Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iexplorer cannot be updated. FRST data posted.


  • This topic is locked This topic is locked
4 replies to this topic

#1 seraphin

seraphin

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 25 August 2017 - 03:12 PM

As directed by the global moderator to repost my inquiry with data from FRST, here are the issues and solutions I've tried -

 

Issue1: internet explorer cannot be updated through Windows update. Current version: 10.0.9200.17609

Issue2: Microsoft WORD documents open as "read-only"

 

Solution1: malwarebyte did not find anything.

Solution2: adw cleaner failed to remove found items (under iexplorer).

Solution3: Microsoft Security Suite did not find anything

 

 

Below are FRST.txt and Addition.txt (in order)

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Admin (administrator) on ADMIN-THINK (25-08-2017 15:51:04)
Running from C:\Users\Brenden\Downloads
Loaded Profiles: Admin & Brenden (Available Profiles: Admin & Brenden & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SanDisk Corporation) C:\Users\Brenden\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2731304 2011-03-24] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [41320 2011-01-27] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281448 2010-12-16] (Lenovo Group Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-04-18] (RealNetworks, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-852523077-2477265811-1022050412-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-852523077-2477265811-1022050412-1001\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [3097640 2015-11-13] ()
HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\Run: [SansaDispatch] => C:\Users\Brenden\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [1465616 2014-06-12] (SanDisk Corporation)
HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964064 2017-08-17] (SUPERAntiSpyware)
HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\MountPoints2: {0ea37c46-8002-11e0-bc31-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\MountPoints2: {be686f73-f1c2-11e2-a4cb-b26dae839a9e} - E:\TL_Bootstrap.exe
HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\MountPoints2: {ce826d79-129f-11e3-89e9-b8b5458e1a08} - E:\TL_Bootstrap.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.94.8.20 10.95.16.20
Tcpip\..\Interfaces\{FCEC50F7-AE1A-46EE-9EB7-8D7D4D48211B}: [DhcpNameServer] 10.94.8.20 10.95.16.20

Internet Explorer:
==================
HKU\S-1-5-21-852523077-2477265811-1022050412-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=en-us
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2E0A52D0-D0D2-4F41-8A92-9B940AABFDFD} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {92E043DF-76CE-4C86-B78D-88E718712BEA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-852523077-2477265811-1022050412-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-852523077-2477265811-1022050412-1001 -> {60414BA1-59BE-4797-9F49-BAF79A5B562D} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-852523077-2477265811-1022050412-1003 -> DefaultScope {92E043DF-76CE-4C86-B78D-88E718712BEA} URL = hxxp://www.bing.com/search?FORM=LEMBDF&PC=MALC&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-852523077-2477265811-1022050412-1003 -> {92E043DF-76CE-4C86-B78D-88E718712BEA} URL = hxxp://www.bing.com/search?FORM=LEMBDF&PC=MALC&q={searchTerms}&src=IE-SearchBox
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-03-06] (RealDownloader)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-07-26] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-26] (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
DPF: HKLM-x32 {379A0E95-3ECE-4D63-BBEB-54D4870CEF50} hxxp://download.tygem.com/active_x/TygemBadukP.cab

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\29lkyyen.default [2017-08-25]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\29lkyyen.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\29lkyyen.default -> www.google.com
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-04-18] [not signed]
FF HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-08] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-06-11] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-06-11] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-04-18] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-04-18] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-03-06] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-852523077-2477265811-1022050412-1003: @citrixonline.com/appdetectorplugin -> C:\Users\Brenden\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-05-24] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2013-04-18] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2013-04-18] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-01-27] (Cisco WebEx LLC)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-852523077-2477265811-1022050412-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-06-14] (Macrovision Europe Ltd.) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3877768 2016-12-12] (Paramount Software UK Ltd)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-11-25] (Lenovo Group Limited) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [75336 2014-07-14] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-08-31] (GFI Software)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-08-04] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-25 15:51 - 2017-08-25 15:55 - 000020488 _____ C:\Users\Brenden\Downloads\FRST.txt
2017-08-25 15:50 - 2017-08-25 15:51 - 000000000 ____D C:\FRST
2017-08-25 15:49 - 2017-08-25 15:49 - 002395648 _____ (Farbar) C:\Users\Brenden\Downloads\FRST64.exe
2017-08-25 14:16 - 2017-08-25 14:16 - 000001819 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-08-25 14:16 - 2017-08-25 14:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-08-25 14:16 - 2017-08-25 14:16 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-08-25 14:13 - 2017-08-25 14:13 - 030431008 _____ (SUPERAntiSpyware) C:\Users\Brenden\Downloads\SUPERAntiSpyware.exe
2017-08-21 13:09 - 2017-08-21 13:09 - 000012134 _____ C:\Users\Brenden\Desktop\Benign_GLA_Freq2_0817.xlsx
2017-08-21 11:00 - 2017-08-25 13:10 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-21 11:00 - 2017-08-21 11:00 - 000001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-08-21 11:00 - 2017-08-21 11:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-08-21 11:00 - 2017-08-21 11:00 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-08-21 11:00 - 2016-03-10 14:09 - 000064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2017-08-21 11:00 - 2016-03-10 14:08 - 000140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-08-21 11:00 - 2016-03-10 14:08 - 000027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-08-21 10:39 - 2017-08-21 10:39 - 022851472 _____ (Malwarebytes ) C:\Users\Brenden\Downloads\mbam-setup-bc.1878-2.2.1.1043.exe
2017-08-18 15:33 - 2017-08-18 15:33 - 000123032 _____ C:\Users\Brenden\Desktop\MartinBirkhoferPressReleaseFinal.91vmg4Vb.pdf
2017-08-18 08:37 - 2017-08-18 08:37 - 000000000 ____D C:\Users\Brenden\Desktop\New folder (2)
2017-08-09 10:05 - 2017-07-29 10:56 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-08-09 10:05 - 2017-07-21 10:26 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll
2017-08-09 10:05 - 2017-07-21 10:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch40.dll
2017-08-09 10:05 - 2017-07-21 10:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll
2017-08-09 10:05 - 2017-07-21 10:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
2017-08-09 10:05 - 2017-07-14 11:29 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-08-09 10:05 - 2017-07-14 11:29 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-08-09 10:05 - 2017-07-14 11:29 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-08-09 10:05 - 2017-07-14 11:29 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-08-09 10:05 - 2017-07-14 11:29 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-08-09 10:05 - 2017-07-14 11:29 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-08-09 10:05 - 2017-07-14 11:29 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-08-09 10:05 - 2017-07-14 11:29 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-08-09 10:05 - 2017-07-14 11:29 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-08-09 10:05 - 2017-07-14 11:29 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-08-09 10:05 - 2017-07-14 11:29 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2017-08-09 10:05 - 2017-07-14 11:29 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-08-09 10:05 - 2017-07-14 11:12 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-08-09 10:05 - 2017-07-14 11:12 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-08-09 10:05 - 2017-07-14 11:11 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-08-09 10:05 - 2017-07-14 11:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-08-09 10:05 - 2017-07-14 11:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-08-09 10:05 - 2017-07-14 11:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-08-09 10:05 - 2017-07-14 11:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-08-09 10:05 - 2017-07-14 11:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-08-09 10:05 - 2017-07-14 11:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-08-09 10:05 - 2017-07-14 11:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-08-09 10:05 - 2017-07-14 11:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-08-09 10:05 - 2017-07-14 11:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-08-09 10:05 - 2017-07-14 11:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-08-09 10:05 - 2017-07-14 11:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-08-09 10:05 - 2017-07-14 11:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-08-09 10:05 - 2017-07-14 10:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-08-09 10:05 - 2017-07-14 10:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-08-09 10:05 - 2017-07-14 10:57 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-08-09 10:05 - 2017-07-14 10:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2017-08-09 10:05 - 2017-07-14 10:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2017-08-09 10:05 - 2017-07-08 11:34 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-08-09 10:05 - 2017-07-08 11:00 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-08-09 10:05 - 2017-07-07 11:37 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-08-09 10:05 - 2017-07-07 11:33 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-08-09 10:05 - 2017-07-07 11:33 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-08-09 10:05 - 2017-07-07 11:33 - 000363752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2017-08-09 10:05 - 2017-07-07 11:33 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-08-09 10:05 - 2017-07-07 11:33 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-08-09 10:05 - 2017-07-07 11:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:15 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-08-09 10:05 - 2017-07-07 11:15 - 003945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-08-09 10:05 - 2017-07-07 11:13 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-08-09 10:05 - 2017-07-07 11:11 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-08-09 10:05 - 2017-07-07 11:11 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-08-09 10:05 - 2017-07-07 11:11 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-08-09 10:05 - 2017-07-07 11:11 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-08-09 10:05 - 2017-07-07 11:11 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-08-09 10:05 - 2017-07-07 11:11 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-08-09 10:05 - 2017-07-07 11:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-08-09 10:05 - 2017-07-07 11:11 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-08-09 10:05 - 2017-07-07 11:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-08-09 10:05 - 2017-07-07 11:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-08-09 10:05 - 2017-07-07 11:11 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-08-09 10:05 - 2017-07-07 11:11 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-08-09 10:05 - 2017-07-07 11:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-08-09 10:05 - 2017-07-07 11:11 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-08-09 10:05 - 2017-07-07 11:11 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 11:02 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-08-09 10:05 - 2017-07-07 11:01 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-08-09 10:05 - 2017-07-07 11:01 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-08-09 10:05 - 2017-07-07 11:01 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-08-09 10:05 - 2017-07-07 10:58 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-08-09 10:05 - 2017-07-07 10:57 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-08-09 10:05 - 2017-07-07 10:54 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-08-09 10:05 - 2017-07-07 10:54 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-08-09 10:05 - 2017-07-07 10:54 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-08-09 10:05 - 2017-07-07 10:53 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-08-09 10:05 - 2017-07-07 10:53 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-08-09 10:05 - 2017-07-07 10:51 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-08-09 10:05 - 2017-07-07 10:48 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-08-09 10:05 - 2017-07-07 10:48 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-08-09 10:05 - 2017-07-07 10:48 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-08-09 10:05 - 2017-07-07 10:48 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-08-09 10:05 - 2017-07-07 10:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-08-09 10:05 - 2017-07-07 10:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 10:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 10:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-08-09 10:05 - 2017-07-07 10:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-08-09 10:05 - 2017-07-01 09:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2017-08-09 10:05 - 2017-07-01 09:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll
2017-08-09 10:05 - 2017-07-01 09:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-08-09 10:05 - 2017-07-01 09:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll
2017-08-09 10:05 - 2017-07-01 09:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2017-08-09 10:05 - 2017-07-01 09:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2017-08-09 10:05 - 2017-07-01 09:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2017-08-09 10:05 - 2017-07-01 09:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-08-09 10:05 - 2017-07-01 09:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2017-08-09 10:05 - 2017-07-01 09:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2017-08-09 10:05 - 2017-07-01 09:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-08-09 10:05 - 2017-07-01 09:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll
2017-08-07 11:23 - 2017-08-08 16:02 - 000000000 ____D C:\Users\Brenden\Desktop\New folder
2017-08-04 15:19 - 2017-08-16 10:36 - 000000000 ____D C:\Users\Brenden\Desktop\test_1.Data
2017-08-04 14:00 - 2017-08-04 14:09 - 000000000 ____D C:\Users\Brenden\Desktop\USMLE
2017-08-03 17:14 - 2017-08-03 17:14 - 000314921 _____ C:\Users\Brenden\Desktop\receipts.pdf
2017-08-03 13:12 - 2017-08-16 12:00 - 001847570 _____ C:\Users\Brenden\Desktop\test_1.enl
2017-08-03 11:50 - 2017-08-16 10:35 - 000000000 ____D C:\Users\Brenden\Desktop\endnote library
2017-08-03 11:26 - 2017-08-24 13:32 - 000002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-03 11:26 - 2017-08-24 13:32 - 000002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-03 11:26 - 2017-08-03 11:26 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-08-03 11:26 - 2017-08-03 11:26 - 000000986 _____ C:\Users\Public\Desktop\WinRAR.lnk
2017-08-03 11:26 - 2017-08-03 11:26 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-08-03 11:26 - 2017-08-03 11:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-08-03 11:25 - 2017-08-03 11:25 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-08-03 11:01 - 2017-08-03 11:01 - 002220560 _____ C:\Users\Brenden\Downloads\winrar-x64-55b6.exe
2017-08-03 10:53 - 2017-08-03 10:53 - 001130328 _____ (Google Inc.) C:\Users\Brenden\Downloads\ChromeSetup.exe
2017-08-03 10:27 - 2017-08-03 10:27 - 000009950 _____ C:\Users\Admin\Desktop\SecurityCheck.txt
2017-08-03 10:17 - 2017-08-03 10:17 - 000000000 ____D C:\SecurityCheck
2017-08-02 18:00 - 2017-08-02 18:00 - 000515639 _____ (glax24 (safezone.cc)) C:\Users\Brenden\Desktop\SecurityCheck.exe
2017-08-02 17:36 - 2017-08-02 17:36 - 006754944 _____ (ESET spol. s r.o.) C:\Users\Brenden\Downloads\esetonlinescanner_enu.exe
2017-08-02 17:36 - 2017-08-02 17:36 - 000000000 ____D C:\Users\Brenden\AppData\Local\ESET
2017-08-02 17:36 - 2017-08-02 17:36 - 000000000 ____D C:\Users\Admin\AppData\Local\ESET
2017-08-02 17:31 - 2017-08-02 17:36 - 000218158 _____ C:\TDSSKiller.3.1.0.15_02.08.2017_17.31.52_log.txt
2017-08-02 17:31 - 2017-08-02 17:31 - 004922400 _____ (AO Kaspersky Lab) C:\Users\Brenden\Desktop\tdsskiller.exe
2017-08-02 16:00 - 2017-08-02 16:00 - 064025992 _____ (Malwarebytes ) C:\Users\Brenden\Downloads\mb3-setup-1878.1878-3.1.2.1733-10139.exe
2017-08-02 15:50 - 2017-08-02 15:51 - 162135728 _____ (Kaspersky Lab) C:\Users\Brenden\Downloads\kav18.0.0.405aben_es_fr_12609.exe
2017-08-02 15:50 - 2017-08-02 15:50 - 164428464 _____ (Kaspersky Lab) C:\Users\Brenden\Downloads\kis18.0.0.405aben_es_fr_12628.exe
2017-08-02 11:46 - 2017-08-02 11:46 - 000138142 _____ C:\Users\Brenden\Desktop\RJD Calendar 2017-07-31.pdf
2017-08-02 11:31 - 2017-08-17 13:46 - 000093696 _____ C:\Users\Brenden\Desktop\macrogen_test2.xls
2017-07-26 16:40 - 2017-07-26 16:40 - 000000000 ____D C:\Users\Brenden\Desktop\ICPP PResentations for B Chen
2017-07-26 10:30 - 2017-07-26 10:30 - 000000000 ____D C:\Users\Brenden\AppData\Local\TIBCO
2017-07-26 10:27 - 2017-07-26 10:27 - 000000000 ____D C:\Users\Brenden\AppData\Local\Downloaded Installations

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-25 15:53 - 2011-05-16 17:42 - 000000382 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2017-08-25 15:52 - 2009-07-14 00:45 - 000031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-25 15:52 - 2009-07-14 00:45 - 000031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-25 15:50 - 2009-07-14 01:13 - 000799906 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-25 15:50 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2017-08-25 15:46 - 2017-07-19 17:32 - 000003350 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-852523077-2477265811-1022050412-1003
2017-08-25 15:46 - 2017-07-19 17:32 - 000003220 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-852523077-2477265811-1022050412-1003
2017-08-25 15:42 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-25 14:13 - 2013-11-04 19:46 - 000000000 ____D C:\AdwCleaner
2017-08-25 14:07 - 2016-01-20 11:05 - 000001868 _____ C:\Users\Admin\Desktop\JRT.txt
2017-08-25 13:54 - 2009-07-14 00:45 - 002363192 _____ C:\Windows\system32\FNTCACHE.DAT
2017-08-25 13:53 - 2016-09-27 13:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-25 13:53 - 2013-03-07 14:52 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-25 13:41 - 2011-06-09 03:40 - 000792520 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-08-25 13:38 - 2014-03-02 15:56 - 000000000 ____D C:\Windows\system32\MRT
2017-08-25 13:34 - 2012-07-11 13:50 - 140394280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-08-25 13:32 - 2017-07-21 12:58 - 000003212 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-852523077-2477265811-1022050412-1001
2017-08-25 13:32 - 2017-03-20 10:29 - 000000000 ____D C:\Users\Admin\.rainlendar2
2017-08-25 13:32 - 2013-04-18 18:21 - 000003346 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-852523077-2477265811-1022050412-1001
2017-08-25 13:29 - 2016-11-16 08:56 - 000000000 ____D C:\Users\Brenden\AppData\LocalLow\Mozilla
2017-08-23 16:23 - 2017-07-14 13:21 - 000000000 ____D C:\Users\Brenden\Desktop\HMBS mutation paper
2017-08-21 10:32 - 2013-05-04 23:50 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-17 15:00 - 2016-02-09 12:20 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-17 13:43 - 2015-12-11 15:59 - 000000000 ____D C:\Users\Brenden\Desktop\Zali
2017-08-16 10:31 - 2012-07-09 11:50 - 000000000 ____D C:\Users\Brenden\Desktop\personal miscel
2017-08-14 10:11 - 2011-11-18 01:51 - 000000000 ____D C:\Users\Brenden\AppData\Local\CrashDumps
2017-08-11 12:03 - 2016-09-29 14:54 - 000094720 _____ C:\Users\Brenden\Desktop\macrogen_template.xls
2017-08-10 15:24 - 2016-02-09 12:21 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-08-09 17:20 - 2013-06-06 19:16 - 000000600 _____ C:\Users\Brenden\AppData\Roaming\winscp.rnd
2017-08-08 13:07 - 2014-04-04 12:17 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-08-08 13:07 - 2012-07-13 18:24 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-08-08 13:07 - 2012-07-13 18:24 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-08 13:07 - 2012-07-13 18:24 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-08 13:07 - 2011-05-16 17:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-08-04 14:02 - 2012-07-09 11:50 - 000000000 ____D C:\Users\Brenden\Desktop\Areas of study
2017-08-04 10:55 - 2009-07-13 22:34 - 000000478 _____ C:\Windows\win.ini
2017-08-03 13:12 - 2016-09-01 11:19 - 000000000 ____D C:\Users\Brenden\Documents\Outlook Files
2017-08-03 12:01 - 2016-03-30 12:01 - 000000000 ____D C:\Users\Public\Documents\EndNote
2017-08-03 11:26 - 2014-05-15 04:06 - 000000000 ____D C:\Program Files\WinRAR
2017-08-03 11:26 - 2012-10-07 16:03 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-03 10:25 - 2012-06-14 03:34 - 000000000 ____D C:\Program Files (x86)\Bonjour
2017-08-03 10:23 - 2015-01-14 13:25 - 000000000 ____D C:\Program Files (x86)\QuickTime
2017-08-02 15:40 - 2011-06-09 14:15 - 000000000 ____D C:\Users\Admin
2017-08-02 15:39 - 2014-05-23 04:49 - 001790024 _____ (Malwarebytes) C:\Users\Brenden\Downloads\JRT.exe
2017-07-26 13:52 - 2014-08-16 22:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-07-26 13:52 - 2013-10-26 12:29 - 000000000 ____D C:\ProgramData\Oracle
2017-07-26 13:52 - 2011-06-09 02:45 - 000000000 ____D C:\Program Files (x86)\Java
2017-07-26 13:47 - 2015-02-05 20:44 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-07-26 13:44 - 2012-07-13 18:17 - 000738368 _____ (Oracle Corporation) C:\Users\Brenden\Downloads\jxpiinstall.exe

==================== Files in the root of some directories =======

2014-05-15 03:40 - 2013-02-18 18:46 - 004216840 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\vcredist_2008_sp1_x86.exe
2013-06-06 19:28 - 2014-02-14 17:50 - 000000600 _____ () C:\Users\Admin\AppData\Roaming\winscp.rnd
2013-04-21 19:15 - 2013-04-21 19:34 - 000007599 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2012-11-22 15:30 - 2012-11-22 15:30 - 000001056 ___SH () C:\ProgramData\KGyGaAvL.sys

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-21 12:17

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Admin (25-08-2017 15:56:04)
Running from C:\Users\Brenden\Downloads
Windows 7 Professional Service Pack 1 (X64) (2011-06-09 18:15:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-852523077-2477265811-1022050412-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-852523077-2477265811-1022050412-500 - Administrator - Disabled)
Brenden (S-1-5-21-852523077-2477265811-1022050412-1003 - Limited - Enabled) => C:\Users\Brenden
Guest (S-1-5-21-852523077-2477265811-1022050412-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-852523077-2477265811-1022050412-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20095 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.1 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Agilent Genomic Workbench 7.0.4.0 (HKLM\...\Agilent Genomic Workbench 7.0.4.0) (Version: 7.0.4.0 - Agilent Technologies, Inc.)
Anki (HKLM-x32\...\Anki) (Version:  - )
AVS Audio Converter 7.2 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 7.2.2.529 - Online Media Technologies Ltd.)
AVS Video Converter 8.5 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)
B1 Free Archiver (HKLM-x32\...\B1FreeArchiver) (Version: 1.5.86.4889 - Catalina Group Ltd)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Burn.Now 4.5 (HKLM-x32\...\{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation) Hidden
calibre (HKLM-x32\...\{8D8C1516-D6D5-41F1-B98B-DCCCF17F8ED2}) (Version: 1.36.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
cgoban (HKLM\...\{org.igoweb.cgoban}}_is1) (Version: 1.0 - Unknown)
CGoban 3-NFA (HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\CGoban 3-NFA) (Version:  - KGS Online)
Chromas version 2.6 (HKLM\...\{B6EF9938-F178-44C7-8B7A-AD29D4AAFF1F}_is1) (Version: 2.6 - Technelysium Pty Ltd)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-852523077-2477265811-1022050412-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
Conexant 20671 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.14.51 - Conexant)
CopyCaller v2.0 (HKU\S-1-5-21-852523077-2477265811-1022050412-1001\...\CopyCaller v2.0) (Version: 2.0.0.0 - Applied Biosystems)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (HKLM-x32\...\{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Cyberduck 14140 (4.4.3) (HKLM-x32\...\Cyberduck) (Version: 14140 (4.4.3) - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (HKLM-x32\...\{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}) (Version: 1.00.0000 - Corel Corporation) Hidden
Direct DiscRecorder (HKLM-x32\...\InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}) (Version: 1.00.0000 - Corel Corporation) Hidden
DiskCheckup v3.2 (HKLM-x32\...\DiskCheckup_is1) (Version: 3.2.1000 - PassMark Software)
DjVuLibre+DjView (HKLM-x32\...\DjVuLibre+DjView) (Version: 3.5.25.3+4.9 - DjVuZone)
EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.7.1.10036 - Thomson Reuters)
Expression Console v1.3.1 (HKLM\...\{762ED8AF-9DEA-4801-8EAC-FBCF8BF308C4}) (Version: 1.3.1 - Affymetrix) Hidden
Expression Console v1.3.1 (HKLM-x32\...\InstallShield_{762ED8AF-9DEA-4801-8EAC-FBCF8BF308C4}) (Version: 1.3.1 - Affymetrix)
Expression2Kinases 1.6-SNAPSHOT (HKLM-x32\...\Expression2Kinases 1.6-SNAPSHOT) (Version: 1.6-SNAPSHOT - )
External Tools Installer (HKLM-x32\...\{740249D6-DC4B-493C-8207-AC7115F9BC55}) (Version: 3.2.0000 - Gene Codes Corporation)
FileAlyzer 2 (HKLM-x32\...\{29D3773E-54F4-23C2-D523-236A4453B845}_is1) (Version: 2.0.5.57 - Safer Networking Limited)
FileMaker Pro 13 (HKLM-x32\...\{6CF0F13C-469E-4979-A577-3DA3563EEC27}) (Version: 13.0.3.0 - FileMaker, Inc.) Hidden
FileMaker Pro 13 (HKLM-x32\...\{6CF0F13C-469E-4979-A577-3DA3563EEC27}_FileMaker) (Version: 13.0.3.0 - FileMaker, Inc.)
FileZilla Client 3.7.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.7.0.2 - FileZilla Project)
foobar2000 v0.9.6.9 (HKLM-x32\...\foobar2000) (Version: 0.9.6.9 - Peter Pawlowski)
GnuWin32: Tiff-3.8.2-1 (HKLM-x32\...\Tiff-3.8.2-1_is1) (Version: 3.8.2-1 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoPanda (HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\GoPanda) (Version:  - PandaNet Inc.)
iDailyDiary 3.85 (HKLM-x32\...\iDailyDiary_is1) (Version:  - Splinterware Software Solutions)
ImageJ 1.47t (HKLM-x32\...\ImageJ_is1) (Version:  - NIH)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Japanese Fonts Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kits Configuration Installer (HKLM-x32\...\{E14DDED2-919B-FCCB-84AC-5ABB6D182D46}) (Version: 8.59.25584 - Microsoft) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.20 - Lenovo)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5717.35 - PC-Doctor, Inc.)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo)
Macrium Reflect Free Edition (HKLM\...\{911949A6-66E6-4C52-8264-CEA4DF6A5A83}) (Version: 6.3.1665 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MATLAB® Compiler Runtime 7.14 (HKLM-x32\...\{C378CC29-6633-4814-8EB8-5EE308452800}) (Version: 7.14 - The MathWorks)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
MiKTeX 2.9 (HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MiniTool Power Data Recovery Free Edition 7.0 (HKLM\...\MiniTool Power Data Recovery Free Edition_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 55.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.2 (x86 en-US)) (Version: 55.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.2.6435 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NTREGOPT 1.1j (HKLM-x32\...\NTREGOPT_is1) (Version:  - Lars Hederer)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.23.00 - )
Padre on Strawberry Perl version 0.05 (HKLM-x32\...\Strawberry_Perl_with_Cream_is1) (Version: 0.05 - )
PANDA-glGo (HKLM-x32\...\glGo) (Version: 1.4 - PANDANET Inc.)
PDF reDirect (remove only) (HKLM-x32\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC)
PDF Settings (HKLM-x32\...\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.68.10 - Lenovo Group Limited)
Python 3.4.3 (HKLM-x32\...\{CCD588A7-8D55-49F1-A30C-47FAB40889ED}) (Version: 3.4.16490 - Python Software Foundation)
R for Windows 2.15.1 (HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\R for Windows 2.15.1_is1) (Version: 2.15.1 - R Core Team)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
RapidBoot (HKLM-x32\...\{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}) (Version: 1.00 - Lenovo) Hidden
RapidBoot (HKLM-x32\...\InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}) (Version: 1.00 - Lenovo)
RealDownloader (HKLM-x32\...\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}) (Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.35.1206.2010 - Realtek)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - Thomson Reuters)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RICOH Media Driver v2.10.18.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.10.18.02 - RICOH)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Sansa Updater (HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\Sansa Updater) (Version: 1.313 - SanDisk Corporation)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
Sequencher 5.1 Demo (HKLM-x32\...\{409D587F-F603-44E2-9990-B505CD52E25F}) (Version: 5.1 - Gene Codes Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SignalMap (HKLM-x32\...\SignalMap) (Version: 1.9.0.5 - Roche)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Step1MCQ (HKLM-x32\...\{717C185B-3827-4AE9-A68A-5ADDA85D28FC}) (Version: 1.00.000 - )
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1248 - SUPERAntiSpyware.com)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0039 - Lenovo)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.19.0 - )
ThinkPad Wireless LAN Adapter Software (HKLM-x32\...\{9D3D2C60-A55F-4fed-B2B9-17311226DF01}) (Version: 1.00.0029.5 - REALTEK Semiconductor Corp.)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.74 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.00 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.03 - Lenovo)
Ubuntu (HKLM-x32\...\Wubi) (Version: 12.04-rev266 - Ubuntu)
VIP Access (HKLM-x32\...\{7EB5B9B6-E7BF-4E8F-B478-1266A78CF231}) (Version: 2.2.1.13 - Symantec Corporation)
Windows Driver Frameworks Update Packages (HKLM-x32\...\{42267A4D-9BDD-4B06-9FB7-2A7D7D5D6D6F}) (Version: 8.0.0.0 - Microsoft)
Windows Driver Kit (HKLM-x32\...\{b30a945f-0808-4e62-adc1-827f8fbd259e}) (Version: 8.59.29757 - Microsoft Corporation)
Windows Driver Package - Intel (iaStor) hdc  (11/06/2010 10.1.0.1008) (HKLM\...\73C6BE3E3B6FC5418F2B47E6C75F6C8F9552DC12) (Version: 11/06/2010 10.1.0.1008 - Intel)
Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows Driver Package - Realtek (RTL8167) Net  (12/06/2010 7.035.1206.2010) (HKLM\...\22AF3CC91FBC5231DD5CB8903F03E2AF3E97ADDF) (Version: 12/06/2010 7.035.1206.2010 - Realtek)
Windows Driver Package - Synaptics (SynTP) Mouse  (03/24/2011 15.2.19.0) (HKLM\...\5DF942712DC7660AE4A1B04809A1C3F67B0CA27C) (Version: 03/24/2011 15.2.19.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinRAR 5.50 beta 6 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.6 - win.rar GmbH)
WinSCP 5.1.5 (HKLM-x32\...\winscp3_is1) (Version: 5.1.5 - Martin Prikryl)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-852523077-2477265811-1022050412-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brenden\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Brenden\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Brenden\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Users\Brenden\Desktop\Notepad++\NppShell_06.dll [2014-05-12] ()
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-02] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-02] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-03-30] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-02] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-02] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-852523077-2477265811-1022050412-1001: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ContextMenuHandlers4_S-1-5-21-852523077-2477265811-1022050412-1001: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ContextMenuHandlers5_S-1-5-21-852523077-2477265811-1022050412-1001: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11F623F0-FA2E-4CD5-AC1A-B1628B2D9661} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-852523077-2477265811-1022050412-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {3DE0EF36-D117-429A-80D3-9A4ACE74F702} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2010-12-09] ()
Task: {4618C8B7-CAD2-4F10-953D-5B52910DAFDE} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2016-04-14] (Lenovo Group Limited)
Task: {461AFB15-E5F1-4511-954C-3B3E4F32C040} - System32\Tasks\{5EA3DB27-C59E-43DC-BF44-822C9C636295} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Agilent\Agilent Genomic Workbench 7.0.4.0\Agilent Genomic Workbench 7.0.4.0.exe" -d "C:\Program Files\Agilent\Agilent Genomic Workbench 7.0.4.0\"
Task: {47E27528-5238-4E1E-B113-B331CD4C264D} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-852523077-2477265811-1022050412-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {55D93B8F-E665-4FB8-B3AC-88DD54866881} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-03] (Google Inc.)
Task: {5BA35272-F84C-4BF3-8A0D-04FFF71CC099} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-852523077-2477265811-1022050412-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {7478B3A6-9E65-4AB1-A65D-5589775E4516} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\pcdrcui.exe [2010-12-09] (PC-Doctor, Inc.)
Task: {7AF89C33-BD1E-40C6-BB12-7A40B7025941} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation) <==== ATTENTION
Task: {83992CCD-8498-4140-8861-05CEB39B4543} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {A5AAF2E7-7513-4B60-94EC-F00FB62A9523} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-03] (Google Inc.)
Task: {B997E88B-47ED-40C0-918B-8763D61FD0E7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {CA021FEF-F8AF-412B-89D2-41E7846621C1} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-852523077-2477265811-1022050412-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {D4B2EE18-98D6-4EA1-9404-2736CEC18565} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-852523077-2477265811-1022050412-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {DB5858BA-AFC2-43AB-91BD-FF3AE56B888D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {E66AA284-04DF-4153-AA3B-5629CCDE5238} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: {EBFF91B4-C94E-4939-B0ED-8D82FCC53F54} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-852523077-2477265811-1022050412-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {F2C0F1C3-7FA2-41F5-AB2F-72C0BCEA87F3} - System32\Tasks\{97D26C4F-7B6B-4B76-BE2D-196B47E0AE6B} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" -d "C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader"
Task: {FD392DE7-7EC1-4A0A-B521-48D6CF7A717B} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-852523077-2477265811-1022050412-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {FFE2277E-4CB9-4EAE-9F19-64BD4667BCC1} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-852523077-2477265811-1022050412-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\pcdrcui.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Admin\Desktop\CopyCaller v2.0.lnk -> C:\Applied Biosystems\CopyCaller v2.0\CopyCaller.bat ()

==================== Loaded Modules (Whitelisted) ==============

2010-06-06 10:20 - 2010-06-06 10:20 - 000065344 _____ () C:\Windows\System32\PDFreDirectMon64.dll
2013-03-06 02:21 - 2013-03-06 02:21 - 000039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-08-03 17:36 - 2016-04-14 06:08 - 000107008 _____ () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2014-05-12 05:49 - 2014-05-12 05:49 - 000222720 _____ () C:\Users\Brenden\Desktop\Notepad++\NppShell_06.dll
2011-05-16 17:15 - 2011-03-24 06:48 - 000057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2011-05-16 17:27 - 2010-10-26 15:40 - 000049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2011-05-16 17:31 - 2011-03-30 19:54 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2009-05-28 01:09 - 2009-05-28 01:09 - 000049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2011-05-16 17:35 - 2010-04-06 12:05 - 002085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2011-05-16 17:35 - 2010-04-06 12:04 - 002201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 004300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 008801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> 008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> 00hq.com
IE restricted site: HKU\.DEFAULT\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\.DEFAULT\...\01i.info -> 01i.info
IE restricted site: HKU\.DEFAULT\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\.DEFAULT\...\05p.com -> 05p.com
IE restricted site: HKU\.DEFAULT\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\.DEFAULT\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\.DEFAULT\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\.DEFAULT\...\0calories.net -> 0calories.net
IE restricted site: HKU\.DEFAULT\...\0cj.net -> 0cj.net
IE restricted site: HKU\.DEFAULT\...\0scan.com -> 0scan.com
IE restricted site: HKU\.DEFAULT\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1-se.com -> 1-se.com
IE restricted site: HKU\.DEFAULT\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\.DEFAULT\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\.DEFAULT\...\100gal.net -> 100gal.net
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com

There are 5317 more sites.

IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1001\...\100sexlinks.com -> 100sexlinks.com

There are 5317 more sites.

IE trusted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\hgmd.org -> hxxps://www.hgmd.org
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\100sexlinks.com -> 100sexlinks.com

There are 5317 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-05-30 12:11 - 000000747 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-852523077-2477265811-1022050412-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-852523077-2477265811-1022050412-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Brenden\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.94.8.20 - 10.95.16.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{AE8C7F45-5B65-4F6B-A078-AC7973CBFCBA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{56334AA1-83F3-4E6C-A2AC-00EB5D93C28F}] => (Allow) LPort=2869
FirewallRules: [{B32B484B-8157-49CA-B1FE-D68FFCCF675C}] => (Allow) LPort=1900
FirewallRules: [{8DA27637-2445-4AEC-9C9A-6D0DFD6FABFE}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{1A1DE2D5-0AC9-41FD-9E71-976BFFEEA12E}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{582BF6EF-7C0C-4BD6-964B-123AA06CB73D}] => (Allow) C:\Users\Brenden\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4490EA2C-E745-4D31-8E91-FB85609F5729}] => (Allow) C:\Users\Brenden\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{454E201D-138D-4E7E-A84B-33643AC271FB}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{1798E67E-114C-4901-8126-1F0E1BCC9A89}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{627B1F55-DBC8-4AFE-BA56-1F528C973C9C}C:\users\brenden\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\brenden\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{1888A46B-99F3-4EE3-8287-9E3CF17C13EC}C:\users\brenden\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\brenden\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{D4CC8003-A098-4CF3-86EF-C9036DB94CD2}] => (Block) C:\users\brenden\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{30CAC06E-5F1C-4BD8-B857-733542EDB505}] => (Block) C:\users\brenden\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{70AFA74E-005B-41C3-AAA3-8F3F4A2D6606}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{1D8FFF6F-2B6B-4895-9E70-25D0420DB7EF}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{5458F0BA-D6A8-4CCD-BDE1-3D792038B916}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [UDP Query User{DA9E745C-2DF8-47A4-AA66-7FA77C4EA655}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [TCP Query User{064DD231-6464-437D-A520-42DD39398714}C:\users\brenden\desktop\counter-strike 1.6\hl.exe] => (Block) C:\users\brenden\desktop\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{38B10544-54BD-429E-80CE-9354EF8AD3C0}C:\users\brenden\desktop\counter-strike 1.6\hl.exe] => (Block) C:\users\brenden\desktop\counter-strike 1.6\hl.exe
FirewallRules: [TCP Query User{5680C0AE-B354-4F8D-AE66-EA270D8799AA}C:\users\brenden\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\brenden\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{8A2F3837-8ED0-48EC-94BA-581D09423DCB}C:\users\brenden\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\brenden\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{E39211E9-4DEE-46C1-80BD-111585ABF31F}C:\program files (x86)\imagej\imagej.exe] => (Allow) C:\program files (x86)\imagej\imagej.exe
FirewallRules: [UDP Query User{AC64C0E0-9D28-4C55-858E-64256A14C086}C:\program files (x86)\imagej\imagej.exe] => (Allow) C:\program files (x86)\imagej\imagej.exe
FirewallRules: [{DD2881CB-9044-4956-99EB-786C3CE861FE}] => (Block) C:\program files (x86)\imagej\imagej.exe
FirewallRules: [{27ED9A8A-92B5-49DF-A687-CEBCE1B98803}] => (Block) C:\program files (x86)\imagej\imagej.exe
FirewallRules: [{5089B36F-63F7-4BD6-9949-2B3D02ACECE3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{1D7186AE-4045-4748-8D12-6F6FC6A5C1AA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{72065031-1BF3-4F91-B949-0DE7443A32EA}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{37E3F20F-DE20-4516-B208-CC46191BDD72}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AD29B28E-7AA3-4C13-8BCB-E7373F378ED2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DC5FA52D-2EA4-4A63-8CD3-CE3CF4B3D717}] => (Allow) LPort=2869
FirewallRules: [{8C4C9F01-E6ED-4EE4-A861-ED9D6069E637}] => (Allow) LPort=1900
FirewallRules: [{AF4AE69A-970E-423A-BC81-27A1EA6D36DD}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9B15F693-7BE6-4C83-ACC0-C481A95321E0}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{E4714ADC-D31E-483B-BED7-EE134571BD0A}C:\program files (x86)\valve\portal 2\portal2.exe] => (Allow) C:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [UDP Query User{04870D66-C8F2-469A-BBEE-DB139BBAEF25}C:\program files (x86)\valve\portal 2\portal2.exe] => (Allow) C:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [{3733C92E-EC05-4014-B40F-9E9C9CEC76FE}] => (Allow) LPort=48113
FirewallRules: [{740197B5-9B91-43DC-9448-5F2FAA99E4ED}] => (Allow) LPort=48113
FirewallRules: [{9CD09840-B549-4F75-9EEB-6BE3B543DAE8}] => (Allow) C:\Program Files\ma-config.com\x64\maconfservice.exe
FirewallRules: [{7B0CA09B-E132-4AA1-8B28-59AA97CB5C57}] => (Allow) C:\Program Files\ma-config.com\x64\maconfservice.exe
FirewallRules: [{DDBDFF88-AB5D-48C8-97E3-C62C37C73A65}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{098976E5-15FD-484D-A487-16CB85708525}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{B8B4E785-9232-4B9A-8B01-74C63AC2AA26}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{E37493F8-C5FE-44CF-BE19-A6D716132D7A}E:\programmation\qtchat\release\qtchat.exe] => (Allow) E:\programmation\qtchat\release\qtchat.exe
FirewallRules: [UDP Query User{44823339-CF28-4006-8630-458A16074A94}E:\programmation\qtchat\release\qtchat.exe] => (Allow) E:\programmation\qtchat\release\qtchat.exe
FirewallRules: [{204A6AA5-9247-4962-B215-AE31E13E695F}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\WDExpress.exe
FirewallRules: [TCP Query User{6D0D83BF-46DD-4AD9-ADAF-FEFDCBDD8796}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe
FirewallRules: [UDP Query User{35CE3A0D-04E0-4137-BD84-AA59DAD8ACD3}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe
FirewallRules: [{75F7ED18-0511-4362-A6A1-FD4D619DE3ED}] => (Block) C:\program files\hexchat\hexchat.exe
FirewallRules: [{4DA3135C-FE3A-4327-9163-37CEA0209ED3}] => (Block) C:\program files\hexchat\hexchat.exe
FirewallRules: [{573B896D-020E-4BA1-8A7D-2B00FEF657AF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{71208DBF-9134-4B04-AA07-9AC6811AFF25}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{B85935D6-B4DF-4C96-BCF0-61C70E752572}C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe] => (Block) C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe
FirewallRules: [UDP Query User{1BF086B1-6937-4B70-8E0C-0039BEC166F3}C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe] => (Block) C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe
FirewallRules: [{A9F74A4B-D62E-4EBA-BF82-BECF5CB16357}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6E5A586A-2161-4ED0-B398-099F2F3B70FB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{852DDACE-F382-429F-B738-D550A5DA4160}C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [UDP Query User{041BB119-FEEE-464A-86B5-0D20F4231B7F}C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [{4461E257-2CE4-41B1-9A93-0C9CA8A39E64}] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [{0989ECC7-8637-4A37-86A8-0D786DA26052}] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [TCP Query User{950A554A-E652-4485-899C-E249CB203345}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{968400F7-46A9-4C65-889B-FD124DF1EBAD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{A38B6E13-9E41-4791-B79F-D1D1802CACAE}C:\users\brenden\desktop\sds2.4\jre\bin\java.exe] => (Allow) C:\users\brenden\desktop\sds2.4\jre\bin\java.exe
FirewallRules: [UDP Query User{358410F0-0948-4166-8167-DF5CE73D31C7}C:\users\brenden\desktop\sds2.4\jre\bin\java.exe] => (Allow) C:\users\brenden\desktop\sds2.4\jre\bin\java.exe
FirewallRules: [{80D48E79-3FCE-4013-BBB5-532C17C7EDD3}] => (Block) C:\users\brenden\desktop\sds2.4\jre\bin\java.exe
FirewallRules: [{38B2C3ED-B961-4307-A517-5C36647229DB}] => (Block) C:\users\brenden\desktop\sds2.4\jre\bin\java.exe
FirewallRules: [TCP Query User{3E132C1A-0FF9-4837-A733-4A6B6C96A90E}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [UDP Query User{58CD7F20-CCC3-4AE5-A898-19598D6E0BAA}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [{BDDC1C91-46EA-4E5C-BE99-2C73EA3E6F34}] => (Block) C:\windows\system32\ftp.exe
FirewallRules: [{A3F1F700-8A00-4DB7-A650-36BB24C08937}] => (Block) C:\windows\system32\ftp.exe
FirewallRules: [{2C219096-E0CD-49D2-9D8B-09A0631BC803}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{739EA340-60AD-4262-AA8A-DB2218D9EE47}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{36743A48-772F-483D-AD59-E17E74305C3C}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{25498F58-831B-433D-8629-BB44BBF1363F}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{DBAF2BA0-196A-49EB-8761-FDBE248672CF}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{9FD3E0B5-79A9-4A71-8FD7-9A8CBE0A4B52}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [TCP Query User{CF00A8D6-CCCC-4F55-B6C5-A4B0AA96C736}C:\users\brenden\desktop\igv_2.3.68_jre\jre1.8.0_72\bin\javaw.exe] => (Block) C:\users\brenden\desktop\igv_2.3.68_jre\jre1.8.0_72\bin\javaw.exe
FirewallRules: [UDP Query User{3FCBC51D-D5F2-4A33-9038-8F0AF34CAAE8}C:\users\brenden\desktop\igv_2.3.68_jre\jre1.8.0_72\bin\javaw.exe] => (Block) C:\users\brenden\desktop\igv_2.3.68_jre\jre1.8.0_72\bin\javaw.exe
FirewallRules: [{743E63F0-0411-45FA-94FA-234E697FFF29}] => (Allow) C:\Users\Admin\AppData\Local\temp\7zS63D6.tmp\SymNRT.exe
FirewallRules: [{7F8F4719-DE92-4822-8ABC-F9E7984D2504}] => (Allow) C:\Users\Admin\AppData\Local\temp\7zS63D6.tmp\SymNRT.exe
FirewallRules: [TCP Query User{F4581529-E156-4912-8526-DF219A9FBEB6}C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe
FirewallRules: [UDP Query User{924286D8-6022-4867-B471-6BCA794E4FD1}C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe
FirewallRules: [{04C6D767-99B5-4A71-B5A8-8CE64D030DF9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

21-08-2017 10:56:38 Windows Update
25-08-2017 13:00:12 Windows Update
25-08-2017 13:33:06 Windows Update

==================== Faulty Device Manager Devices =============

Name: 1x1 11b/g/n Wireless LAN PCI Express Half Mini Card Adapter
Description: 1x1 11b/g/n Wireless LAN PCI Express Half Mini Card Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Lenovo Corp.
Service: RTL8192Ce
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/25/2017 03:43:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/25/2017 02:10:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/25/2017 02:06:34 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Admin\AppData\Local\Temp\jrt\CreateRestorePoint.exe  "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).

Error: (08/25/2017 02:04:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/25/2017 01:54:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/25/2017 01:18:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/25/2017 01:00:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKslc8f30b4b.

System Error:
The system cannot find the file specified.
.

Error: (08/25/2017 08:53:20 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "c:\users\brenden\documents\r\r-2.15.1\tcl\bin64\tk85.dll".Error in manifest or policy file "c:\users\brenden\documents\r\r-2.15.1\tcl\bin64\tk85.dll" on line 9.
The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.

Error: (08/24/2017 02:30:56 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (08/24/2017 08:15:29 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "c:\users\brenden\documents\r\r-2.15.1\tcl\bin64\tk85.dll".Error in manifest or policy file "c:\users\brenden\documents\r\r-2.15.1\tcl\bin64\tk85.dll" on line 9.
The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (08/25/2017 03:44:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (08/25/2017 03:36:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/25/2017 03:36:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/25/2017 03:36:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/25/2017 03:34:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/25/2017 03:34:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/25/2017 03:34:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/25/2017 03:29:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/25/2017 03:29:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/25/2017 03:29:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.


CodeIntegrity:
===================================
  Date: 2014-05-23 01:17:42.873
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix_52314\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-05-23 01:17:42.753
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix_52314\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-21 17:37:16.410
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-21 17:37:16.176
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-21 17:37:15.896
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-21 17:37:15.662
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-04 20:35:37.131
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-04 20:35:36.944
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-22 14:31:17.051
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-11-22 14:31:16.991
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 53%
Total physical RAM: 4007.23 MB
Available physical RAM: 1877.57 MB
Total Virtual: 8012.65 MB
Available Virtual: 5818.59 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:287.15 GB) (Free:35.3 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:0.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: BFE9F3ED)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=287.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Edited by hamluis, 25 August 2017 - 05:27 PM.
Moved from AII to MRL - Hamluis.


BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,651 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:03:01 PM

Posted 26 August 2017 - 12:02 PM

seraphin:

 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil.  May I address you by your first name?
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time, normally 48 hours after your last post.
 
Please continue to copy and paste the contents of all requested log files directly into your replies.   Please do not use "code" or "quote" boxes.  Thank you for your anticipated cooperation.
 
I will need some time to review your FRST logs.  That could take a day or two.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,651 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:03:01 PM

Posted 26 August 2017 - 01:30 PM

seraphin:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: Are you familiar with tygem.com? I see an entry in the FRST log. It appears to be a game, from my research.

.

:step2: The FRST logs reveal that you have Java installed on your computer. Java has a long history of security vulnerabilities. Unless you need it, I would recommend that you uninstall the program.

I uninstalled Java from my two computers over two years ago, and I have never missed it. Some older games do require Java, but most computer users don't need it, so they are just taking an unnecessary chance of their computer being infected.

Please see this link for more information; or, "google" "Java security vulnerabilities."

Please let me know what you decide to do: keep it or uninstall it. It is your computer, so it is your decision.

.

:step3: The "Addition.txt" file log shows evidence that ComboFix was run, at some time, on this computer. Running ComboFix, if you are not qualified in its use, is not recommended. Please see this link for more information.

Is ComboFix still on your computer? It is causing system errors so we need to get rid of the remnants.

.

:step4: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-852523077-2477265811-1022050412-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF HKU\S-1-5-21-852523077-2477265811-1022050412-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found
VirusTotal: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx
2017-08-03 10:23 - 2015-01-14 13:25 - 000000000 ____D C:\Program Files (x86)\QuickTime
CustomCLSID: HKU\S-1-5-21-852523077-2477265811-1022050412-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brenden\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Brenden\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Brenden\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ContextMenuHandlers1_S-1-5-21-852523077-2477265811-1022050412-1001: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ContextMenuHandlers4_S-1-5-21-852523077-2477265811-1022050412-1001: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ContextMenuHandlers5_S-1-5-21-852523077-2477265811-1022050412-1001: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
Task: {F2C0F1C3-7FA2-41F5-AB2F-72C0BCEA87F3} - System32\Tasks\{97D26C4F-7B6B-4B76-BE2D-196B47E0AE6B} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" -d "C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader"
C:\Program Files\Common Files\Bitdefender
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,651 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:03:01 PM

Posted 29 August 2017 - 12:46 PM

seraphin:

 
Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.
 
If I have not heard from you in another two days, I will conclude your topic.  You can always reopen it by sending a Personal Message to a Moderator.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,651 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:03:01 PM

Posted 31 August 2017 - 10:28 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Member of the Unified Network of Instructors and Trusted Eliminators





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users