Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MSE states preliminary scan results might have infection but nothing found.


  • This topic is locked This topic is locked
28 replies to this topic

#1 naughtycomputer

naughtycomputer

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 26 August 2017 - 03:46 PM

I do not have any symptoms but MSE indicates a possible PUP when it scans svchost but shows nothing in the log when finished.  I have run the Windows Defender offline scan and nothing is found. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Bob's-Fast (administrator) on BOBS-FAST-PC (26-08-2017 13:13:49)
Running from C:\Users\Bob's-Fast\Desktop
Loaded Profiles: Bob's-Fast (Available Profiles: Bob's-Fast)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(DeviceVM) C:\ASUS.SYS\CONFIG\DVMExportService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Akamai Technologies, Inc.) C:\Users\Bob's-Fast\AppData\Local\Akamai\netsession_win.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
(Akamai Technologies, Inc.) C:\Users\Bob's-Fast\AppData\Local\Akamai\netsession_win.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\TurboV\TurboV.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(PFU LIMITED) C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\Rack2\RKiwrtK.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_26_0_0_151_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\wiawow64.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Organizer\Ocr\PfuSsOrgOcr.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8317472 2009-11-03] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Launchpad] => C:\Program Files\Windows Server\Bin\Launchpad.exe [1099360 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694072 2013-10-15] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [TurboV] => C:\Program Files (x86)\ASUS\TurboV\TurboV.exe [5655680 2010-07-02] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM-x32\...\Run: [ScanSnap WIA Service Checker] => C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
HKLM-x32\...\Run: [Rkiwrtk] => C:\Program Files (x86)\PFU\Rack2\RKiwrtK.exe [66952 2011-03-22] (PFU LIMITED)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3500056 2017-07-26] (Adobe Systems Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1091884102-4215430148-1950788253-1001\...\Run: [QuickenScheduledUpdates] => C:\Program Files (x86)\Quicken\bagent.exe [77216 2017-06-11] (Intuit Inc.)
HKU\S-1-5-21-1091884102-4215430148-1950788253-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-1091884102-4215430148-1950788253-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Bob's-Fast\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1091884102-4215430148-1950788253-1001\...\MountPoints2: {001ef9e9-46f2-11e2-ac17-20cf3058c58d} - N:\unlock.exe autoplay=true
HKU\S-1-5-21-1091884102-4215430148-1950788253-1001\...\MountPoints2: {008e9dfe-7371-11e0-8b2d-806e6f6e6963} - F:\unlock.exe autoplay=true
HKU\S-1-5-21-1091884102-4215430148-1950788253-1001\...\MountPoints2: {6795c94c-21a6-11e0-8c37-806e6f6e6963} - F:\.\Bin\Assetup.exe
HKU\S-1-5-21-1091884102-4215430148-1950788253-1001\...\MountPoints2: {99a7b94f-21b2-11e0-a256-20cf3058c58d} - F:\unlock.exe autoplay=true
HKU\S-1-5-21-1091884102-4215430148-1950788253-1001\...\MountPoints2: {cbc956d7-98ff-11e2-b531-20cf3058c58d} - "G:\WD Drive Unlock.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardMinder Viewer.lnk [2013-01-31]
ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk [2014-04-16]
ShortcutTarget: Conversion to PDF with ScanSnap Organizer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2011-06-25]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk [2014-04-16]
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\Users\Bob's-Fast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2011-10-22]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{14781555-64CC-43D1-A1BE-850344B90E60}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AB6B38BA-E8F2-4C38-925A-10B44E278D8D}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1091884102-4215430148-1950788253-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mail.aol.com/webmail-std/en-us/suite
SearchScopes: HKU\S-1-5-21-1091884102-4215430148-1950788253-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-01] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-01] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1091884102-4215430148-1950788253-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {99FE5072-78AA-4FEE-89BA-69A5FA55343F} hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2017-08-08]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-07-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-07-18] (NVIDIA Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-08-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-07-26]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
R2 HealthAlertsSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
S2 initMonitor; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation)
R2 MDES; C:\ASUS.SYS\CONFIG\DVMExportService.exe [319488 2009-03-24] (DeviceVM) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 NotificationsProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-07-18] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-07-26] (NVIDIA Corporation)
R2 providers_system; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
R2 ServiceProviderRegistry; C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [41568 2012-11-02] (Microsoft Corporation)
R2 SqmProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-15] (DEVGURU Co., LTD.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-11-20] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WSS_ComputerBackupProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-05] ()
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96256 2015-07-15] (Advanced Micro Devices) [File not signed]
R3 hcw89; C:\Windows\System32\DRIVERS\hcw89.sys [2423688 2016-08-03] (Hauppauge Computer Works, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 MpKsl631bca22; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{92C5921F-A028-46C3-906E-BC828CF1E54F}\MpKsl631bca22.sys [44928 2017-08-26] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S4 StarPort; C:\Windows\System32\DRIVERS\StarPort.sys [267608 2010-09-09] (StarWind Software)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2012-08-03] (Acronis)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-26 13:13 - 2017-08-26 13:14 - 000021102 _____ C:\Users\Bob's-Fast\Desktop\FRST.txt
2017-08-26 13:13 - 2017-08-26 13:13 - 000000000 ____D C:\FRST
2017-08-26 12:18 - 2017-08-26 12:18 - 002395648 _____ (Farbar) C:\Users\Bob's-Fast\Desktop\FRST64.exe
2017-08-18 19:13 - 2017-08-18 19:13 - 000002002 _____ C:\Users\Public\Desktop\Microsoft LifeCam.lnk
2017-08-18 19:13 - 2017-08-18 19:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
2017-08-18 19:13 - 2017-08-18 19:13 - 000000000 ____D C:\Program Files\Microsoft LifeCam
2017-08-18 19:13 - 2017-08-18 19:13 - 000000000 ____D C:\Program Files (x86)\Microsoft LifeCam
2017-08-14 07:13 - 2017-08-26 13:13 - 130285568 _____ C:\Windows\system32\config\SOFTWARE
2017-08-13 19:54 - 2017-08-13 19:54 - 000000000 ____D C:\Windows\Microsoft Antimalware
2017-08-10 14:02 - 2017-08-10 14:02 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-08-10 14:02 - 2017-07-18 15:38 - 000135800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-08-10 14:02 - 2017-03-10 14:17 - 000536864 _____ C:\Windows\system32\vulkan-1.dll
2017-08-10 14:02 - 2017-03-10 14:17 - 000525600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-08-10 14:02 - 2017-03-10 14:17 - 000254240 _____ C:\Windows\system32\vulkaninfo.exe
2017-08-10 14:02 - 2017-03-10 14:17 - 000233760 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-08-08 11:15 - 2017-07-29 07:56 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-08-08 11:15 - 2017-07-21 07:26 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll
2017-08-08 11:15 - 2017-07-21 07:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch40.dll
2017-08-08 11:15 - 2017-07-21 07:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll
2017-08-08 11:15 - 2017-07-21 07:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
2017-08-08 11:15 - 2017-07-15 11:35 - 000394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-08-08 11:15 - 2017-07-15 10:52 - 000346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-08-08 11:15 - 2017-07-14 08:29 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-08-08 11:15 - 2017-07-14 08:29 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-08-08 11:15 - 2017-07-14 08:29 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-08-08 11:15 - 2017-07-14 08:29 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-08-08 11:15 - 2017-07-14 08:29 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-08-08 11:15 - 2017-07-14 08:29 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-08-08 11:15 - 2017-07-14 08:29 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-08-08 11:15 - 2017-07-14 08:29 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-08-08 11:15 - 2017-07-14 08:29 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-08-08 11:15 - 2017-07-14 08:29 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-08-08 11:15 - 2017-07-14 08:29 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2017-08-08 11:15 - 2017-07-14 08:29 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-08-08 11:15 - 2017-07-14 08:12 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-08-08 11:15 - 2017-07-14 08:12 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-08-08 11:15 - 2017-07-14 08:11 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-08-08 11:15 - 2017-07-14 08:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-08-08 11:15 - 2017-07-14 08:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-08-08 11:15 - 2017-07-14 08:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-08-08 11:15 - 2017-07-14 08:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-08-08 11:15 - 2017-07-14 08:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-08-08 11:15 - 2017-07-14 08:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-08-08 11:15 - 2017-07-14 08:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-08-08 11:15 - 2017-07-14 08:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-08-08 11:15 - 2017-07-14 08:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-08-08 11:15 - 2017-07-14 08:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-08-08 11:15 - 2017-07-14 08:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-08-08 11:15 - 2017-07-14 08:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-08-08 11:15 - 2017-07-14 07:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-08-08 11:15 - 2017-07-14 07:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-08-08 11:15 - 2017-07-14 07:57 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-08-08 11:15 - 2017-07-14 07:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2017-08-08 11:15 - 2017-07-14 07:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2017-08-08 11:15 - 2017-07-14 00:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-08-08 11:15 - 2017-07-14 00:15 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-08-08 11:15 - 2017-07-13 23:49 - 025733632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-08-08 11:15 - 2017-07-13 23:47 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-08-08 11:15 - 2017-07-13 23:45 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-08-08 11:15 - 2017-07-13 23:45 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-08-08 11:15 - 2017-07-13 23:44 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-08-08 11:15 - 2017-07-13 23:44 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-08-08 11:15 - 2017-07-13 23:38 - 002899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-08-08 11:15 - 2017-07-13 23:29 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-08-08 11:15 - 2017-07-13 23:28 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-08-08 11:15 - 2017-07-13 23:22 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-08-08 11:15 - 2017-07-13 23:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-08-08 11:15 - 2017-07-13 23:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-08-08 11:15 - 2017-07-13 23:19 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-08-08 11:15 - 2017-07-13 23:19 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-08-08 11:15 - 2017-07-13 23:08 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-08-08 11:15 - 2017-07-13 23:02 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-08-08 11:15 - 2017-07-13 22:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-08-08 11:15 - 2017-07-13 22:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-08-08 11:15 - 2017-07-13 22:47 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-08-08 11:15 - 2017-07-13 22:42 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-08-08 11:15 - 2017-07-13 22:40 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-08-08 11:15 - 2017-07-13 22:35 - 005981184 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-08-08 11:15 - 2017-07-13 22:35 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-08-08 11:15 - 2017-07-13 22:33 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-08-08 11:15 - 2017-07-13 22:16 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-08-08 11:15 - 2017-07-13 22:11 - 000725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-08-08 11:15 - 2017-07-13 22:10 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-08-08 11:15 - 2017-07-13 22:09 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-08-08 11:15 - 2017-07-13 22:09 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-08-08 11:15 - 2017-07-13 21:40 - 015254016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-08-08 11:15 - 2017-07-13 21:23 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-08-08 11:15 - 2017-07-13 21:07 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-08-08 11:15 - 2017-07-13 20:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-08-08 11:15 - 2017-07-13 20:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-08-08 11:15 - 2017-07-13 19:54 - 020270080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-08-08 11:15 - 2017-07-13 19:48 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-08-08 11:15 - 2017-07-13 19:48 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-08-08 11:15 - 2017-07-13 19:48 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-08-08 11:15 - 2017-07-13 19:48 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-08-08 11:15 - 2017-07-13 19:47 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-08-08 11:15 - 2017-07-13 19:44 - 002290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-08-08 11:15 - 2017-07-13 19:42 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-08-08 11:15 - 2017-07-13 19:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-08-08 11:15 - 2017-07-13 19:39 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-08-08 11:15 - 2017-07-13 19:38 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-08-08 11:15 - 2017-07-13 19:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-08-08 11:15 - 2017-07-13 19:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-08-08 11:15 - 2017-07-13 19:30 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-08-08 11:15 - 2017-07-13 19:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-08-08 11:15 - 2017-07-13 19:25 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-08-08 11:15 - 2017-07-13 19:25 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-08-08 11:15 - 2017-07-13 19:23 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-08-08 11:15 - 2017-07-13 19:22 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-08-08 11:15 - 2017-07-13 19:21 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-08-08 11:15 - 2017-07-13 19:20 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-08-08 11:15 - 2017-07-13 19:17 - 004546048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-08-08 11:15 - 2017-07-13 19:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-08-08 11:15 - 2017-07-13 19:12 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-08-08 11:15 - 2017-07-13 19:11 - 002057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-08-08 11:15 - 2017-07-13 19:11 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-08-08 11:15 - 2017-07-13 19:09 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-08-08 11:15 - 2017-07-13 18:53 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-08-08 11:15 - 2017-07-13 18:50 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-08-08 11:15 - 2017-07-13 18:48 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-08-08 11:15 - 2017-07-08 08:34 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-08-08 11:15 - 2017-07-08 08:00 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-08-08 11:15 - 2017-07-07 08:37 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-08-08 11:15 - 2017-07-07 08:33 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-08-08 11:15 - 2017-07-07 08:33 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-08-08 11:15 - 2017-07-07 08:33 - 000363752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2017-08-08 11:15 - 2017-07-07 08:33 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-08-08 11:15 - 2017-07-07 08:33 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-08-08 11:15 - 2017-07-07 08:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:15 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-08-08 11:15 - 2017-07-07 08:15 - 003945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-08-08 11:15 - 2017-07-07 08:13 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-08-08 11:15 - 2017-07-07 08:11 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-08-08 11:15 - 2017-07-07 08:11 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-08-08 11:15 - 2017-07-07 08:11 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-08-08 11:15 - 2017-07-07 08:11 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-08-08 11:15 - 2017-07-07 08:11 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-08-08 11:15 - 2017-07-07 08:11 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-08-08 11:15 - 2017-07-07 08:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-08-08 11:15 - 2017-07-07 08:11 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-08-08 11:15 - 2017-07-07 08:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-08-08 11:15 - 2017-07-07 08:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-08-08 11:15 - 2017-07-07 08:11 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-08-08 11:15 - 2017-07-07 08:11 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-08-08 11:15 - 2017-07-07 08:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-08-08 11:15 - 2017-07-07 08:11 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-08-08 11:15 - 2017-07-07 08:11 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 08:02 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-08-08 11:15 - 2017-07-07 08:01 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-08-08 11:15 - 2017-07-07 08:01 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-08-08 11:15 - 2017-07-07 08:01 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-08-08 11:15 - 2017-07-07 07:58 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-08-08 11:15 - 2017-07-07 07:57 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-08-08 11:15 - 2017-07-07 07:54 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-08-08 11:15 - 2017-07-07 07:54 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-08-08 11:15 - 2017-07-07 07:54 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-08-08 11:15 - 2017-07-07 07:53 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-08-08 11:15 - 2017-07-07 07:53 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-08-08 11:15 - 2017-07-07 07:51 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-08-08 11:15 - 2017-07-07 07:48 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-08-08 11:15 - 2017-07-07 07:48 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-08-08 11:15 - 2017-07-07 07:48 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-08-08 11:15 - 2017-07-07 07:48 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-08-08 11:15 - 2017-07-07 07:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-08-08 11:15 - 2017-07-07 07:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 07:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 07:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-08-08 11:15 - 2017-07-07 07:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-08-08 11:15 - 2017-07-01 06:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2017-08-08 11:15 - 2017-07-01 06:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll
2017-08-08 11:15 - 2017-07-01 06:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-08-08 11:15 - 2017-07-01 06:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll
2017-08-08 11:15 - 2017-07-01 06:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2017-08-08 11:15 - 2017-07-01 06:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2017-08-08 11:15 - 2017-07-01 06:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2017-08-08 11:15 - 2017-07-01 06:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-08-08 11:15 - 2017-07-01 06:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2017-08-08 11:15 - 2017-07-01 06:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2017-08-08 11:15 - 2017-07-01 06:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-08-08 11:15 - 2017-07-01 06:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll
2017-08-06 10:47 - 2017-08-06 10:47 - 000002130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-08-06 10:47 - 2017-08-06 10:47 - 000000000 ____D C:\Program Files\Microsoft Security Client
2017-08-06 10:47 - 2017-08-06 10:47 - 000000000 ____D C:\Program Files (x86)\Microsoft Security Client
2017-08-03 16:00 - 2017-08-03 16:00 - 035811960 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-08-03 16:00 - 2017-08-03 16:00 - 028936824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-08-03 16:00 - 2017-08-03 16:00 - 015491192 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-08-03 16:00 - 2017-08-03 16:00 - 001996920 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438494.dll
2017-08-03 16:00 - 2017-08-03 16:00 - 001624152 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-08-03 16:00 - 2017-08-03 16:00 - 001606776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438494.dll
2017-08-03 16:00 - 2017-08-03 16:00 - 001076344 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-08-03 16:00 - 2017-08-03 16:00 - 001013880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-08-03 16:00 - 2017-08-03 16:00 - 000981624 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-08-03 16:00 - 2017-08-03 16:00 - 000932984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-08-03 16:00 - 2017-08-03 16:00 - 000618616 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-08-03 16:00 - 2017-08-03 16:00 - 000508024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-08-03 16:00 - 2017-08-03 16:00 - 000227416 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-08-03 16:00 - 2017-08-03 16:00 - 000054680 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-08-03 15:59 - 2017-08-03 15:59 - 040248440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-08-03 15:59 - 2017-08-03 15:59 - 035323000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-08-03 15:59 - 2017-08-03 15:59 - 003812464 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-08-03 15:59 - 2017-08-03 15:59 - 003367872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-08-03 15:58 - 2017-08-03 15:58 - 017972696 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-08-03 15:58 - 2017-08-03 15:58 - 014826992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-08-03 15:58 - 2017-08-03 15:58 - 013783968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-08-03 15:58 - 2017-08-03 15:58 - 012569384 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-08-03 15:58 - 2017-08-03 15:58 - 012248048 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-08-03 15:58 - 2017-08-03 15:58 - 011701688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-08-03 15:58 - 2017-08-03 15:58 - 010588432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-08-03 15:58 - 2017-08-03 15:58 - 010079120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-08-03 15:58 - 2017-08-03 15:58 - 000704936 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-08-03 15:58 - 2017-08-03 15:58 - 000592032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-08-03 15:58 - 2017-08-03 15:58 - 000526288 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-08-03 15:58 - 2017-08-03 15:58 - 000442600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-08-03 15:58 - 2017-08-03 15:58 - 000419520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-08-03 15:58 - 2017-08-03 15:58 - 000181792 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-08-03 15:58 - 2017-08-03 15:58 - 000164472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-08-03 15:58 - 2017-08-03 15:58 - 000159416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-08-03 15:58 - 2017-08-03 15:58 - 000142152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-08-03 11:45 - 2017-08-03 11:45 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-08-03 11:45 - 2017-08-03 11:45 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2017-08-01 21:18 - 2017-08-01 21:18 - 000000000 ____D C:\Users\Bob's-Fast\AppData\Local\{C9395DCD-67BB-4297-8B13-0B52103BADDF}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-26 11:48 - 2011-08-08 22:54 - 000002284 ____H C:\Users\Bob's-Fast\Documents\Default.rdp
2017-08-26 09:36 - 2009-07-13 21:45 - 000026368 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-26 09:36 - 2009-07-13 21:45 - 000026368 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-26 09:35 - 2010-12-29 19:45 - 000000177 ____H C:\dvmexp.idx
2017-08-26 09:30 - 2009-07-13 22:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-26 09:30 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2017-08-26 09:25 - 2016-02-21 20:39 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-26 09:25 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-25 17:56 - 2010-12-29 19:45 - 000000038 _____ C:\dvmaccounts.ini
2017-08-18 18:33 - 2011-11-21 14:28 - 000036864 _____ C:\Users\Bob's-Fast\Desktop\PasswordFile.xlsx
2017-08-17 09:35 - 2011-01-16 14:10 - 000544424 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-08-14 11:33 - 2012-12-18 22:23 - 000000000 ____D C:\Users\Bob's-Fast\Documents\Outlook Files
2017-08-12 17:35 - 2013-01-30 19:09 - 000000000 ____D C:\Windows\pss
2017-08-12 09:44 - 2016-02-21 20:30 - 000000000 ____D C:\Users\Bob's-Fast\AppData\Local\NVIDIA Corporation
2017-08-12 09:44 - 2016-02-21 20:30 - 000000000 ____D C:\Users\Bob's-Fast\AppData\Local\NVIDIA
2017-08-12 09:44 - 2016-02-21 20:30 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-08-12 09:44 - 2016-02-21 20:30 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-08-12 09:44 - 2016-02-21 20:29 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-08-12 09:43 - 2016-10-06 19:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-08-11 18:57 - 2011-01-17 06:52 - 000007624 _____ C:\Users\Bob's-Fast\AppData\Local\resmon.resmoncfg
2017-08-11 17:17 - 2011-06-09 23:03 - 000000000 ____D C:\Windows\System32\Tasks\Event Viewer Tasks
2017-08-10 14:02 - 2010-12-29 19:43 - 000000000 ___HD C:\temp
2017-08-10 09:14 - 2009-07-13 21:45 - 000409520 _____ C:\Windows\system32\FNTCACHE.DAT
2017-08-08 13:20 - 2011-08-08 22:25 - 000774592 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-08-08 13:19 - 2013-09-05 11:06 - 000000000 ____D C:\Windows\system32\MRT
2017-08-08 13:17 - 2011-01-16 17:23 - 140394280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-08-08 11:33 - 2014-11-19 11:13 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-08-08 11:33 - 2014-11-10 11:22 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-08-08 11:33 - 2014-11-10 11:22 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-08 11:33 - 2011-12-25 23:58 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-08 11:33 - 2011-01-16 13:14 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-08-08 11:22 - 2014-12-05 14:20 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2017-08-08 11:22 - 2014-12-05 14:20 - 000002183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2017-08-08 11:22 - 2014-12-05 14:20 - 000002022 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2017-08-06 10:47 - 2011-08-21 07:17 - 000001945 _____ C:\Windows\epplauncher.mif
2017-08-04 12:57 - 2014-12-26 12:47 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-08-03 15:59 - 2017-05-09 16:20 - 018876472 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-08-03 15:59 - 2016-11-30 15:57 - 000504752 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-08-03 15:59 - 2016-02-21 20:38 - 021599984 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-08-03 15:57 - 2016-10-06 19:55 - 003733008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-08-03 15:57 - 2016-02-21 20:38 - 004232816 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-08-03 11:45 - 2016-02-21 20:38 - 000044200 _____ C:\Windows\system32\nvinfo.pb
2017-08-01 17:18 - 2014-12-19 11:19 - 000000000 ____D C:\Program Files (x86)\Quicken
2017-08-01 16:27 - 2011-10-09 20:06 - 000000000 ____D C:\Program Files (x86)\Windows Live
2017-08-01 12:36 - 2013-12-24 20:12 - 000000000 ____D C:\ProgramData\Oracle
2017-08-01 12:34 - 2016-10-06 19:45 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-08-01 12:34 - 2016-10-06 19:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-08-01 12:34 - 2016-10-06 19:45 - 000000000 ____D C:\Program Files (x86)\Java
2017-07-30 07:57 - 2014-01-28 07:59 - 000000000 ____D C:\Users\Bob's-Fast\AppData\Roaming\Skype
2017-07-28 05:01 - 2009-07-13 19:34 - 000000478 _____ C:\Windows\win.ini

==================== Files in the root of some directories =======

2016-12-01 13:59 - 2016-11-30 13:02 - 000012542 _____ () C:\Program Files (x86)\Common Files\client.wyc
2012-09-03 09:49 - 2016-08-25 09:34 - 000000000 _____ () C:\Users\Bob's-Fast\AppData\Roaming\Standard
2012-09-03 09:49 - 2016-08-25 09:34 - 000000000 _____ () C:\Users\Bob's-Fast\AppData\Roaming\Standard Tool
2012-09-03 09:49 - 2016-08-25 09:34 - 000000000 _____ () C:\Users\Bob's-Fast\AppData\Roaming\StartupItems
2012-09-03 09:48 - 2016-08-25 09:34 - 000000000 _____ () C:\Users\Bob's-Fast\AppData\Roaming\Synth Basics
2011-01-25 21:48 - 2013-10-27 09:52 - 000096256 _____ () C:\Users\Bob's-Fast\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-22 17:49 - 2017-02-22 17:49 - 000002398 _____ () C:\Users\Bob's-Fast\AppData\Local\recently-used.xbel
2011-01-17 06:52 - 2017-08-11 18:57 - 000007624 _____ () C:\Users\Bob's-Fast\AppData\Local\resmon.resmoncfg
2012-11-18 13:21 - 2012-02-21 06:44 - 000120831 _____ () C:\ProgramData\MyNetDashboard.ico
2017-01-07 16:14 - 2017-02-10 18:07 - 000005110 _____ () C:\ProgramData\NvTelemetryContainer.log
2017-01-07 16:14 - 2017-02-10 17:45 - 000005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
2012-09-03 09:48 - 2016-08-25 09:34 - 000000000 ____H () C:\ProgramData\PKP_DLeo.DAT
2012-09-03 09:49 - 2016-08-25 09:34 - 000000000 ____H () C:\ProgramData\PKP_DLes.DAT
2012-09-03 09:49 - 2016-08-25 09:34 - 000000000 ____H () C:\ProgramData\PKP_DLet.DAT
2012-09-03 09:49 - 2016-08-25 09:34 - 000000000 ____H () C:\ProgramData\PKP_DLev.DAT
2016-08-25 09:34 - 2016-08-25 09:34 - 000000000 _____ () C:\ProgramData\Standard
2016-08-25 09:34 - 2016-08-25 09:34 - 000000000 _____ () C:\ProgramData\Sync Services
2012-11-18 13:21 - 2012-02-21 06:45 - 000122493 _____ () C:\ProgramData\WDInternetSecurityAndParentalControl.ico

Some files in TEMP:
====================
2014-10-24 09:30 - 2014-10-24 09:32 - 286582040 _____ (AMD Inc.) C:\Users\Bob's-Fast\AppData\Local\Temp\amd-catalyst-14-9-win7-win8.1-64bit-dd-ccc-whql.exe
2014-12-19 11:01 - 2014-12-19 11:01 - 027135000 _____ (AMD Inc.) C:\Users\Bob's-Fast\AppData\Local\Temp\amd-catalyst-omega-14.12-without-dotnet45-win7-64bit.exe
2014-12-19 11:00 - 2014-12-05 15:43 - 006245888 _____ (Advanced Micro Devices, Inc.) C:\Users\Bob's-Fast\AppData\Local\Temp\AutoDetectUtilApp.exe
2011-02-06 18:04 - 2010-06-14 17:24 - 000679272 ____H (Hewlett-Packard Co.) C:\Users\Bob's-Fast\AppData\Local\Temp\HPDiscoPMSxS5312.dll
2014-08-19 13:42 - 2014-08-19 13:42 - 001057176 _____ (Adobe) C:\Users\Bob's-Fast\AppData\Local\Temp\install_flashplayer14x32axau_gtbd_chrd_dn_aaa_aih.exe
2014-08-20 10:12 - 2014-08-20 10:12 - 001057176 _____ (Adobe) C:\Users\Bob's-Fast\AppData\Local\Temp\install_flashplayer14x32axau_gtbd_chrd_dn_aaa_aih_1.exe
2014-10-24 08:48 - 2014-10-24 08:48 - 001055936 _____ (Adobe) C:\Users\Bob's-Fast\AppData\Local\Temp\install_flashplayer15x32axau_gtbd_chrd_dn_aaa_aih (1).exe
2014-10-16 08:37 - 2014-10-16 08:37 - 001055936 _____ (Adobe) C:\Users\Bob's-Fast\AppData\Local\Temp\install_flashplayer15x32axau_gtbd_chrd_dn_aaa_aih.exe
2014-10-24 08:45 - 2014-10-24 08:45 - 001055936 _____ (Adobe) C:\Users\Bob's-Fast\AppData\Local\Temp\install_flashplayer15x32axau_gtbd_chrd_dn_aaa_aih_1.exe
2014-11-08 08:17 - 2014-11-08 08:17 - 001055936 _____ (Adobe) C:\Users\Bob's-Fast\AppData\Local\Temp\install_flashplayer15x32axau_gtbd_chrd_dn_aaa_aih_2.exe
2014-11-10 11:13 - 2014-11-10 11:13 - 001054400 _____ (Adobe) C:\Users\Bob's-Fast\AppData\Local\Temp\install_flashplayer15x32ax_gtbd_chrd_dn_aaa_aih.exe
2014-11-10 11:19 - 2014-11-10 11:19 - 001054400 _____ (Adobe) C:\Users\Bob's-Fast\AppData\Local\Temp\install_flashplayer15x32ax_gtbd_chrd_dn_aaa_aih_1.exe
2014-12-10 11:21 - 2014-12-10 11:21 - 001055936 _____ (Adobe) C:\Users\Bob's-Fast\AppData\Local\Temp\install_flashplayer16x32axau_gtbd_chrd_dn_aaa_aih.exe
2014-12-26 12:48 - 2014-12-26 12:48 - 001055936 _____ (Adobe) C:\Users\Bob's-Fast\AppData\Local\Temp\install_flashplayer16x32axau_gtbd_chrd_dn_aaa_aih_1.exe
2014-03-25 15:14 - 2014-03-25 15:14 - 000921512 _____ (Oracle Corporation) C:\Users\Bob's-Fast\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
2014-07-27 22:15 - 2014-07-27 22:15 - 000918440 _____ (Oracle Corporation) C:\Users\Bob's-Fast\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
2014-09-29 10:06 - 2014-09-29 10:06 - 000937896 _____ (Oracle Corporation) C:\Users\Bob's-Fast\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
2016-11-04 09:04 - 2016-11-04 09:04 - 000737856 _____ (Oracle Corporation) C:\Users\Bob's-Fast\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-24 10:41 - 2017-01-24 10:41 - 000739904 _____ (Oracle Corporation) C:\Users\Bob's-Fast\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-05-05 10:21 - 2017-05-05 10:21 - 000739904 _____ (Oracle Corporation) C:\Users\Bob's-Fast\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-08-01 12:32 - 2017-08-01 12:32 - 000740416 _____ (Oracle Corporation) C:\Users\Bob's-Fast\AppData\Local\Temp\jre-8u144-windows-au.exe
2014-12-18 10:29 - 2014-12-18 10:29 - 000641448 _____ (Oracle Corporation) C:\Users\Bob's-Fast\AppData\Local\Temp\jre-8u31-windows-au.exe
2016-02-21 21:19 - 2016-10-01 12:25 - 000746088 _____ (NVIDIA Corporation) C:\Users\Bob's-Fast\AppData\Local\Temp\nvSCPAPI.dll
2016-03-02 18:52 - 2017-03-31 18:36 - 000369208 _____ (NVIDIA Corporation) C:\Users\Bob's-Fast\AppData\Local\Temp\nvStInst.exe
2016-11-30 01:47 - 2016-11-17 06:42 - 001135552 _____ (NVIDIA Corporation) C:\Users\Bob's-Fast\AppData\Local\Temp\NvTelemetry.dll
2016-11-30 01:47 - 2016-12-12 16:36 - 000253376 _____ (NVIDIA Corporation) C:\Users\Bob's-Fast\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-11-30 01:47 - 2016-12-12 16:36 - 000334272 _____ (NVIDIA Corporation) C:\Users\Bob's-Fast\AppData\Local\Temp\NvTelemetryAPI64.dll
2010-03-16 07:11 - 2010-03-16 07:11 - 000149352 ____R (Microsoft Corporation) C:\Users\Bob's-Fast\AppData\Local\Temp\ose00000.exe
2016-08-24 12:03 - 2016-08-24 12:03 - 059773072 _____ () C:\Users\Bob's-Fast\AppData\Local\Temp\playstv_patch.exe
2015-01-02 11:22 - 2015-01-02 11:23 - 050516032 _____ () C:\Users\Bob's-Fast\AppData\Local\Temp\raptrpatch.exe
2015-01-02 11:22 - 2015-01-02 11:22 - 000221632 _____ () C:\Users\Bob's-Fast\AppData\Local\Temp\raptr_stub.exe
2015-01-02 11:17 - 2015-01-02 11:19 - 302470552 _____ (AMD Inc.) C:\Users\Bob's-Fast\AppData\Local\Temp\tmpBB72.exe
2016-02-22 13:28 - 2016-02-22 13:28 - 007194312 _____ (Microsoft Corporation) C:\Users\Bob's-Fast\AppData\Local\Temp\vcredist_x64.exe
2016-02-22 13:28 - 2016-02-22 13:28 - 006503984 _____ (Microsoft Corporation) C:\Users\Bob's-Fast\AppData\Local\Temp\vcredist_x86.exe
2017-03-29 16:11 - 2017-03-29 16:11 - 014456872 _____ (Microsoft Corporation) C:\Users\Bob's-Fast\AppData\Local\Temp\vc_redist.x86.exe
2009-06-15 19:13 - 2009-06-15 19:13 - 000457240 ____R (Macrovision Corporation) C:\Users\Bob's-Fast\AppData\Local\Temp\_is186.exe
2009-10-19 19:52 - 2009-10-19 19:52 - 000455984 ____R (Macrovision Corporation) C:\Users\Bob's-Fast\AppData\Local\Temp\_is2A38.exe
2009-06-15 19:13 - 2009-06-15 19:13 - 000457240 ____R (Macrovision Corporation) C:\Users\Bob's-Fast\AppData\Local\Temp\_is3735.exe
2009-10-19 19:52 - 2009-10-19 19:52 - 000455984 ____R (Macrovision Corporation) C:\Users\Bob's-Fast\AppData\Local\Temp\_is3F6C.exe
2009-06-15 19:13 - 2009-06-15 19:13 - 000457240 ____R (Macrovision Corporation) C:\Users\Bob's-Fast\AppData\Local\Temp\_isFD9F.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-27 14:33

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Bob's-Fast (26-08-2017 13:14:59)
Running from C:\Users\Bob's-Fast\Desktop
Windows 7 Professional Service Pack 1 (X64) (2011-01-16 19:33:31)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1091884102-4215430148-1950788253-500 - Administrator - Disabled)
Bob's-Fast (S-1-5-21-1091884102-4215430148-1950788253-1001 - Administrator - Enabled) => C:\Users\Bob's-Fast
Guest (S-1-5-21-1091884102-4215430148-1950788253-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader for ScanSnap ™ 4.1 (HKLM-x32\...\{FB400000-0002-0000-0000-074957833700}) (Version: 8.02.380.7259 - ABBYY)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.22 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1091884102-4215430148-1950788253-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 384.94 - NVIDIA Corporation) Hidden
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
Blend for Visual Studio Add-in for Adobe FXG Import (HKLM-x32\...\{834B6E00-F509-40F2-A677-E86261184576}) (Version: 1.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (HKLM-x32\...\{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
CardMinder (HKLM-x32\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V4.1L50 - PFU)
CardMinder V4.1 (HKLM-x32\...\{8DCD0779-8811-4060-9227-871E2FD48E45}) (Version: 4.1.10.1 - PFU) Hidden
CDDRV_Installer (HKLM\...\{0C826C5B-B131-423A-A229-C71B3CACCD6A}) (Version: 4.60 - Logitech) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVDFab 8.2.2.9 (18/06/2013) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{32136776-FE3F-453D-80DA-CDD993BDB2A3}) (Version: 11.1.20810.00 - Microsoft Corporation)
erLT (HKLM-x32\...\{A498D9EB-927B-459B-85D6-DD6EF8C2C564}) (Version: 1.20.0137 - Logitech, Inc.) Hidden
Express Gate Tools (HKLM-x32\...\{32394A59-A39C-4C90-A9A5-F16B0C7442E1}) (Version: 1.0.0.9 - DeviceVM, Inc.)
GrampsAIO64 (HKLM\...\GrampsAIO64 4.2.4) (Version: 4.2.4 - The Gramps project)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
KhalInstallWrapper (HKLM\...\{F3F18612-7B5D-4C05-86C9-AB50F6F71727}) (Version: 2.00.0000 - Logitech) Hidden
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1042 - Marvell)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.10.5.3 - Marvell)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM-x32\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM-x32\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU (HKLM-x32\...\{e0efdce9-a486-4676-8aa5-65bb08cbf34c}) (Version: 11.0.50727.42 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Net View (HKLM-x32\...\{7F9C9908-69E3-4474-A081-256F27995A18}) (Version: 1.0.12.0 - Western Digital)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 384.94 - NVIDIA Corporation)
NVIDIA Graphics Driver 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 384.94 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.13.2 - Intuit)
Rack2-Filer (HKLM-x32\...\{79ABD970-E95F-483D-A227-6D43A831EEB6}) (Version: 5.00.6000 - PFU) Hidden
Rack2-Filer (HKLM-x32\...\{E639E6B1-E93C-48DC-9882-7FE06398180A}) (Version: V5.0L60 - PFU)
Rack2-Viewer (This application may be deleted by deleting Rack2-Filer) (HKLM-x32\...\{830A965B-A880-42DF-B204-2A7D253F7B25}) (Version: V5.0L50 - PFU)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5973 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
ScanSnap (HKLM-x32\...\{2CC5FCAE-51BA-4926-8C2B-4F07E54F6EA3}) (Version: 5.0.21.1 - PFU Limited) Hidden
ScanSnap (HKLM-x32\...\{F68D55AF-246C-4D96-9D7A-72FC9983058F}) (Version: 5.1.61.1 - PFU Limited) Hidden
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V5.1L62 - PFU)
ScanSnap Organizer (HKLM-x32\...\{3689AE99-D747-4505-8C50-B6DECCD751E0}) (Version: 4.1.41.1 - PFU LIMITED) Hidden
ScanSnap Organizer (HKLM-x32\...\{55E63724-2BFE-49BC-B03E-9BE0F62E18C2}) (Version: 4.1.11.3 - PFU LIMITED) Hidden
ScanSnap Organizer (HKLM-x32\...\{CC09347D-781E-4059-8740-81F8A37BBC67}) (Version: 4.1.61.1 - PFU LIMITED) Hidden
ScanSnap Organizer (HKLM-x32\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V4.1L61 - PFU)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.34 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.34.102 - Skype Technologies S.A.)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
TurboV (HKLM-x32\...\{A31951C5-DCD8-4DFE-A525-CFC701F54792}) (Version: 1.03.00 - )
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 Update 2 (KB2707250) (HKLM-x32\...\{2fba7dd0-b8eb-4185-aea3-e6910d3f8102}) (Version: 11.0.60315 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WD My Cloud (HKLM\...\{432F3CFC-ED41-4CDC-9D8F-6643C8A71CEA}) (Version: 1.0.6.13 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{90C3D9C7-2F83-4399-8E28-A00228CFFDF8}) (Version: 1.0.7.3 - Western Digital Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Storage Server 2008 R2 Connector (HKLM\...\{C1E4D639-4A33-4314-809E-89BD0EF48522}) (Version: 6.1.8800.16400 - Microsoft Corporation)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-07-18] (NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1083773B-E7C7-43B0-BC5B-2D83AE70A07E} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation) <==== ATTENTION
Task: {26141464-02E2-4152-B2E1-7D6FAC573EB0} - System32\Tasks\Microsoft\Windows\Windows Server\InstallAddIns => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation)
Task: {4263CD86-5A30-489F-8186-89F3C18198D1} - System32\Tasks\Microsoft\Windows\Windows Server\Alert Evaluations => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation)
Task: {5C0DB200-11B8-47A3-A39B-4ABD9BCCF57A} - System32\Tasks\Microsoft\Windows\Windows Server\Health Definition Updates => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation)
Task: {65253DF7-04BD-4FAB-A14E-254FB2480B2F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {AA8F3492-783B-4816-8283-C7C26DFD64BB} - System32\Tasks\Microsoft\Windows\Windows Server\RenewClientCertificate => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation)
Task: {CE5C310F-B057-46BD-ACD8-1A6D39358395} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {DD0DBF4B-B892-4F4F-9236-9C80A68A9530} - System32\Tasks\Microsoft\Windows\Windows Server\SaveCEIPData => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation)
Task: {E1D6E2D5-6279-4CE2-B7B3-40EB09061EC3} - System32\Tasks\Microsoft\Windows\Windows Server\UploadCEIPData => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation)
Task: {F7569B7D-C371-4191-B14C-DA3BFAE5B7B0} - System32\Tasks\Microsoft\Windows\Windows Server\Backup => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation)
Task: {FE14BCEC-2FE1-4851-B664-BA5447268DB7} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 01:17 - 2013-09-05 01:17 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-06-25 13:07 - 2009-07-20 12:35 - 000018960 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2011-06-25 13:07 - 2009-07-20 04:00 - 000077824 _____ () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
2017-05-10 05:29 - 2017-05-10 05:29 - 000170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\69f0c87375b323dd1cf75d1753ba55a5\IsdiInterop.ni.dll
2011-06-09 18:10 - 2010-03-03 20:08 - 000058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2011-02-16 20:11 - 2008-11-12 16:32 - 000014848 _____ () C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardPath.dll
2011-01-16 13:14 - 2009-12-08 22:37 - 000565248 _____ () C:\Program Files (x86)\ASUS\TurboV\pngio.dll
2011-01-16 13:14 - 2009-12-08 22:37 - 000135680 _____ () C:\Program Files (x86)\ASUS\TurboV\TVOCLIB.DLL
2011-02-16 20:09 - 2012-01-18 17:35 - 000385024 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll
2011-02-16 20:09 - 2011-12-14 22:49 - 000233472 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll
2011-02-16 20:09 - 2003-03-26 19:46 - 000135168 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2011-02-16 20:09 - 2010-08-24 17:56 - 000167936 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
2011-02-16 20:10 - 2003-04-21 15:19 - 000020480 _____ () C:\Windows\SSDriver\fi5110\fjipl.dll
2011-02-16 20:10 - 2003-04-21 15:19 - 000851968 _____ () C:\Windows\SSDriver\fi5110\fjiplA6.DLL
2011-02-16 20:09 - 1996-12-19 14:24 - 000068608 _____ () C:\Program Files (x86)\Common Files\PFU\ScanSnap\OCR\FJ\F5BDKAKU.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1091884102-4215430148-1950788253-1001\...\anthem.com -> hxxps://www.anthem.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2012-12-13 14:02 - 000000000 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1091884102-4215430148-1950788253-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Bob's-Fast\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [ScanManagement-RCWS-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [ScanManagement-WSD-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [{69EAECB0-FDFD-4015-9AAA-7E9CBC08E583}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{596B5C97-80BC-48CC-9E95-9BCC739CB0DE}] => (Allow) LPort=2869
FirewallRules: [{1845164F-BBDB-44A0-B058-0D60E7144C09}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{50C01AD2-8686-44CF-B248-7E36DB987DBC}C:\users\bob's-fast\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\bob's-fast\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{A8490628-1D3D-4CB8-84ED-6EEE2941F786}C:\users\bob's-fast\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\bob's-fast\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{D6C6B165-1408-4629-97B3-4EDCB8E41108}C:\program files (x86)\western digital\my net view\mynetview.exe] => (Allow) C:\program files (x86)\western digital\my net view\mynetview.exe
FirewallRules: [UDP Query User{FF687052-C1E8-4FD6-902B-219F811E2A59}C:\program files (x86)\western digital\my net view\mynetview.exe] => (Allow) C:\program files (x86)\western digital\my net view\mynetview.exe
FirewallRules: [TCP Query User{B85BE817-2A1E-434B-8EDB-1B490BDA331B}C:\program files (x86)\western digital\print share\control center.exe] => (Block) C:\program files (x86)\western digital\print share\control center.exe
FirewallRules: [UDP Query User{C6099646-83A8-44B5-9C18-908AE0FEFAF1}C:\program files (x86)\western digital\print share\control center.exe] => (Block) C:\program files (x86)\western digital\print share\control center.exe
FirewallRules: [TCP Query User{979EC624-67A9-4234-800E-49D50627C3D3}C:\program files (x86)\western digital\print share\control center.exe] => (Allow) C:\program files (x86)\western digital\print share\control center.exe
FirewallRules: [UDP Query User{6CC68DFC-1271-46D5-A29E-660D0B0A7147}C:\program files (x86)\western digital\print share\control center.exe] => (Allow) C:\program files (x86)\western digital\print share\control center.exe
FirewallRules: [TCP Query User{4B806F51-E690-4157-AAA6-63A41EBDB4CB}C:\users\bob's-fast\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\bob's-fast\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{AE7ADAB7-EEE1-4974-B055-A59EC26B0AA8}C:\users\bob's-fast\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\bob's-fast\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{694A677B-E93C-4C98-96EF-CECBE654492B}C:\program files (x86)\western digital\my net view\mynetview.exe] => (Block) C:\program files (x86)\western digital\my net view\mynetview.exe
FirewallRules: [UDP Query User{3DFE3C83-83D2-41BA-823B-5A9D4BEFD1C5}C:\program files (x86)\western digital\my net view\mynetview.exe] => (Block) C:\program files (x86)\western digital\my net view\mynetview.exe
FirewallRules: [{A7A1D549-2D55-49CB-9E84-1336DCF33F41}] => (Allow) C:\Program Files\StarWind Software\StarWind\StarWindService.exe
FirewallRules: [{D26FEA85-CA80-4C82-A709-CB69706F16D9}] => (Allow) C:\Program Files\StarWind Software\StarWind\StarWindService.exe
FirewallRules: [{FE447F2D-FD55-4844-B4FA-E51B75BD5ACE}] => (Allow) C:\Program Files (x86)\Western Digital\WD Print Share\WDPrintShare.exe
FirewallRules: [{6EED8128-4F80-4A04-A846-118930BB805F}] => (Allow) C:\Program Files (x86)\Western Digital\WD Print Share\WDPrintShare.exe
FirewallRules: [{88A813DF-51CA-4CD4-92C8-0841453548AD}] => (Allow) LPort=7436
FirewallRules: [TCP Query User{95D8ACE6-1395-4F98-AB94-3BE56BCF4A41}C:\program files (x86)\western digital\wd print share\wdprintshare.exe] => (Block) C:\program files (x86)\western digital\wd print share\wdprintshare.exe
FirewallRules: [UDP Query User{E7D59E7F-044E-447B-8644-4A1C416B4A77}C:\program files (x86)\western digital\wd print share\wdprintshare.exe] => (Block) C:\program files (x86)\western digital\wd print share\wdprintshare.exe
FirewallRules: [{382B8BF9-5A20-4340-A4FD-EE3014A01C27}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\WDExpress.exe
FirewallRules: [{CF734500-86B3-41AA-9705-C3C947CE7E20}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F00D9525-54DE-45E7-9948-CF1C6DD2A788}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7D793FBC-F2A3-4317-8E4A-429245925FB2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4658C784-1443-4DAE-AB9A-D5351F4B31DB}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{86CE761E-CCAE-4903-B652-588242D3375D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{5149B9B4-52CF-4BDA-AB26-E9B8661EDB4B}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{30F84EE2-420A-4914-911D-9F889185012D}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{714E68D0-16C4-440B-B668-F6081965C357}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{AF4E30E0-4BB4-4851-BBD7-E1E7DAE7306F}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{A327B342-8C3E-4D0C-BEA4-B5F95F59BD71}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{6F666893-41AE-4A0B-B827-2056DFD4DB63}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{568D5959-2243-4269-AF93-8B60A27331E9}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{F839273B-4481-45D2-83BD-93647622A2EA}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{9D244F52-EE40-4AB2-A8E9-BA4FE2AD17B7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{133487AC-4D5B-4B24-94B3-A118C57DC757}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{FF4D568B-C3D8-4FA1-A97F-51B5D9984E7F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{EF1DD744-B7D0-4B0A-AD7A-6BA27DB715B9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0A5350EA-2DA7-424B-A50D-6B658C66306B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D2DED5C5-A53F-4939-82F1-D298AE1E95AB}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{F98DB0C0-45F2-4627-8506-B1F8F908E814}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{12843C59-B50A-4E6B-B186-AAB835FD0241}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{34C98C7D-0FEA-4155-8FDC-9B70443EB613}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{F6BE223A-EA95-497F-85F1-342E958C4363}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{0C6F994D-46EA-4E2B-B23F-E978E192DC4C}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{B6D770A7-49D1-4F1C-B4A4-74EE904FFBA2}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{098F9956-1706-44A8-A1B4-D1AC0D94C7C1}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe

==================== Restore Points =========================

25-08-2017 12:59:11 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/23/2017 01:18:26 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {93022319-8006-425a-b0c0-7853e74dde21}

Error: (08/23/2017 12:37:37 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {93022319-8006-425a-b0c0-7853e74dde21}

Error: (08/13/2017 06:51:17 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "select * from __InstanceModificationEvent where targetinstance isa '__ArbitratorConfiguration'" could not be reactivated in namespace "//./root" because of error 0x80041033. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/13/2017 06:51:17 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root/CIMV2 namespace does not exist. The query will be ignored.

Error: (08/13/2017 06:51:17 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root/subscription namespace does not exist. The query will be ignored.

Error: (08/13/2017 06:51:17 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root namespace does not exist. The query will be ignored.

Error: (08/13/2017 06:51:17 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __SystemEvent" whose target class "__SystemEvent" in //./root/CIMV2 namespace does not exist. The query will be ignored.

Error: (08/13/2017 06:51:17 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __SystemEvent" whose target class "__SystemEvent" in //./root/subscription namespace does not exist. The query will be ignored.

Error: (08/13/2017 06:51:17 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __SystemEvent" whose target class "__SystemEvent" in //./root namespace does not exist. The query will be ignored.

Error: (08/13/2017 06:51:17 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __NamespaceOperationEvent" whose target class "__NamespaceOperationEvent" in //./root/CIMV2 namespace does not exist. The query will be ignored.

System errors:
=============
Error: (08/25/2017 04:59:56 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (08/25/2017 03:54:30 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (08/25/2017 02:29:03 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (08/25/2017 12:59:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.251.70.0).

Error: (08/25/2017 12:59:17 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.249.1405.0

 Update Source: Microsoft Update Server

 Update Stage: Install

 Source Path: http://www.microsoft.com

 Signature Type: AntiVirus

 Update Type: Full

 User: NT AUTHORITY\SYSTEM

 Current Engine Version:

 Previous Engine Version: 1.1.14003.0

 Error code: 0x80070643

 Error description: Fatal error during installation.

Error: (08/24/2017 10:50:28 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (08/23/2017 05:40:42 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (08/23/2017 05:39:32 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (08/23/2017 05:34:51 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (08/22/2017 06:58:51 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

CodeIntegrity:
===================================
  Date: 2016-11-30 13:23:37.082
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-30 13:12:38.515
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-30 13:08:59.439
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-30 12:57:52.789
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-30 12:53:18.425
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-30 08:48:17.852
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 950 @ 3.07GHz
Percentage of memory in use: 54%
Total physical RAM: 6135.11 MB
Available physical RAM: 2801.48 MB
Total Virtual: 12268.41 MB
Available Virtual: 8664.88 MB

==================== Drives ================================

Drive c: (OS Boot Drive) (Fixed) (Total:238.47 GB) (Free:60.76 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (Disk 0) (Fixed) (Total:1862.89 GB) (Free:375.18 GB) NTFS
Drive f: (Document Backup) (Fixed) (Total:3725.99 GB) (Free:2613.93 GB) NTFS
Drive h: (DISK 3) (Fixed) (Total:1862.89 GB) (Free:1166.3 GB) NTFS
Drive k: (SSD Working Storage) (Fixed) (Total:55.9 GB) (Free:9.4 GB) NTFS
Drive n: (WD Unlocker) (CDROM) (Total:0.02 GB) (Free:0 GB) UDF
Drive o: (Robert-Office Backup) (Fixed) (Total:1862.36 GB) (Free:879.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: D5743D40)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 53CCBC0B)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: 6E5FD18C)
Partition 1: (Active) - (Size=55.9 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 1B59F0DF)
Partition 1: (Active) - (Size=238.5 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 4.

========================================================
Disk: 5 (Size: 1862.4 GB) (Disk ID: E7937EF1)
Partition 1: (Not Active) - (Size=1862.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Edited by naughtycomputer, 26 August 2017 - 03:48 PM.


BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:10 AM

Posted 27 August 2017 - 10:28 AM

naughtycomputer:

 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil.  May I address you by your first name?
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time, normally 48 hours after your last post.
 
I would ask that you please continue to copy and paste the contents of all requested log files directly into your replies.   Please do not use "code" or "quote" boxes.  Thank you for your anticipated cooperation.
 
I will need some time to review your FRST logs.  That could take a day or two.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:10 AM

Posted 27 August 2017 - 12:11 PM

naughtycomputer:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: The FRST logs show that you have Akamai Netsession installed on your computer. I would recommend that you read this post to determine if you want to keep that program. Personally, I would not have it on my computer.

If you decide you do not want to keep this program, please go to the Control Panel, Programs, Uninstall Program, and uninstall it from your computer.

Please let me know whether you keep, or uninstall, this program.

.

:step2: The FRST logs reveal that you have Java installed on your computer. Java has a long history of security vulnerabilities. Unless you need it, I would recommend that you uninstall the program.

I uninstalled Java from my two computers over two years ago, and I have never missed it. Some older games do require Java, but most computer users don't need it, so they are just taking an unnecessary chance of their computer being infected.

Please see this link for more information; or, "google" "Java security vulnerabilities."

Please let me know what you decide to do: keep it or uninstall it. It is your computer, so it is your decision.

.

:step3: Did you knowingly install this program?
 

Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )


I have not been able to find much information about this program. From what little that I can find, it seems it might have been "bundled" with Java, or an update/utility associated with Java. Here is one thread discussing this program. Unless you need/want this program, I would recommend that you uninstall it.

.

:step4: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-1091884102-4215430148-1950788253-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Folder: C:\Users\Bob's-Fast\AppData\Local\{C9395DCD-67BB-4297-8B13-0B52103BADDF}
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll -> No File
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

The good news is that so far, I am not seeing any evidence of active malware on your computer. :thumbup2: We will follow up with some additional, standard, anti-malware scans, just to be certain.


Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#4 naughtycomputer

naughtycomputer
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 27 August 2017 - 06:41 PM

Hello Phil,

 

My name is Bob.

 

I very much appreciate your support!  No worries about the pace of replies because this problem has been with me for some time and I finally decided to resolve it.  Regarding Steps 1 (Akamai) and 2 (Java) you seemed to indicate that these were optional to remove.  I reviewed the links that were included and I would prefer to keep them as is.  I assume that at any later time I can remove them and at least Akamai would make sense.

 

Regarding step 3 Yahoo!Detect(HKLM-x32\...\YTdetect) (Version:-)  I did not knowingly install this program.  It is also not listed in the installed programs list so I am not sure how to remove it.  Can you help?

 

I will follow up this post with Step 4.



#5 naughtycomputer

naughtycomputer
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 27 August 2017 - 06:50 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Bob's-Fast (27-08-2017 16:44:18) Run:1
Running from C:\Users\Bob's-Fast\Desktop
Loaded Profiles: Bob's-Fast (Available Profiles: Bob's-Fast)
Boot Mode: Normal
==============================================

fixlist content:
*****************

CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-1091884102-4215430148-1950788253-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Folder: C:\Users\Bob's-Fast\AppData\Local\{C9395DCD-67BB-4297-8B13-0B52103BADDF}
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll -> No File

*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1091884102-4215430148-1950788253-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key removed successfully
HKLM\Software\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.

========================= Folder: C:\Users\Bob's-Fast\AppData\Local\{C9395DCD-67BB-4297-8B13-0B52103BADDF} ========================

====== End of Folder: ======

HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ACE => key removed successfully
HKLM\Software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000} => key removed successfully

The system needed a reboot.

==== End of Fixlog 16:44:36 ====



#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:10 AM

Posted 28 August 2017 - 04:58 AM

Bob:
 
Thank you for your post and log; and, thank you for permission to address you by your first name.

 

Yes, it is your choice to keep, or uninstall Akamai Netsession and Java.  It is your computer.  As I said, personally, I would not have Akamai Netsession on my computer, but that is YOUR call.  I do have to warn you though, that some of the standard anti-malware scanners that we will be using might decide to remove it from your computer.  Java won't be touched, but Akamai Netsession might be.  You could always reinstall it, if that happens.
 
OK, let's see if we can find Yahoo! Detect.
 
:step1: Please download SystemLook from one of the links below and save it to your Desktop.
For 64-bit versions of Windows: SystemLook_x64.exe

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:regfind
YTdetect
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please copy and paste the contents of this log into your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

.

:step2: ESET Online Scanner using Internet Explorer:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Then select: "Enable detection of potentially unwanted applications" - Yes.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected.

Don't forget to re-enable your antivirus when finished!

.

:step3: Please run a Malwarebytes Anti-Malware scan for me.

  • Please download Malwarebytes to your Desktop.
  • Double-click mb3-setup-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Next, please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Ensure that under "Potential Threat Protection", both switches are set to "Always Detect PUPs/PUMs (recommended).
  • Then scroll to the bottom of that page and ensure that "Automatic Quarantine" is turned "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.

The Scan log is available through History ->Application logs. Please copy and paste the contents of the log into your next reply.

.

I am going to be away until tomorrow afternoon.  Unfortunately "real life" gets in the way of my malware removal vocation.  I will check back in then.  Thank you for your patience and understanding.  Have a great day.

 

Regards,

-Phil
 


Graduate of the Bleeping Computer Malware Removal Study Hall


#7 naughtycomputer

naughtycomputer
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 28 August 2017 - 11:38 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 09:36 on 28/08/2017 by Bob's-Fast
Administrator - Elevation successful

========== regfind ==========

Searching for "YTdetect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\YTdetect]

-= EOF =-



#8 naughtycomputer

naughtycomputer
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 29 August 2017 - 08:28 AM

Phil,

 

Here is the ESET results.  Next is Malwarebytes.

 

C:\Users\Bob's-Fast\AppData\LocalLow\Sun\Java\jre1.7.0_55\java_sp.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\Users\Bob's-Fast\Downloads\More DVD Tools\avc-free.exe Win32/OpenCandy potentially unsafe application cleaned by deleting
C:\Users\Bob's-Fast\Downloads\More DVD Tools\ImgBurn\SetupImgBurn_2.5.1.0.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application cleaned by deleting
O:\Passport Backup\Old Computer C Drive\Old C Backup 1\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL Win32/Adware.MyWaySpeed application cleaned by deleting
 



#9 naughtycomputer

naughtycomputer
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 29 August 2017 - 08:37 AM

Phil,

 

 

Then scroll to the bottom of that page and ensure that "Automatic Quarantine" is turned "On."

 

This Option was not available without upgrading to the premium version.  So I am running the program without it checked.

 

Bob



#10 naughtycomputer

naughtycomputer
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 29 August 2017 - 08:42 AM

Phil,

 

Results on Malwarebytes.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/29/17
Scan Time: 6:34 AM
Log File: d27cb486-8cbe-11e7-ace0-20cf3058c58d.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.188
Update Package Version: 1.0.2682
License: Expired

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Bobs-Fast-PC\Bob's-Fast

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 350398
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 4 min, 8 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

(end)



#11 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:10 AM

Posted 29 August 2017 - 01:09 PM

Bob:

Thank you for your posts and for the logs. I will look after Yahoo! Detect for you, and I also want you to run a couple of more standard anti-malware scans to ensure that nothing is lurking in your computer that shouldn't be there.

:step1: Please run a FRST fix for me to remove the Yahoo! Detect registry entry that was found.

NOTICE: This "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.

Start::
CreateRestorePoint:
CloseProcesses:
Reg: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\YTdetect /f
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy" to copy the "fix" script into the Windows clipboard.
  • Right click FRST/FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

:step2: Please download AdwCleaner by Malwarebytes and save the file to your Desktop.


If you are unsure about one or more of the detected programs, then please copy and paste the scan log, with your questions, and I will provide you with advice about those files.
The Scan logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Do not follow the remaining instructions until directed to do so by me. If you have no questions about any of the detections, then please proceed to the "Clean" steps below.

  • Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait for it to complete the update.
  • Click on I Agree button.
  • Click on the Scan button.
  • AdwCleaner will begin its scan ... please be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, then make sure that you uncheck it before running the "Clean" process.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • After the scan has finished ...
  • Uncheck any PUP and adware applications that you want to keep.
  • Then click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Please copy and paste the contents of that logfile into your next reply.

A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

.

:step3: Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please copy and paste the contents of JRT.txt into your next message.

.

Please reboot your computer and let me know how it is working now? If there are any remaining issues, please describe them in as much detail as possible.

Thank you and have a great day, Bob.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#12 naughtycomputer

naughtycomputer
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 29 August 2017 - 02:20 PM

Hello Phil,

 

Here is the result removing Yahoo! Detect.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Bob's-Fast (29-08-2017 12:12:30) Run:2
Running from C:\Users\Bob's-Fast\Desktop
Loaded Profiles: Bob's-Fast (Available Profiles: Bob's-Fast)
Boot Mode: Normal
==============================================

fixlist content:
*****************

CreateRestorePoint:
CloseProcesses:
Reg: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\YTdetect /f

*****************

Restore point was successfully created.
Processes closed successfully.

========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\YTdetect /f =========

The operation completed successfully.

 

========= End of Reg: =========

 

The system needed a reboot.

==== End of Fixlog 12:13:29 ====



#13 naughtycomputer

naughtycomputer
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 29 August 2017 - 02:22 PM

Phil,

 

Can I now remove Malwarebytes?  It is popping windows asking me to upgrade.

 

Bob



#14 naughtycomputer

naughtycomputer
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 29 August 2017 - 02:35 PM

Hello Phil,

 

Here is the results for adwcleaner.  Look clean!

 

Bob

 

 

# AdwCleaner 7.0.1.0 - Logfile created on Tue Aug 29 19:28:58 2017
# Updated on 2017/05/08 by Malwarebytes
# Database: 08-29-2017.2
# Running on Windows 7 Professional (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########



#15 naughtycomputer

naughtycomputer
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 29 August 2017 - 02:46 PM

Phil,

 

I tried to download the Junkware Removal Tool from the supplied link and the download seemed to work but the desktop Icon was just zero bytes and when I attempted to run as an administrator predictably I got an error message that it was not a valid Win32 application.

 

Bob






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users