-22 09:22 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-11 12:33 - 2017-06-17 11:45 - 03631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-11 12:33 - 2017-06-17 11:34 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-11 12:33 - 2017-06-17 11:11 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-11 12:33 - 2017-06-17 11:05 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-11 12:33 - 2017-06-15 17:02 - 00990040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-11 12:33 - 2017-06-15 08:45 - 07440728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-07-11 12:33 - 2017-06-15 08:45 - 01674520 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-07-11 12:33 - 2017-06-15 08:45 - 01534064 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-07-11 12:33 - 2017-06-15 08:45 - 01499920 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-07-11 12:33 - 2017-06-15 08:45 - 01370320 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2017-07-11 12:33 - 2017-06-15 08:45 - 00086360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2017-07-11 12:33 - 2017-06-11 19:06 - 00376672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2017-07-11 12:33 - 2017-06-11 17:21 - 00590848 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-11 12:33 - 2017-06-11 16:43 - 00371200 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-11 12:33 - 2017-06-11 16:25 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-11 12:33 - 2017-06-11 16:15 - 01436672 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-11 12:33 - 2017-06-11 16:08 - 00358912 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-11 12:33 - 2017-06-11 16:07 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-11 12:33 - 2017-06-11 16:00 - 00962560 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-11 12:33 - 2017-06-11 15:58 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-11 12:33 - 2017-06-11 15:40 - 01323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-11 12:33 - 2017-06-11 15:35 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-11 12:33 - 2017-06-11 15:31 - 00781312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-11 12:33 - 2017-06-11 10:15 - 02013528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-11 12:33 - 2017-06-06 15:52 - 03120640 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-11 12:33 - 2017-06-06 15:42 - 00925696 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe
2017-07-11 12:33 - 2017-06-06 15:38 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\cnvfat.dll
2017-07-11 12:33 - 2017-06-06 15:36 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\uudf.dll
2017-07-11 12:33 - 2017-06-06 15:36 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\convert.exe
2017-07-11 12:33 - 2017-06-06 15:35 - 00517120 _____ (Microsoft Corporation) C:\Windows\system32\uReFS.dll
2017-07-11 12:33 - 2017-06-06 14:13 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\ulib.dll
2017-07-11 12:33 - 2017-06-06 14:11 - 00557568 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2017-07-11 12:33 - 2017-06-06 14:11 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\ifsutil.dll
2017-07-11 12:33 - 2017-06-06 14:11 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\ufat.dll
2017-07-11 12:33 - 2017-06-06 14:11 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\uexfat.dll
2017-07-11 12:33 - 2017-06-06 14:08 - 02712576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-11 12:33 - 2017-06-06 14:03 - 00837632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoconv.exe
2017-07-11 12:33 - 2017-06-06 13:59 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cnvfat.dll
2017-07-11 12:33 - 2017-06-06 13:57 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uudf.dll
2017-07-11 12:33 - 2017-06-06 13:56 - 00375296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uReFS.dll
2017-07-11 12:33 - 2017-06-06 13:03 - 00143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ulib.dll
2017-07-11 12:33 - 2017-06-06 13:02 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2017-07-11 12:33 - 2017-06-06 13:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ifsutil.dll
2017-07-11 12:33 - 2017-06-06 13:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ufat.dll
2017-07-11 12:33 - 2017-06-06 13:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uexfat.dll
2017-07-11 12:33 - 2017-06-03 11:27 - 02346496 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-07-11 12:33 - 2017-06-03 11:03 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-07-11 12:33 - 2017-05-31 16:20 - 00470360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-11 12:33 - 2017-05-15 17:09 - 00057688 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2017-07-11 12:33 - 2017-05-15 15:03 - 00379744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-07-11 12:33 - 2017-05-09 09:37 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2017-07-11 12:33 - 2017-05-09 09:35 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2017-07-11 12:33 - 2017-05-09 09:29 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsdchngr.dll
2017-07-11 12:33 - 2017-05-09 09:29 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\snmptrap.exe
2017-07-11 12:33 - 2017-05-09 09:28 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\DAFWSD.dll
2017-07-11 12:33 - 2017-05-09 09:28 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll
2017-07-11 12:33 - 2017-05-09 09:12 - 00448576 _____ C:\Windows\system32\ApnDatabase.xml
2017-07-11 12:33 - 2017-05-06 12:44 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\SusNativeCommon.dll
2017-07-11 12:33 - 2017-05-06 11:59 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SusNativeCommon.dll
2017-07-11 12:33 - 2017-05-06 11:45 - 01114624 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2017-07-11 12:33 - 2017-05-06 11:41 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\rdsdwmdr.dll
2017-07-11 12:33 - 2017-05-02 15:09 - 00686592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-07-11 12:33 - 2017-05-02 15:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-07-11 12:33 - 2017-05-02 13:41 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2017-07-11 12:33 - 2017-05-02 13:31 - 00329216 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2017-07-11 12:33 - 2017-05-02 13:31 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\smbwmiv2.dll
2017-07-11 12:33 - 2017-05-02 12:35 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2017-07-11 12:33 - 2017-04-30 11:48 - 00080078 _____ C:\Windows\system32\normidna.nls
2017-07-11 12:33 - 2017-04-27 20:13 - 01292288 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2017-07-11 12:33 - 2017-04-27 20:11 - 01060352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2017-07-11 11:27 - 2017-06-19 20:04 - 01149416 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2017-07-11 11:27 - 2017-06-19 20:03 - 00400872 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2017-07-11 11:27 - 2017-06-19 20:03 - 00366568 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2017-07-11 11:27 - 2017-06-19 19:58 - 00088504 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2017-07-11 11:27 - 2017-06-19 19:46 - 00066520 _____ (VMware, Inc.) C:\Windows\system32\vnetinst.dll
2017-07-11 11:27 - 2017-06-19 19:46 - 00046032 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnet.sys
2017-07-11 11:27 - 2017-06-19 19:46 - 00043992 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2017-07-11 10:22 - 2017-07-11 10:22 - 00003027 _____ C:\Users\jason\Desktop\M.O.U.S.9.lnk
2017-07-11 10:22 - 2017-07-11 10:22 - 00000000 ____D C:\Program Files\Mad Catz
2017-07-07 14:19 - 2017-07-10 17:45 - 00000000 ____D C:\Users\jason\AppData\Roaming\Vcenter Installer
2017-07-06 11:19 - 2017-07-06 11:19 - 00000000 ____D C:\Users\jason\AppData\Roaming\Google
2017-06-29 16:30 - 2017-06-29 16:30 - 00000000 ____D C:\Program Files (x86)\SunplusIT Integrated Camera
2017-06-28 11:36 - 2017-06-28 11:36 - 00000000 ____D C:\Users\jason\.networkassistant
2017-06-28 11:35 - 2017-06-28 11:35 - 00002560 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Cisco Network Assistant.lnk
2017-06-28 11:35 - 2017-06-28 11:35 - 00002554 _____ C:\Users\Public\Desktop\Cisco Network Assistant.lnk
2017-06-28 11:35 - 2017-06-28 11:35 - 00001958 _____ C:\Windows\vpd.properties
2017-06-28 11:35 - 2017-06-28 11:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Network Assistant
2017-06-28 11:35 - 2017-06-28 11:35 - 00000000 ____D C:\Program Files (x86)\Cisco Systems
2017-06-28 11:35 - 2017-04-20 01:43 - 00167936 _____ (Sun Microsystems©) C:\Windows\SysWOW64\JavaAccessBridge.DLL
2017-06-28 11:35 - 2017-04-20 01:43 - 00090112 _____ (Sun Microsystems©) C:\Windows\SysWOW64\WindowsAccessBridge.DLL
2017-06-28 11:35 - 2017-04-20 01:43 - 00032768 _____ (Sun Microsystems©) C:\Windows\SysWOW64\JAWTAccessBridge.DLL
2017-06-27 22:02 - 2017-06-02 07:15 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-06-27 22:02 - 2017-06-02 07:12 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-06-27 22:02 - 2017-06-02 07:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-06-27 22:02 - 2017-06-02 07:06 - 01001984 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-06-27 22:02 - 2017-06-02 07:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-06-27 22:02 - 2017-06-02 06:03 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-06-27 22:02 - 2017-06-02 05:25 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-06-27 22:02 - 2017-06-02 05:24 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-06-27 22:02 - 2017-06-02 05:17 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-06-27 22:02 - 2017-06-02 04:43 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-06-27 22:02 - 2017-05-15 14:58 - 00121184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2017-06-27 22:02 - 2017-05-14 15:42 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-06-27 22:02 - 2017-05-14 15:19 - 01364040 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-06-27 22:02 - 2017-05-14 14:04 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-06-27 22:02 - 2017-05-14 14:03 - 00373080 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-06-27 22:02 - 2017-05-14 13:13 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-06-27 22:02 - 2017-05-14 13:06 - 01737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-06-27 22:02 - 2017-05-14 13:06 - 01502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-06-27 22:02 - 2017-05-12 12:05 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-06-27 22:02 - 2017-05-12 11:16 - 01084928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-06-27 22:02 - 2017-05-12 11:13 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-06-27 22:02 - 2017-05-12 10:51 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-06-27 22:02 - 2017-05-12 10:50 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-06-27 22:02 - 2017-05-12 10:48 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-06-27 22:02 - 2017-05-12 10:47 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-06-27 22:02 - 2017-05-11 23:10 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-06-27 22:02 - 2017-05-11 21:58 - 01985536 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-06-27 22:02 - 2017-05-11 21:48 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-06-27 22:02 - 2017-05-11 21:18 - 03714560 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-06-27 22:02 - 2017-05-11 21:11 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-06-27 22:02 - 2017-05-11 21:10 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-06-27 22:02 - 2017-05-11 21:07 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2017-06-27 22:02 - 2017-05-11 21:06 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-06-27 22:02 - 2017-05-11 21:04 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-06-27 22:02 - 2017-05-11 21:00 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-06-27 22:02 - 2017-05-11 18:36 - 22361848 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-06-27 22:02 - 2017-05-11 18:32 - 19788672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-06-27 22:02 - 2017-05-10 13:19 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-06-27 22:02 - 2017-05-06 11:05 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-06-27 22:02 - 2017-05-06 11:04 - 00865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-06-27 11:35 - 2017-06-27 11:35 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ser2pl64_01009.Wdf
2017-06-27 11:08 - 2017-07-05 11:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-27 11:02 - 2017-07-21 16:31 - 00031232 _____ C:\Users\jason\Desktop\specs-install-map.xls

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-26 03:09 - 2014-02-23 22:17 - 00000104 _____ C:\Windows\system32\config\netlogon.ftl
2017-07-26 02:36 - 2016-02-07 06:03 - 00000912 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-07-26 02:31 - 2016-11-18 14:37 - 00000000 ____D C:\Users\jason\AppData\LocalLow\Mozilla
2017-07-26 02:26 - 2014-02-23 23:32 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-800081787-2276684998-592242169-1608
2017-07-26 02:25 - 2014-02-21 16:48 - 00807456 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-26 02:21 - 2016-02-07 06:03 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-07-26 02:21 - 2015-07-17 10:08 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2017-07-26 02:21 - 2014-09-15 22:14 - 00000000 __SHD C:\Users\jason\IntelGraphicsProfiles
2017-07-26 02:21 - 2014-02-23 23:27 - 00000000 ____D C:\Users\jason
2017-07-26 02:20 - 2017-05-17 18:34 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-26 02:20 - 2014-02-23 21:24 - 00000000 ____D C:\ProgramData\Validity
2017-07-26 02:20 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-26 02:20 - 2013-08-22 09:44 - 00539432 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-26 01:59 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2017-07-26 01:35 - 2014-03-03 21:39 - 01094340 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-07-26 01:34 - 2013-08-22 08:25 - 00000261 _____ C:\Windows\win.ini
2017-07-25 23:59 - 2014-03-03 20:39 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
2017-07-25 22:44 - 2014-03-05 15:09 - 00000000 ____D C:\Program Files\Microsoft Office
2017-07-25 22:03 - 2016-11-08 22:33 - 00000000 ____D C:\AdwCleaner
2017-07-25 22:01 - 2014-04-01 16:25 - 00000000 ____D C:\Users\jason\AppData\Roaming\VMware
2017-07-25 21:28 - 2016-11-08 22:30 - 00002230 _____ C:\Users\jason\Desktop\Rkill.txt
2017-07-25 18:42 - 2016-03-02 11:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Desktop Manager
2017-07-25 18:15 - 2015-07-15 15:37 - 00000000 ____D C:\Program Files (x86)\Nmap
2017-07-25 18:15 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
2017-07-25 17:23 - 2014-04-02 15:36 - 00000000 ____D C:\Users\jason\Documents\ShareX
2017-07-25 08:00 - 2014-07-17 23:46 - 00000392 _____ C:\Windows\Tasks\X-Rite Device Services Software Updater.job
2017-07-24 23:28 - 2014-09-05 01:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-07-24 23:28 - 2014-09-05 01:00 - 00000000 ____D C:\Program Files (x86)\Java
2017-07-24 23:28 - 2014-03-20 14:53 - 00001205 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2017-07-24 23:28 - 2014-03-20 14:53 - 00000000 ____D C:\Program Files\paint.net
2017-07-24 23:27 - 2014-09-05 01:00 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-07-24 17:56 - 2014-04-01 01:48 - 00000000 ____D C:\Users\jason\AppData\Roaming\Spotify
2017-07-24 17:55 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-24 17:54 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-07-21 16:31 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-07-20 12:10 - 2015-11-06 12:05 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-17 15:56 - 2014-05-05 00:42 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2017-07-17 15:55 - 2014-08-28 09:39 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-07-16 14:01 - 2014-03-12 22:58 - 00000000 ____D C:\ProgramData\Sonos,_Inc
2017-07-16 10:08 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2017-07-15 03:05 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache
2017-07-14 21:21 - 2014-03-03 16:59 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-14 19:44 - 2014-04-01 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2017-07-14 19:44 - 2014-04-01 16:04 - 00000000 ____D C:\Program Files (x86)\VMware
2017-07-14 19:10 - 2013-08-22 10:36 - 00000000 ___SD C:\Windows\system32\dsc
2017-07-14 19:10 - 2013-08-22 10:36 - 00000000 ___SD C:\Windows\system32\Configuration
2017-07-13 17:30 - 2014-03-02 23:58 - 00002300 ____H C:\Users\jason\Documents\Default.rdp
2017-07-13 14:19 - 2016-02-07 06:02 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-07-13 12:09 - 2016-04-29 12:52 - 00000000 ____D C:\Lenovo_Support
2017-07-12 20:54 - 2017-05-17 18:28 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-07-12 12:37 - 2016-02-07 05:59 - 00000000 ____D C:\Program Files (x86)\1Password 4
2017-07-11 13:09 - 2014-03-30 15:07 - 00000000 ____D C:\Program Files\DisplayLink Core Software
2017-07-11 12:36 - 2014-02-21 17:13 - 00000000 ____D C:\Windows\system32\MRT
2017-07-11 12:34 - 2014-02-21 17:13 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-11 12:15 - 2015-07-17 10:08 - 00000000 ____D C:\ProgramData\sccomm
2017-07-11 11:45 - 2016-05-15 19:56 - 00004288 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-07-11 11:45 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-11 11:45 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-11 11:42 - 2015-11-11 15:26 - 00000880 _____ C:\Windows\system32\Drivers\etc\hosts.bak
2017-07-11 11:27 - 2014-04-01 16:04 - 00000000 ____D C:\ProgramData\VMware
2017-07-11 10:39 - 2015-11-11 15:26 - 00001024 _____ C:\.rnd
2017-07-11 10:22 - 2014-03-10 09:24 - 00000000 ____D C:\Users\Public\Documents\Mad Catz
2017-07-09 21:19 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-07 10:39 - 2014-04-02 15:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX
2017-07-07 10:39 - 2014-04-02 15:36 - 00000000 ____D C:\Program Files\ShareX
2017-07-05 11:00 - 2014-03-11 13:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-29 19:27 - 2017-04-13 14:00 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-06-29 19:27 - 2017-04-13 14:00 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-28 14:17 - 2015-12-16 16:48 - 00002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-28 14:17 - 2014-03-10 09:33 - 00002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-27 22:32 - 2014-02-23 21:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-27 22:32 - 2014-02-23 21:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-27 22:28 - 2013-08-22 10:36 - 00000000 ___RD C:\Windows\ToastData
2017-06-27 22:07 - 2014-02-23 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

==================== Files in the root of some directories =======

2015-02-20 14:40 - 2015-02-20 14:40 - 0000851 _____ () C:\Program Files\Common Files\TrackerSoftwareInstallerPDFT4.log
2015-02-20 14:39 - 2015-02-20 14:39 - 0000914 _____ () C:\Program Files\Common Files\TrackerSoftwareInstallerPDFX5SA.log
2016-12-07 16:24 - 2016-12-07 16:24 - 0000000 _____ () C:\Users\jason\AppData\Roaming\312bd467-4b77-4a24-b8cb-8a4bcc229628.storage
2016-12-07 16:24 - 2016-12-07 16:24 - 0000000 _____ () C:\Users\jason\AppData\Roaming\45b61831-cd8f-4f65-bea1-f182da847bb8.storage
2016-12-07 16:24 - 2016-12-07 16:24 - 0000000 _____ () C:\Users\jason\AppData\Roaming\625b9f53-b04d-404b-bf15-4765c318cab8.storage
2014-11-20 02:52 - 2014-11-20 02:53 - 0000093 _____ () C:\Users\jason\AppData\Roaming\ARCompanion.log
2015-05-12 10:13 - 2017-05-17 12:13 - 0000446 _____ () C:\Users\jason\AppData\Roaming\CSharpAnalytics-MeasurementSession
2014-05-04 00:28 - 2014-05-04 00:28 - 201670246 _____ () C:\Users\jason\AppData\Roaming\SecureCRT.dmp
2014-10-24 22:42 - 2014-10-24 22:42 - 0000038 ___SH () C:\Users\jason\AppData\Local\69ff07055291669bb2b218.72821112
2014-06-22 22:13 - 2014-06-30 18:02 - 0000346 ___SH () C:\Users\jason\AppData\Local\70149b02515b3bb20dd492.47983420
2014-11-12 12:22 - 2014-11-12 12:25 - 0000600 _____ () C:\Users\jason\AppData\Local\PUTTY.RND
2014-03-17 23:54 - 2017-07-25 20:27 - 0007606 _____ () C:\Users\jason\AppData\Local\Resmon.ResmonCfg
2017-07-25 18:40 - 2017-07-25 18:40 - 0000000 _____ () C:\Users\jason\AppData\Local\zenmap.exe.log
2016-04-19 22:30 - 2016-04-20 10:29 - 0000209 _____ () C:\ProgramData\AV IP Utility Log.txt
2014-02-23 21:26 - 2014-02-23 21:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-04-19 22:30 - 2016-04-20 01:54 - 0007168 _____ () C:\ProgramData\myactivities.db
2015-04-28 19:56 - 2012-09-14 14:12 - 0678912 _____ (SQLite Development Team) C:\ProgramData\SQLite3.dll

Files to move or delete:
====================
C:\ProgramData\SQLite3.dll
C:\Users\jason\.csp_ovftool_settings.js
C:\Users\jason\en_res.dll
C:\Users\jason\es_res.dll
C:\Users\jason\fr_res.dll
C:\Users\jason\grm_res.dll
C:\Users\jason\it_res.dll
C:\Users\jason\jp_res.dll
C:\Users\jason\mfc80u.dll
C:\Users\jason\msvcr80.dll
C:\Users\jason\PCPE Setup.exe
C:\Users\jason\pt_res.dll
C:\Users\jason\ResourceReader.dll
C:\Users\jason\ru_res.dll
C:\Users\jason\zh_res.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-18 03:39

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2017
Ran by jason (26-07-2017 03:22:09)
Running from D:\Downloads
Windows 8.1 Enterprise (Update) (X64) (2014-02-21 05:27:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

madmin (S-1-5-21-2969249250-1705473877-1367263992-500 - Administrator - Disabled)
mguest (S-1-5-21-2969249250-1705473877-1367263992-501 - Limited - Disabled)
SophosSAUS5400 (S-1-5-21-2969249250-1705473877-1367263992-1028 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1Password 4.6.2.624 (HKLM-x32\...\1Password4_is1) (Version: 4.0 - AgileBits)
64 Bit HP CIO Components Installer (HKLM\...\{284F4C1C-380D-4F10-88C8-1F9E386EFE98}) (Version: 17.2.1 - Hewlett-Packard) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
ActivePerl 5.14.4 Build 1405 (HKLM-x32\...\{86C2A745-08F4-4616-BD57-F622D8BA8504}) (Version: 5.14.1405 - ActiveState) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Amazon.com Kindle Fire (HKLM\...\Kindle Fire Drivers) (Version:  - )
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 376.74 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
AV IP Utility (HKLM-x32\...\{8FBCD129-C2DC-4339-B754-CCCA5FBBA25F}) (Version: 2.0.2 - Arecont Vision)
AV200  (HKLM-x32\...\{78DDDE09-FF66-46C7-83AA-267DE66E4CDE}) (Version: 6.3.64 - Arecont Vision)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-9460CDN (HKLM-x32\...\{979742CC-2CBB-49D8-9BEE-C2F7875F5393}) (Version: 1.1.5.0 - Brother Industries, Ltd.)
Capacity Magic for IBM (HKLM-x32\...\{FBFF1D3F-ED65-4053-B3AA-D4F9F039141E}) (Version: 2017.4.0 - IntelliMagic B.V.) Hidden
Capacity Magic for IBM (HKLM-x32\...\Capacity Magic for IBM) (Version: 2017.4.0 - IntelliMagic B.V.)
Cisco Network Assistant (HKLM-x32\...\{397FF711-8BD9-4388-ADFC-2A878B83F018}) (Version: 6.3(1) - Cisco Systems, Inc)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
ConceptDraw Office v3 (HKLM-x32\...\ConceptDraw Office) (Version: 3.4.0.0 - CS Odessa)
CPUID CPU-Z 1.75 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CS13Dock\VL812Updater version 5041 (HKLM-x32\...\VL812_is1) (Version: 5041 - )
DinoVision (HKLM-x32\...\{34C04908-72A0-4943-BD14-8DCCBE941AA5}) (Version: 1.0.0.0 - DinoVision)
Disk Magic (HKLM-x32\...\{E9AB5A20-2580-4D8F-A37B-30A52DD6AB18}) (Version: 16.12.0 - IntelliMagic B.V.) Hidden
Disk Magic (HKLM-x32\...\Disk Magic) (Version: 16.12.0 - IntelliMagic B.V.)
DisplayLink Core Software (HKLM\...\{8D72293E-E663-41B9-A02E-ADA11CD6EBD9}) (Version: 8.0.778.0 - DisplayLink Corp.)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Dropbox (HKLM-x32\...\Dropbox) (Version: 30.4.22 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
e-config (HKLM-x32\...\{4AA9BEFF-6673-4B31-94FC-9ADF1657ECB0}) (Version: 5.3 - Trilogy)
Evernote v. 6.5.4 (HKLM-x32\...\{D47E7D82-0D98-11E7-A6D6-005056951CAD}) (Version: 6.5.4.4720 - Evernote Corp.)
EZSwitchSetup (HKLM-x32\...\EZSwitchSetup) (Version: 7.0.0.0 - Brocade Communications Systems Inc.)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.56 - FileZilla Project)
Flash Renamer 6.73 (HKLM-x32\...\Flash Renamer_is1) (Version:  - RL Vision)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{8B2D47CC-1558-4939-B27F-41E30530072A}) (Version: 1.0.467 - LogMeIn, Inc.)
GoToMeeting 8.8.0.7297 (HKU\S-1-5-21-800081787-2276684998-592242169-1608\...\GoToMeeting) (Version: 8.8.0.7297 - LogMeIn, Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
IBM Comprestimator tool (HKLM-x32\...\{F51FD4FF-1A71-48B2-9BC9-2F880927DEEB}) (Version: 1.5.2.2_w0098 - IBM)
IBM DS Storage Manager Host Software version 11.20 11.20.xx05.0002 (HKLM-x32\...\IBM System Storage DS Storage Manager 11) (Version: 11.20.xx05.0002 - IBM Corporation)
IBM XIV Storage Management GUI (HKLM\...\IBM XIV Storage Management GUI) (Version: 4.5.0.1 - IBM-XIV)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
inSSIDer 4 (HKLM-x32\...\{106E5A6F-A4C0-47B7-BA51-61DA07A90F9C}) (Version: 4.2.1.109 - MetaGeek, LLC)
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.01.57 - Softex Inc.) Hidden
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1015 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1045 - Intel Corporation)
Intel® Network Connections 21.1.30.0 (HKLM\...\PROSetDX) (Version: 21.1.30.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4414 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.6.0.1029 - Intel Corporation)
Intel® WiDi (HKLM\...\{5DD8D7E4-87F1-4134-AD28-4228FB1A03BA}) (Version: 6.0.44.0 - Intel Corporation)
Intel® WiDi Software Asset Manager (HKLM-x32\...\{86905E62-645F-482E-A417-82C812ABD787}) (Version: 1.1.383 - Intel Corporation) Hidden
Intel® Wireless Bluetooth®(patch version 17.1.1449.356) (HKLM\...\{302600C1-6BDF-4FD1-1411-148929CC1385}) (Version: 17.1.1411.0506 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{66614300-cd9b-4a62-8b18-c97e9562dc3e}) (Version: 19.50.0 - Intel Corporation)
IPCWebComponents 3.3.0.26 (HKLM-x32\...\{4740E1B2-51CF-4083-8976-D6B3B5A5064F}_is1) (Version: 3.3.0.26 - )
ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version:  - isotousb.com)
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
KC Softwares DUMo (HKLM-x32\...\KC Softwares DUMo_is1) (Version: 2.4.0.27 - KC Softwares)
KC Softwares SUMo (HKLM-x32\...\KC Softwares SUMo_is1) (Version: 4.3.4.306 - KC Softwares)
KCP-0.6.0.6 (HKLM-x32\...\Kawaii Codec Pack_is1) (Version: 0.6.0.6 - Haruhichan.com)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.21 - Lenovo)
Lenovo Fingerprint Manager Pro (HKLM\...\{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.57 - Lenovo) Hidden
Lenovo Fingerprint Manager Pro (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.57 - Lenovo)
Lenovo HID HW Radio Driver 1.0.0.58 (HKLM\...\{E5325F32-D15A-4131-B029-4A5B7609E532}_is1) (Version: 1.0.0.58 - Lenovo)
Lenovo On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.86.06 - Lenovo)
Lenovo Patch Utility (HKLM-x32\...\{E8F27ADF-B1ED-41AF-A7EF-D5E71778480C}) (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{053ACA98-6B07-4DD0-9DB3-F51E3EB1780C}) (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.24 - Lenovo) Hidden
Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.3.30.280 - Lenovo Corporation)
Lenovo Settings - Location Awareness (HKLM-x32\...\{C79D4402-E622-4922-9C02-89F9080BF081}_is1) (Version: 1.5.0.3 - Lenovo Group Limited)
Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.4.0.21 - Lenovo Group Limited)
Lenovo Settings Mobile Hotspot (HKLM\...\{42603F7D-B08D-436B-B0D8-3E2DEF1AFD41}_is1) (Version: 2.3.0.90 - Lenovo)
Lenovo Settings Service (HKLM\...\{8C6F1EBA-17F1-4481-B688-9777E63E985F}_is1) (Version: 2.4.0.9 - Lenovo Group Limited)
Lenovo Settings UMDF driver (HKLM\...\{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1) (Version: 1.2.0.7 - Lenovo Group Limited)
Lenovo USB Graphics (HKLM\...\{933E6021-BC9A-4B18-B6D9-46A5F5FC4115}) (Version: 8.0.835.0 - Lenovo)
M.O.U.S.9 (HKLM\...\{AD988B6E-AD75-4F6A-8ECB-5AA60265F6D7}) (Version: 7.0.55.13 - Mad Catz Inc)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes Anti-Exploit version 1.9.2.1413 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.9.2.1413 - Malwarebytes)
Malwarebytes' Managed Client (HKLM-x32\...\{72BE25D7-574A-4F4D-B9B3-907D239CE1C7}) (Version: 1.7.0.3208 - Malwarebytes)
MangoApps For Windows (HKLM-x32\...\{C1126BA2-AEE3-4C67-90E2-D2201EF65EFB}) (Version: 11.4.82.0 - MangoApps) Hidden
MangoApps For Windows (HKU\S-1-5-21-800081787-2276684998-592242169-1608\...\{3bdf8d33-0a05-4469-aa10-f9d3a166a0ca}) (Version: 11.4.82.0 - MangoApps)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0008.00 - Lenovo Group Limited) Hidden
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (64-bit) (HKLM\...\{D4769C99-1699-4740-8424-E7E9998026BE}) (Version: 15.8.8308.884 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{2FF8A787-F193-4A6C-A108-F1411B0DB100}) (Version: 15.8.8308.884 - Microsoft Corporation)
Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.8229.2103 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-800081787-2276684998-592242169-1608\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.8229.2103 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{e9d78d68-c26c-4da7-9158-99355d8ef3ad}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 54.0.1 (x64 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
Network Scanner Admin Tool (HKLM-x32\...\{4A0D21A2-D625-439D-B709-F2D6BCCEC982}) (Version: 03.02.0007 - PFU LIMITED)
Network Scanner User Editor (HKLM-x32\...\{97664C44-7AE5-461D-8181-78AA0A84C198}) (Version: 03.01 - PFU LIMITED)
Ninite Updater (HKLM-x32\...\NiniteUpdater) (Version:  - )
Nmap 7.50 (HKLM-x32\...\Nmap) (Version: 7.50 - )
Notepad Replacer 1.1.6 (HKLM-x32\...\0EDD95B3-6CED-4E8A-B1BF-78BF11C38837_is1) (Version: 1.1.6.0 - Binary Fortress Software)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.4.1 - Notepad++ Team)
Npcap 0.91 (HKLM-x32\...\NpcapInst) (Version: 0.91 - Nmap Project)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA nView 148.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 148.47 - NVIDIA Corporation)
NVIDIA WMI 2.29.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.29.0 - NVIDIA Corporation)
O2Micro Flash Memory Card Windows Driver (HKLM\...\{A6668863-B0A3-4812-AAF2-E47749ECFE0E}) (Version: 3.3.00.145 - O2Micro International LTD.) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{A6668863-B0A3-4812-AAF2-E47749ECFE0E}) (Version: 3.3.00.145 - O2Micro International LTD.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
OpenVPN 2.4.2-I601  (HKLM\...\OpenVPN) (Version: 2.4.2-I601 - OpenVPN Technologies, Inc.)
paint.net (HKLM\...\{02D89175-E08F-401B-BA30-8B7512B57724}) (Version: 4.0.17 - dotPDN LLC)
PANTONE Color Calibrator 1.3.0 (HKLM-x32\...\PANTONE Color Calibrator_is1) (Version: 1.3.0.0 - X-Rite)
PDF-Tools 4 (HKLM\...\{14EC807A-F88E-4FCF-8013-CB909F930E88}_is1) (Version: 4.0.316.1 - Tracker Software Products Ltd)
PDF-XChange Editor (HKLM\...\{B7E5844A-B8ED-4F27-A3C8-966114DCB007}) (Version: 6.0.319.0 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Editor (HKLM-x32\...\{e44f0a83-eeaa-471b-8e1e-5475e4183164}) (Version: 6.0.319.0 - Tracker Software Products (Canada) Ltd.)
PDF-XChange PRO V6 (HKLM\...\{65692E92-E681-4792-99EF-F69D229B6F4C}) (Version: 6.0.319.0 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Standard V6 (HKLM\...\{5F4A4835-B8F3-46A5-9AED-EDE692D408A3}) (Version: 6.0.317.1 - Tracker Software Products (Canada) Ltd.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.5 - Power Software Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7746 - Realtek Semiconductor Corp.)
Remote Desktop Manager (HKLM-x32\...\{0BD5108A-F10E-466D-AD25-9C90EBC53E60}) (Version: 12.6.0.0 - Devolutions inc.)
Secunia PSI (3.0.0.11005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 11.8.0 - ShareX Team)
SketchUp 2016 (HKLM\...\{E2B66CF6-ABA0-4E5F-B426-7478B18301AE}) (Version: 16.1.1449 - Trimble Navigation Limited)
SmartCode VNC Manager (Enterprise Edition) 6.11 64-bit (HKLM\...\{380BD198-CFFC-4C55-9DD1-A16AE11CF625}) (Version: 6.11.2.0 - SmartCode Solutions)
SolarWinds TFTP Server (HKLM-x32\...\{7EE86A3F-8107-486F-8E97-041F49578E73}) (Version: 10.9.1.33 - SolarWinds)
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 35.3.39010 - Sonos, Inc.)
Sophos Anti-Virus (HKLM-x32\...\{CA3CE456-B2D9-4812-8C69-17D6980432EF}) (Version: 10.6.4.1150 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{AFBCA1B9-496C-4AE6-98AE-3EA1CFF65C54}) (Version: 5.4.0.724 - Sophos Limited)
Sophos Management Communications System (HKLM-x32\...\{1FFD3F20-5D24-4C9A-B9F6-A207A53CF179}) (Version: 2.0.2.3 - Sophos Limited)
Spotify (HKU\S-1-5-21-800081787-2276684998-592242169-1608\...\Spotify) (Version: 1.0.59.395.ge6ca9946 - Spotify AB)
Standalone Solutions Configuration Tool (HKLM-x32\...\{2B2229D5-86DE-4442-844E-0D81B3F125B0}) (Version: 1.65.0 - Lenovo)
Sublime Text Build 3126 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.109 - Synaptics Incorporated)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Thunderbolt™ Software (HKLM\...\{BED2816F-D47A-41DA-AFCF-44E1B257C368}) (Version: 2.0.4.250 - Intel® Corporation)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.0 - Tweaking.com)
UC232A_Win 8_64bit (HKLM-x32\...\{C520B8EA-F0B9-49D8-AA6E-5141748613E7}) (Version: 1.0.082 - Aten International Co., Ltd.)
VanDyke Software SecureCRT and SecureFX 8.0 (HKLM\...\{C5B1DCCE-56F9-406C-8F22-DC48C8CFA35C}) (Version: 8.0.3 - VanDyke Software, Inc.)
VitalSource Bookshelf (HKLM-x32\...\{e50f89f8-573d-4971-97e9-daaf3e8df833}) (Version: 6.9.0019 - Ingram Content Group)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VMware Enhanced Authentication Plug-in 6.5.0 (HKLM-x32\...\{7B25B734-2280-4239-9EBE-CC70792FCDE7}) (Version: 6.5.0.4487 - VMware, Inc.)
VMware Plug-in Service (HKLM-x32\...\{178EAB33-6FA2-4958-8B15-C0153A7D3196}) (Version: 6.5.0.116 - VMware, Inc.)
VMware Remote Console (HKLM-x32\...\{29F1F968-F61F-4C33-96C7-2DDB8461F0C6}) (Version: 9.0.0 - VMware, Inc.)
VMware vSphere CLI (HKLM-x32\...\{E60422F6-23F5-446A-B26D-70FF3092BF84}) (Version: 6.5.0.8742 - VMware, Inc.)
VMware vSphere Client 5.5 (HKLM-x32\...\{4CFB0494-2E96-4631-8364-538E2AA91324}) (Version: 5.5.0.4330 - VMware, Inc.)
VMware vSphere Client 6.0 (HKLM-x32\...\{593390AC-CACE-4278-AA77-350012BF10B1}) (Version: 6.0.0.6826 - VMware, Inc.)
VMware vSphere PowerCLI (HKLM-x32\...\{EE5ADC6C-37FA-4E52-8F14-7D7703D64463}) (Version: 6.0.0.7857 - VMware, Inc.)
VMware vSphere Update Manager Client 6.0 Update 1 (HKLM-x32\...\{AEE02766-B805-4DFC-BDFE-B2F5A2DBC3DE}) (Version: 6.0.0.27278 - VMware, Inc.)
VMware vSphere Update Manager Client 6.0 Update 1b (HKLM-x32\...\{615FB64B-95A3-4B52-BFDC-DA26164DFBF7}) (Version: 6.0.0.28847 - VMware, Inc.)
VMware Workstation (HKLM\...\{878C6FAC-4FF1-4281-A05D-07CDA485C114}) (Version: 12.5.7 - VMware, Inc.)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WinDirStat 1.1.2 (HKU\S-1-5-21-800081787-2276684998-592242169-1608\...\WinDirStat) (Version:  - )
Windows Driver Package - Amazon.com (WinUSB) KindleFireUsbDeviceClass  (12/03/2012 1.3.1000.00000) (HKLM\...\1AE83188214F7A553BC5B719D4D7F6AACB767195) (Version: 12/03/2012 1.3.1000.00000 - Amazon.com)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wireshark 2.2.6 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.6 - The Wireshark developer community, hxxps://www.wireshark.org)
X-Rite Device Services Manager (HKLM-x32\...\{3A1B2112-3617-4D99-BF54-7AB8F9D18F97}) (Version: 2.3.82 - X-Rite)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-800081787-2276684998-592242169-1608_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\jason\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileCoAuthLib64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-800081787-2276684998-592242169-1608_Classes\CLSID\{7ECF6F97-B4F3-4168-9835-F59C06D7875F}\InprocServer32 -> C:\Users\jason\AppData\Local\Microsoft\LWAPlugin\x64\15.8\LWAPluginInProc.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-800081787-2276684998-592242169-1608_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-800081787-2276684998-592242169-1608_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\jason\AppData\Local\GoToMeeting\7297\G2MOutlookAddin64.dll (LogMeIn, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  AMangoAppsIgnoreIconHandler] -> {C74A0BF8-79CE-4D98-8D33-8D78843AFA9E} =>  -> No File
ShellIconOverlayIdentifiers: [  OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722} => C:\ProgramData\MangoApps\OCOverlays_x64.dll [2016-02-02] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} => C:\ProgramData\MangoApps\OCOverlays_x64.dll [2016-02-02] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722} => C:\ProgramData\MangoApps\OCOverlays_x64.dll [2016-02-02] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCWarning] -> {0960F096-F328-48A3-B746-276B1E3C3722} => C:\ProgramData\MangoApps\OCOverlays_x64.dll [2016-02-02] (ownCloud Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers01: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-05-17] ()
ContextMenuHandlers01: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers01: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers01: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2016-11-28] (Tracker Software Products (Canada) Ltd.)
ContextMenuHandlers01: [SavShellExt] -> {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavShellExtX64.dll [2016-09-22] (Sophos Limited)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers02: [SavShellExt] -> {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavShellExtX64.dll [2016-09-22] (Sophos Limited)
ContextMenuHandlers02: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} =>  -> No File
ContextMenuHandlers02: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2017-06-19] (VMware, Inc.)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [2013-04-04] (Malwarebytes Corporation)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers04: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers04: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers04: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers04: [SavShellExt] -> {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavShellExtX64.dll [2016-09-22] (Sophos Limited)
ContextMenuHandlers05: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2017-01-24] ()
ContextMenuHandlers05: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers05: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-11-15] (Intel Corporation)
ContextMenuHandlers05: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\Windows\system32\igfxOSP.dll [2016-11-15] (Intel Corporation)
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-02-17] (NVIDIA Corporation)
ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers06: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [2013-04-04] (Malwarebytes Corporation)
ContextMenuHandlers06: [SavShellExt] -> {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavShellExtX64.dll [2016-09-22] (Sophos Limited)
ContextMenuHandlers06: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2016-07-30] (IvoSoft)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {002CDE3F-158A-434D-BEB1-259998E8AD42} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-06] ()
Task: {16A4DD0D-D998-4E16-B2DD-AD48C24578FF} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-24] (Intel Corporation)
Task: {16EBFFD7-18F7-4576-9CBB-BC1929034F87} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2016-06-17] (Synaptics Incorporated)
Task: {16F87461-5D51-4C32-9719-9A84FD3C6125} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-07] (Dropbox, Inc.)
Task: {1A1C6F6D-8967-4E33-A613-A8257C34A112} - System32\Tasks\G2MUpdateTask-S-1-5-21-800081787-2276684998-592242169-1608 => C:\Users\jason\AppData\Local\GoToMeeting\7297\g2mupdate.exe [2017-07-24] (LogMeIn, Inc.)
Task: {1D866980-A59B-4E9B-83E3-50E08346CD64} - System32\Tasks\nWizard_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2017-01-24] ()
Task: {1DC4996F-DE95-49C7-969E-1A33760DCE48} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}
Task: {25A270AC-1165-4848-8490-4B3BDFC4CD37} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-02-23] (Realtek Semiconductor)
Task: {2801B617-A685-4462-9691-9CD23AB304D0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2D2E2CBF-A833-4F64-8D3B-49306487569D} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
Task: {35222723-CA5B-4B37-BB07-B375E18299ED} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-07] (Dropbox, Inc.)
Task: {3BF04D72-D782-437E-BBDB-2BA6DD4550C5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-07-24] (Microsoft Corporation)
Task: {3DCFD812-5878-469D-8169-E62CE327CF1D} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-02-23] (Realtek Semiconductor)
Task: {424A1306-C89D-4D92-8566-0A472766CEEB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-07-24] (Microsoft Corporation)
Task: {461D4DDC-951E-410E-89D0-373B99F2C3EB} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
Task: {4DCB46D6-20CA-4F2F-A993-F9BB16C83689} - System32\Tasks\Color Calibrator Tray Start up => C:\Program Files (x86)\X-Rite\PANTONE Color Calibrator\ColorCalibratorTray.exe [2016-07-11] ()
Task: {60942CC3-DF8D-46B5-A852-0402563ABAFE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-11] (Adobe Systems Incorporated)
Task: {67C27779-65D5-4C79-97D9-AEC27B5A07CC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation)
Task: {6AF11669-2CDF-4962-9505-0F2630CE30CE} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-02] (Lenovo)
Task: {6BF68997-200D-4031-9C67-294990B007B7} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-02-23] (Realtek Semiconductor)
Task: {75253838-A67C-40E0-A984-7B237465CA64} - System32\Tasks\X-Rite Device Services Software Updater => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe [2014-06-23] (X-Rite Inc.)
Task: {75E590CB-A5C6-471F-8421-DECF77B5BFF2} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-06] ()
Task: {80C1B292-0BA8-497C-8E0C-BEEDBAC2D00D} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc start ThunderboltService
Task: {8F1F911A-8C9A-483B-95B9-8539DC289183} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {8FACD729-04A1-4D38-BECC-8CB682A81662} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
Task: {9A6DCFEE-443B-43BD-B096-B773CBBF8FEA} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {AAE273C0-0ADD-4CFD-BE0B-DCFDF5158E3B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-07-24] (Microsoft Corporation)
Task: {ABAE5D28-D8A8-4F3E-9122-A885A3F3C77A} - System32\Tasks\Lenovo\Lenovo Settings Power => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor
Task: {B2833DA4-7B46-43EC-9FCD-05174BA22DDD} - System32\Tasks\G2MUploadTask-S-1-5-21-800081787-2276684998-592242169-1608 => C:\Users\jason\AppData\Local\GoToMeeting\7297\g2mupload.exe [2017-07-24] (LogMeIn, Inc.)
Task: {C4D7A541-21F5-4829-8A53-BEBD198ACDF2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {D31617AC-D650-455F-A74B-FB40CDC070DF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation)
Task: {D75116F6-CD1D-422E-AFA3-B52DBB13A2E8} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {E5AF5080-39F2-4B92-B5A0-DE94086F5573} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-24] (Intel Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-800081787-2276684998-592242169-1608.job => C:\Users\jason\AppData\Local\GoToMeeting\7297\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-800081787-2276684998-592242169-1608.job => C:\Users\jason\AppData\Local\GoToMeeting\7297\g2mupload.exe
Task: C:\Windows\Tasks\X-Rite Device Services Software Updater.job => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-05-17 18:34 - 2017-02-17 18:56 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-31 10:55 - 2016-04-14 07:50 - 00107008 _____ () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-07-13 20:50 - 2017-07-13 20:50 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-17 15:56 - 2017-01-17 15:56 - 01897960 _____ () C:\Program Files (x86)\VMware\Plug-in Service\vmware-cip-msg-proxy.exe
2017-05-28 14:39 - 2016-07-15 09:50 - 00090128 _____ () C:\Program Files (x86)\IPCWebComponents\IPCPlgSvr.exe
2017-04-05 10:02 - 2016-02-02 11:38 - 00059392 _____ () C:\ProgramData\MangoApps\OCUtil_x64.dll
2016-11-23 02:50 - 2017-07-06 12:17 - 08932040 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2017-05-17 18:35 - 2017-01-24 04:16 - 00785976 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2017-05-17 19:05 - 2017-05-17 19:05 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-08-23 04:07 - 2016-08-23 04:07 - 01797352 _____ () C:\Program Files\DisplayLink Core Software\8.0.778.0\AddOnApi64.dll
2016-04-08 10:30 - 2016-04-08 10:30 - 12459520 _____ () C:\Program Files\Mad Catz\M.O.U.S.9\Pr0fileEditor_Forms.dll
2016-04-08 10:30 - 2016-04-08 10:30 - 00004096 _____ () C:\Program Files\Mad Catz\M.O.U.S.9\en-US\Pr0fileEditor_Forms.resources.dll
2016-04-08 10:30 - 2016-04-08 10:30 - 00007168 _____ () C:\Program Files\Mad Catz\M.O.U.S.9\en\Pr0fileEditor_Forms.resources.dll
2017-07-14 10:27 - 2017-07-14 10:27 - 00092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-07-14 10:26 - 2017-07-14 10:26 - 01354040 _____ () C:\Program Files\iTunes\libxml2.dll
2014-03-03 21:10 - 2015-05-12 15:14 - 00469720 _____ () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
2014-03-03 21:10 - 2015-05-12 15:14 - 00013016 _____ () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
2017-05-11 01:44 - 2017-05-11 01:44 - 00632448 _____ () C:\Program Files\OpenVPN\bin\openvpn-gui.exe
2017-05-11 01:44 - 2017-05-11 01:44 - 00225696 _____ () C:\Program Files\OpenVPN\bin\liblzo2-2.dll
2017-05-11 01:44 - 2017-05-11 01:44 - 00124872 _____ () C:\Program Files\OpenVPN\bin\libpkcs11-helper-1.dll
2017-05-28 14:39 - 2016-07-15 09:50 - 00108560 _____ () C:\Program Files (x86)\IPCWebComponents\WebSocketLib.dll
2017-05-28 14:39 - 2016-07-15 09:49 - 00123920 _____ () C:\Program Files (x86)\IPCWebComponents\Common.dll
2017-02-13 04:36 - 2017-02-13 04:36 - 00306472 _____ () C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\log4cplus.dll
2014-06-23 18:06 - 2014-06-23 18:06 - 01588224 _____ () C:\Program Files (x86)\X-Rite\Devices\rm200\GoldenEye.dll
2014-06-23 18:06 - 2014-06-23 18:06 - 02633728 _____ () C:\Program Files (x86)\X-Rite\Devices\colormunki\colormunki.dll
2017-06-01 20:03 - 2016-10-19 03:42 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-03-20 11:57 - 2017-03-20 11:57 - 00321208 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2017-07-13 14:19 - 2017-07-12 14:58 - 00746816 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-07-13 14:19 - 2017-07-12 14:58 - 01787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2016-02-07 06:03 - 2017-07-12 14:58 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-02-07 06:03 - 2017-07-12 14:58 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-02-07 06:03 - 2017-07-12 15:01 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-02-07 06:03 - 2017-07-12 14:58 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-07-13 14:19 - 2017-07-12 14:59 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-02-07 06:03 - 2017-07-12 14:58 - 00125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-02-07 06:03 - 2017-07-12 14:58 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-07-13 14:19 - 2017-07-12 14:59 - 01862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-07-13 14:19 - 2017-07-12 14:59 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-07-13 14:19 - 2017-07-12 14:58 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-07-13 14:19 - 2017-07-12 14:58 - 00020432 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-07-13 14:19 - 2017-07-12 14:58 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-02-07 06:03 - 2017-07-12 14:58 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-05 13:28 - 2017-07-12 15:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-07-13 14:19 - 2017-07-12 14:59 - 00062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-07-13 14:19 - 2017-07-12 14:59 - 00040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-02-07 06:03 - 2017-07-12 14:58 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-07-13 14:19 - 2017-07-12 14:58 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-07-13 14:19 - 2017-07-12 14:58 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-02-07 06:03 - 2017-07-12 14:58 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-02-07 06:03 - 2017-07-12 15:01 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-02-07 06:03 - 2017-07-12 14:58 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-05 13:28 - 2017-07-12 15:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-02-07 06:03 - 2017-07-12 14:58 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-02-07 06:03 - 2017-07-12 14:58 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-02-07 06:03 - 2017-07-12 14:58 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-02-07 06:03 - 2017-07-12 14:58 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-02-07 06:03 - 2017-07-12 14:58 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-02-07 06:03 - 2017-07-12 14:58 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-02-07 06:03 - 2017-07-12 14:58 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-07-13 14:19 - 2017-07-12 14:59 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-05-15 18:57 - 2017-07-12 15:01 - 00082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2016-02-07 06:03 - 2017-07-12 15:01 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-07-13 14:19 - 2017-07-12 14:59 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-07-13 14:19 - 2017-07-12 15:00 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-02-07 06:03 - 2017-07-12 14:58 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-07-13 14:19 - 2017-07-12 14:59 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-07-13 14:19 - 2017-07-12 15:00 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-02-07 06:03 - 2017-07-12 14:58 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-07-13 14:19 - 2017-07-12 15:00 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-07-13 14:19 - 2017-07-12 15:00 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-07-13 14:19 - 2017-07-12 15:00 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-07-13 14:19 - 2017-07-12 15:00 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-07-13 14:19 - 2017-07-12 15:00 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-07-13 14:19 - 2017-07-12 15:00 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-02-07 06:03 - 2017-07-12 14:58 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-02-27 18:42 - 2017-07-12 15:01 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-01-23 19:36 - 2017-07-12 15:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-01-23 19:36 - 2017-07-12 15:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 19:36 - 2017-07-12 15:01 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 19:36 - 2017-07-12 15:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2016-02-07 06:03 - 2017-07-12 14:58 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-07-13 14:19 - 2017-07-12 15:00 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2016-02-18 04:23 - 2017-07-12 15:01 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-07-13 14:19 - 2017-07-12 14:59 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-07-13 14:19 - 2017-07-12 14:58 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-07-13 14:19 - 2017-07-12 14:59 - 00181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-07-11 17:48 - 2017-07-12 15:01 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-07-13 14:19 - 2017-07-12 14:59 - 00024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-07-13 14:19 - 2017-07-12 14:59 - 01637688 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-08-05 13:28 - 2017-07-12 15:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-04-07 14:59 - 2017-07-12 15:01 - 00023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-07-13 14:19 - 2017-07-12 15:00 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-07-13 14:19 - 2017-07-12 15:00 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-02-27 18:42 - 2017-07-12 15:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.shcore.compiled._winffi_shcore.pyd
2017-06-07 17:18 - 2017-06-07 17:18 - 00192512 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\b5324a2283f0c85fc38cf07ed4aaca4b\Windows.Foundation.ni.dll
2017-05-17 19:05 - 2017-05-17 19:05 - 00021680 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2015-05-15 09:24 - 2015-05-15 09:24 - 02873856 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2017-07-11 11:42 - 00000880 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    vmware-plugin

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-800081787-2276684998-592242169-1608\Control Panel\Desktop\\Wallpaper -> C:\Users\jason\ibm_thinkpad_640.jpg
DNS Servers: 192.168.1.1 - 10.4.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [DfsMgmt-In-TCP] => (Allow) %systemroot%\system32\dfsfrsHost.exe
FirewallRules: [TCP Query User{AEE756A4-8845-4846-BB4F-F55EF542BA41}C:\program files (x86)\sonos\sonos.exe] => (Allow) C:\program files (x86)\sonos\sonos.exe
FirewallRules: [UDP Query User{800F2ABD-442F-4A8D-AEC6-CED57627CFB9}C:\program files (x86)\sonos\sonos.exe] => (Allow) C:\program files (x86)\sonos\sonos.exe
FirewallRules: [{EC30216B-A102-48DC-80D1-313998B42057}] => (Allow) LPort=54925
FirewallRules: [TCP Query User{AFCA585B-4379-4162-A381-E07672C19FCC}C:\users\jason\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\jason\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A1845494-C430-42BF-BBB8-CD9C639CEA4F}C:\users\jason\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\jason\appdata\roaming\spotify\spotify.exe
FirewallRules: [{9625E8A9-1363-451C-B16B-D81B48A59CD9}] => (Allow) C:\Program Files (x86)\SolarWinds\TFTP Server\TFTPServer.exe
FirewallRules: [{F754A663-228F-40FB-8B89-42D729940F5B}] => (Allow) C:\Program Files (x86)\SolarWinds\TFTP Server\TFTPServer.exe
FirewallRules: [{E52A0D99-B598-4003-BF61-4B49D89D57D4}] => (Allow) C:\Program Files (x86)\SolarWinds\TFTP Server\SolarWinds TFTP Server.exe
FirewallRules: [{76382B33-AE1A-4330-BA8D-818BD1C78EC9}] => (Allow) C:\Program Files (x86)\SolarWinds\TFTP Server\SolarWinds TFTP Server.exe
FirewallRules: [{5BF13483-CE0D-4903-8AE6-FE7E7CFA30C7}] => (Allow) C:\Program Files (x86)\SolarWinds\TFTP Server\TFTPServer.exe
FirewallRules: [{587A78DC-40AA-417D-A298-8EFF87F0DE2D}] => (Allow) C:\Program Files (x86)\SolarWinds\TFTP Server\TFTPServer.exe
FirewallRules: [TCP Query User{781F0A40-839B-461D-92D3-97EC05B925BE}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{219F5393-4738-4EBC-986A-1245CDCB4580}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{A9F445F0-4F6A-4DC6-AF56-FEE4F22FBB97}C:\program files (x86)\sonos\sonos.exe] => (Allow) C:\program files (x86)\sonos\sonos.exe
FirewallRules: [UDP Query User{7F6045CF-7D3A-44BD-B094-5E8EFA415D20}C:\program files (x86)\sonos\sonos.exe] => (Allow) C:\program files (x86)\sonos\sonos.exe
FirewallRules: [TCP Query User{1F1E9A5C-06C5-4F4B-AAEE-575BF220900B}C:\users\jason\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\jason\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{34870BC0-021D-4056-B54F-5F9ECB141D6D}C:\users\jason\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\jason\appdata\roaming\spotify\spotify.exe
FirewallRules: [{AA50DD16-D67D-4674-845C-F1A35B6771BD}] => (Allow) LPort=5454
FirewallRules: [{4317977C-8484-4229-9823-E01D06D883B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{609F246F-465A-4F36-8C53-D1E93857E511}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B6AEEEF9-2AFE-497D-9FB2-227D72121D6D}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [TCP Query User{8018E740-DD17-4B08-AAE1-3DB57CC9F281}C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe
FirewallRules: [UDP Query User{718824D1-82E7-42B7-9537-0FEA9DF07134}C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe
FirewallRules: [{337DAA64-F336-4B42-822E-F987A873BEC6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FF942BDF-A182-4EE9-94CE-602BD29ED3BE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EA645FA6-319E-4C21-ADE3-E3ED8B91D02A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2F3E239E-FD2E-42DD-8DC2-B50202A64D26}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{680B1B81-0739-4A54-9BD7-D1AB27F909A2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ADF2EAF8-8FCF-46B7-BE2A-BB1925FB3854}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F5F799DA-FDA4-4C32-B4D3-B9CE21E05AC8}C:\program files (x86)\java\jre1.8.0_65\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_65\bin\jp2launcher.exe
FirewallRules: [UDP Query User{ED00177F-CA38-4F5A-8F1A-59471898F90B}C:\program files (x86)\java\jre1.8.0_65\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_65\bin\jp2launcher.exe
FirewallRules: [TCP Query User{646F5295-D938-4062-B3FF-22C2D787598C}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [UDP Query User{54422459-5F50-40BC-AF4C-8A19B6156F71}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [{4CB91A20-5230-46F5-A489-8E8E2BC92994}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{6BD58B9A-9BBD-4D4F-A30C-438F09713E7F}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
FirewallRules: [{0117491A-C454-4A49-A800-79BC06ECB29B}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe
FirewallRules: [{9548B623-57C0-4C65-B37E-E0444BE02A38}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
FirewallRules: [{DBA26E6D-ED07-4173-9672-F0081D75C59B}] => (Allow) C:\Program Files (x86)\Arecont Vision\AvIpUtility\AvIpUtility.exe
FirewallRules: [{0CD1B5CD-AD2C-4432-9115-C2806854B73F}] => (Allow) C:\Program Files (x86)\Arecont Vision\AvIpUtility\AvFinder.exe
FirewallRules: [{E8F58705-5D7A-4967-9A7B-B83CDAB1A703}] => (Allow) C:\Program Files (x86)\Arecont Vision\AvIpUtility\AvMulticast.exe
FirewallRules: [{0ABEBC85-A467-422E-8259-7F51A15654CE}] => (Allow) C:\Program Files (x86)\Arecont Vision\AV200\AV200.exe
FirewallRules: [{92C644B9-D5C7-4D47-BF59-39EACCC35263}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F27C173E-FF97-4BE4-96CA-07FACE1C9E81}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{183DA53E-6190-426E-AA3F-4B9F941A8B1B}C:\users\jason\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jason\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{702D4690-B5D0-4CFD-A057-DC5FF84C6980}C:\users\jason\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jason\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{013E81DD-6FF9-4DEB-9CC3-EB1164DF56CD}C:\users\jason\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\jason\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [UDP Query User{6074E324-3961-428D-B52C-7B443A330EEA}C:\users\jason\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\jason\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [TCP Query User{9579F2CF-CA3C-4D74-9667-750F3C19CE56}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{F6A23E53-8963-4DC8-BAAD-40E69F54DA73}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{B7DB4A3E-5D44-49E8-AAA7-72D00FC6AD13}] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{847E383D-FC47-48FF-96AF-5D22C3844C4F}] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{D9EDD210-83BE-4EAB-A20E-23DBBF224608}] => (Allow) LPort=3935
FirewallRules: [TCP Query User{55CCDF7C-F363-479A-B550-22A1AF893185}C:\program files (x86)\citrix\ica client\wfica32.exe] => (Allow) C:\program files (x86)\citrix\ica client\wfica32.exe
FirewallRules: [UDP Query User{4A57AA4B-39CA-47F4-A337-595978ED77A1}C:\program files (x86)\citrix\ica client\wfica32.exe] => (Allow) C:\program files (x86)\citrix\ica client\wfica32.exe
FirewallRules: [{498B995D-A144-4153-96C5-45D5A7E61A59}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{1AA9FAE6-A547-4705-8021-31D70DAC543E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{44BC7C09-754C-4A01-8760-E48B51B332EC}] => (Allow) C:\Program Files (x86)\Arecont Vision\AV200\AV200.exe
FirewallRules: [{EBD82F78-DB0F-4B18-A820-29F585D8EF28}] => (Allow) C:\Program Files (x86)\Arecont Vision\AV200\SDCardView.exe
FirewallRules: [TCP Query User{9314C248-BAB3-4CA8-95B4-A64E1A558FCA}C:\program files\microsoft office\root\office16\lync.exe] => (Allow) C:\program files\microsoft office\root\office16\lync.exe
FirewallRules: [UDP Query User{47EA2EB2-1968-4876-B727-BE0FFDD7C4CE}C:\program files\microsoft office\root\office16\lync.exe] => (Allow) C:\program files\microsoft office\root\office16\lync.exe
FirewallRules: [{2865171B-FAFE-4D8B-94DE-FBB41905E1CF}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{4928A929-EA63-4BB8-B628-441D8A01AE43}] => (Allow) F:\LiteShow3\LiteShow3.exe
FirewallRules: [{6225FA12-664E-49D2-B851-599177DCFA63}] => (Allow) F:\LiteShow3\LiteShow3.exe
FirewallRules: [{5A598AF1-FF26-4541-9DB2-F7916EA78F33}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{A89E8315-9BE7-4083-BCBF-0AC48C0D1734}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CFFBE47E-7682-44D5-92F6-A90398620242}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{9BB11B7D-281C-40FE-8B08-84EB83A91A0A}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{DA24773B-20C8-4C18-8796-A8C8F564D86E}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{D100191E-20D8-4A8F-AB42-2887B024EDB7}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{A7B2ED6A-22CB-4F9C-B7A1-B89163B7416C}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{F0E2CBB0-8FAA-4904-A0C9-0946B68A531B}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

24-07-2017 11:04:17 Scheduled Checkpoint
25-07-2017 18:15:19 Before installation of Npcap 0.91
25-07-2017 22:08:40 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: BayHubTech/O2Micro Integrated MMC/SD controller
Description: BayHubTech/O2Micro Integrated MMC/SD controller
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: BayHubTech/O2Micro
Service: O2FJ2RDR
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

CodeIntegrity:
===================================
  Date: 2017-07-26 02:20:54.955
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-03-23 14:11:48.788
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-10 09:41:10.851
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-12 09:07:54.641
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-05 10:38:15.031
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-28 17:26:34.766
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-28 16:47:32.733
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-28 16:37:14.032
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-28 16:26:12.078
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-28 16:12:02.865
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4800MQ CPU @ 2.70GHz
Percentage of memory in use: 12%
Total physical RAM: 32669.71 MB
Available physical RAM: 28457.61 MB
Total Virtual: 36765.71 MB
Available Virtual: 32571.95 MB

==================== Drives ================================

Drive c: (disk0) (Fixed) (Total:237.96 GB) (Free:47.78 GB) NTFS
Drive d: (m2) (Fixed) (Total:111.66 GB) (Free:30.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 86931621)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:47 PM

Posted 27 July 2017 - 09:08 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Except for the Policy Restrictions nothing suspicious was found on your logs.

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-800081787-2276684998-592242169-1608\...\Run: [Zoom] => [X]
IFEO\notepad.exe: [Debugger] C:\Program Files (x86)\Notepad Replacer\NotepadReplacer.exe
GroupPolicy: Restriction <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
GroupPolicyScripts\User: Restriction <==== ATTENTION
FF Plugin-x32: @vmware.com/vmrc,version=2.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll [No File]
FF Plugin-x32: @vmware.com/vmrc,version=5.1.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Firefox\np-vmware-vmrc.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-12]
CHR Extension: (Chrome Media Router) - C:\Users\jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-12]
S2 Browser; %SystemRoot%\System32\browser.dll [X]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]
ShellIconOverlayIdentifiers: [  AMangoAppsIgnoreIconHandler] -> {C74A0BF8-79CE-4D98-8D33-8D78843AFA9E} =>  -> No File
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers02: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} =>  -> No File
ContextMenuHandlers04: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers05: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Any issues with this computer.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:47 PM

Posted 02 August 2017 - 09:51 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users