Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Programs Aren't Working. Possibly Due To Infection From Download


  • This topic is locked This topic is locked
14 replies to this topic

#1 mybcun

mybcun

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 05 November 2017 - 09:15 PM

Hello!

 

Some of my programs aren't working.  For example, I can't even open my Goldmine database program.  SQL isn't working, and until I re-installed Microsoft Word 2003, I couldn't open any Word documents or a spreadsheet document.  Though I'm not positive about this, my recollection is that these problems started just after I received some updates from Microsoft.  I appreciate all the help you can provide so that I can get back to using these programs again.  Thanks in advance!!!  As requested, here are my logs:

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2017

Ran by User Account (administrator) on LENOVA (05-11-2017 19:29:41)

Running from C:\Users\User Account\Down**ads

**aded Profiles: User Account (Available Profiles: ******* & User Account)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Exp**rer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be c**sed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

( ) C:\Windows\System32\dleecoms.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files\Internet Exp**rer\iexp**re.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Techno**gy\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE

(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2011\QBHelp.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

Win**gon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-841750178-498971265-2751758377-1003\...\MountPoints2: {f68c4ecb-71c1-11e0-83bc-806e6f6e6963} - F:\SETUP.EXE /AUTORUN

HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2014-12-22] (Microsoft Corporation)

GroupPolicy: Restriction - Chrome <==== ATTENTION

GroupPolicy\User: Restriction <==== ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.5.1

Tcpip\..\Interfaces\{A811259D-7D56-47E3-8E32-2D8D5567608E}: [DhcpNameServer] 192.168.5.1

Tcpip\..\Interfaces\{B2DAE0FE-DF5C-4764-8489-2E22C6ABEA71}: [DhcpNameServer] 192.168.5.1

 

Internet Exp**rer:

==================

HKLM\Software\Microsoft\Internet Exp**rer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ytd_17_31&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEtD0BtAyDyC0EtAtCtA0DtN0D0Tzu0StBtDyEtCtN1L2XzuyEtFtCtDtFtDtFyDtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyC0FzyyCyByDtBtBtGtCtDtDtBtG0FyDzy0AtGtA0Dzy0EtGzztCtAyCtB0CyC0C0AtDtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyEyD1Q1TyD1T1TtGtC1T1TtCtGyE1P1O1PtG1StBtCzztG1Q1OtBzyyB1SyDtC1RzztDtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAyCyDtAtN1Q2Z1B1P1RzutCyDtDtCyBzyzzyEyCyD%26cr%3D1767014744%26a%3Dwbf_ytd_17_31%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium

HKLM\Software\Wow6432Node\Microsoft\Internet Exp**rer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ytd_17_31&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEtD0BtAyDyC0EtAtCtA0DtN0D0Tzu0StBtDyEtCtN1L2XzuyEtFtCtDtFtDtFyDtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyC0FzyyCyByDtBtBtGtCtDtDtBtG0FyDzy0AtGtA0Dzy0EtGzztCtAyCtB0CyC0C0AtDtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyEyD1Q1TyD1T1TtGtC1T1TtCtGyE1P1O1PtG1StBtCzztG1Q1OtBzyyB1SyDtC1RzztDtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAyCyDtAtN1Q2Z1B1P1RzutCyDtDtCyBzyzzyEyCyD%26cr%3D1767014744%26a%3Dwbf_ytd_17_31%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium

HKLM\Software\Microsoft\Internet Exp**rer\Main,Default_Page_URL = www.google.com

SearchScopes: HKLM -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL =

SearchScopes: HKLM -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ytd_17_31&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEtD0BtAyDyC0EtAtCtA0DtN0D0Tzu0StBtDyEtCtN1L2XzuyEtFtCtDtFtDtFyDtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyC0FzyyCyByDtBtBtGtCtDtDtBtG0FyDzy0AtGtA0Dzy0EtGzztCtAyCtB0CyC0C0AtDtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyEyD1Q1TyD1T1TtGtC1T1TtCtGyE1P1O1PtG1StBtCzztG1Q1OtBzyyB1SyDtC1RzztDtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAyCyDtAtN1Q2Z1B1P1RzutCyDtDtCyBzyzzyEyCyD%26cr%3D1767014744%26a%3Dwbf_ytd_17_31%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}

SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ytd_17_27&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEtD0BtAyDyC0EtAtCtA0DtN0D0Tzu0StBtDtCyDtN1L2XzutAtFtBzytFtAtFzztAtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtD0DyDyCyBtDtDtGyC0B0FzytGyCtC0EtAtGtAtDyDtAtGzyyB0DzztD0E0BtCzyzytA0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0AyEtCtBtA0E0EtGzz0AyC0DtGyE0FtD0CtGzy0D0EtCtGtCzzyCyEzytDyDzyzztBzzzy2QtN0A0LzutB%26cr%3D977900038%26a%3Dwbf_ytd_17_27%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ytd_17_27&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEtD0BtAyDyC0EtAtCtA0DtN0D0Tzu0StBtDtCyDtN1L2XzutAtFtBzytFtAtFzztAtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtD0DyDyCyBtDtDtGyC0B0FzytGyCtC0EtAtGtAtDyDtAtGzyyB0DzztD0E0BtCzyzytA0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0AyEtCtBtA0E0EtGzz0AyC0DtGyE0FtD0CtGzy0D0EtCtGtCzzyCyEzytDyDzyzztBzzzy2QtN0A0LzutB%26cr%3D977900038%26a%3Dwbf_ytd_17_27%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ytd_17_27&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEtD0BtAyDyC0EtAtCtA0DtN0D0Tzu0StBtDtCyDtN1L2XzutAtFtBzytFtAtFzztAtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtD0DyDyCyBtDtDtGyC0B0FzytGyCtC0EtAtGtAtDyDtAtGzyyB0DzztD0E0BtCzyzytA0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0AyEtCtBtA0E0EtGzz0AyC0DtGyE0FtD0CtGzy0D0EtCtGtCzzyCyEzytDyDzyzztBzzzy2QtN0A0LzutB%26cr%3D977900038%26a%3Dwbf_ytd_17_27%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}

SearchScopes: HKLM-x32 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ytd_17_31&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEtD0BtAyDyC0EtAtCtA0DtN0D0Tzu0StBtDyEtCtN1L2XzuyEtFtCtDtFtDtFyDtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyC0FzyyCyByDtBtBtGtCtDtDtBtG0FyDzy0AtGtA0Dzy0EtGzztCtAyCtB0CyC0C0AtDtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyEyD1Q1TyD1T1TtGtC1T1TtCtGyE1P1O1PtG1StBtCzztG1Q1OtBzyyB1SyDtC1RzztDtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAyCyDtAtN1Q2Z1B1P1RzutCyDtDtCyBzyzzyEyCyD%26cr%3D1767014744%26a%3Dwbf_ytd_17_31%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}

SearchScopes: HKLM-x32 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

SearchScopes: HKU\.DEFAULT -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL =

SearchScopes: HKU\S-1-5-21-841750178-498971265-2751758377-1003 -> {93FA4593-19F7-4A0E-B3E2-4293BF144411} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=407453&p={searchTerms}

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLive**gin.dll => No File

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)

BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27] (Microsoft Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLive**gin.dll [2010-09-21] (Microsoft Corp.)

BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll => No File

Toolbar: HKLM - FindWide Toolbar - {8C04F392-3971-4B7C-9A1E-EE4792A722F5} - C:\Program Files (x86)\TNT2\Profiles\11083\passport64.dll No File

Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll No File

Toolbar: HKU\S-1-5-21-841750178-498971265-2751758377-1003 -> FindWide Toolbar - {8C04F392-3971-4B7C-9A1E-EE4792A722F5} - C:\Program Files (x86)\TNT2\Profiles\11083\passport64.dll No File

DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdown**ad2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll [2016-11-14] (Intuit, Inc.)

Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)

StartMenuInternet: IEXP**RE.EXE - iexp**re.exe

 

FireFox:

========

FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox => not found

FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension

FF Extension: (Search Helper Extension) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2013-01-19] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension

FF Extension: (Default Manager) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2013-01-19] [not signed]

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [No File]

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll [No File]

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-22] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

 

Chrome:

=======

CHR DefaultSearchURL: Default -> hxxp://search.searchtcn.com/s?remove=remove&query={searchTerms}

CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}

CHR Profile: C:\Users\User Account\AppData\**cal\Google\Chrome\User Data\Default [2017-11-05]

CHR Extension: (Slides) - C:\Users\User Account\AppData\**cal\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-21]

CHR Extension: (Docs) - C:\Users\User Account\AppData\**cal\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi**kake [2017-10-21]

CHR Extension: (Google Drive) - C:\Users\User Account\AppData\**cal\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-27]

CHR Extension: (YouTube) - C:\Users\User Account\AppData\**cal\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-27]

CHR Extension: (Sheets) - C:\Users\User Account\AppData\**cal\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-21]

CHR Extension: (Google Docs Offline) - C:\Users\User Account\AppData\**cal\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbd**lhkhi [2016-03-28]

CHR Extension: (Chrome Web Store Payments) - C:\Users\User Account\AppData\**cal\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-27]

CHR Extension: (Tube World) - C:\Users\User Account\AppData\**cal\Google\Chrome\User Data\Default\Extensions\oknbbfglleniifhfokkamioogejffnfc [2017-08-27]

CHR Extension: (Gmail) - C:\Users\User Account\AppData\**cal\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-27]

CHR Extension: (Chrome Media Router) - C:\Users\User Account\AppData\**cal\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-29]

CHR HKLM\...\Chrome\Extension: [pilpl**abdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

CHR HKU\S-1-5-21-841750178-498971265-2751758377-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oknbbfglleniifhfokkamioogejffnfc] - hxxps://clients2.google.com/service/update2/crx

CHR HKU\S-1-5-21-841750178-498971265-2751758377-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilpl**abdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [pilpl**abdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)

R2 dlee_device; C:\windows\system32\dleecoms.exe [1052328 2010-05-21] ( )

S2 GearSecurity; C:\Windows\SysWOW64\gearsec.exe [61440 2002-12-16] (GEAR Software) [File not signed]

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)

S2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62382256 2015-03-29] (Microsoft Corporation)

S3 MSSQLFDLauncher$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [42168 2015-03-29] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)

R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)

R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2010-09-30] (Intuit) [File not signed]

S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]

R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2016-11-14] (Intuit Inc.) [File not signed]

S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [442536 2015-03-29] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 GearAspiWDM; C:\Windows\SysWOW64\drivers\gearaspiwdm.sys [9184 2002-12-16] (GEAR Software) [File not signed]

R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)

R1 MpKsl110360ed; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EAD61274-2FB0-4743-8127-47A9F1D68A6C}\MpKsl110360ed.sys [58120 2017-11-05] (Microsoft Corporation)

R3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)

S3 RimUsb; C:\windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)

S4 RsFx0153; C:\windows\System32\DRIVERS\RsFx0153.sys [322736 2015-03-29] (Microsoft Corporation)

U3 BcmSqlStartupSvc; no ImagePath

U3 IGRS; no ImagePath

U2 IviRegMgr; no ImagePath

S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]

U2 ReadyComm.DirectRouter; no ImagePath

U2 RichVideo; no ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-11-05 19:29 - 2017-11-05 19:31 - 000020278 _____ C:\Users\User Account\Down**ads\FRST.txt

2017-11-05 19:23 - 2017-11-05 19:29 - 000000000 ____D C:\FRST

2017-11-05 19:22 - 2017-11-05 19:22 - 002403328 _____ (Farbar) C:\Users\User Account\Down**ads\FRST64.exe

2017-11-05 19:20 - 2017-11-05 19:21 - 001799680 _____ (Farbar) C:\Users\User Account\Down**ads\FRST.exe

2017-11-04 18:38 - 2017-11-05 18:54 - 000000374 _____ C:\Users\User Account\Desktop\The ***** *********** Company, LLC2011.qbw.ND

2017-11-04 18:37 - 2017-11-05 18:54 - 000327680 ____R C:\Users\User Account\Desktop\The ***** *********** Company, LLC2011.QBW.TLG

2017-11-04 12:19 - 2017-11-04 18:52 - 000000000 ____D C:\Users\User Account\AppData\Roaming\SoftGrid Client

2017-11-04 12:19 - 2017-11-04 12:19 - 000000000 ____D C:\Users\User Account\AppData\**cal\SoftGrid Client

2017-11-03 20:35 - 2017-11-03 20:39 - 000000000 ____D C:\Users\User Account\Documents\SQL Server Management Studio

2017-11-03 20:12 - 2017-11-03 20:16 - 000000000 ____D C:\GMBU

2017-11-02 11:59 - 2017-11-02 12:00 - 000000376 _____ C:\windows\ODBC.INI

2017-11-02 11:56 - 2017-11-04 18:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

2017-11-02 11:56 - 2017-11-02 11:56 - 000000000 ____D C:\Program Files (x86)\Microsoft ActiveSync

2017-11-02 11:46 - 2017-11-02 11:46 - 000000000 __RHD C:\MSOCache

2017-11-01 12:46 - 2017-11-01 12:49 - 000000000 ____D C:\AdwCleaner

2017-11-01 12:46 - 2017-10-07 11:40 - 008250832 _____ (Malwarebytes) C:\Users\User Account\Desktop\adwcleaner_7.0.3.1.exe

2017-11-01 12:40 - 2017-11-01 12:40 - 000000000 ____D C:\windows\pss

2017-11-01 12:38 - 2017-11-01 12:39 - 000160858 _____ C:\windows\ntbt**g.txt

2017-11-01 12:29 - 2017-11-01 12:29 - 000000017 _____ C:\Users\User Account\AppData\**cal\resmon.resmoncfg

2017-10-31 13:11 - 2017-10-31 13:11 - 000000000 ____D C:\Program Files\SQL Server Management Studio

2017-10-30 16:00 - 2017-10-30 16:00 - 126925120 ____C (Microsoft Corporation) C:\windows\system32\MRT-KB890830.exe

2017-10-27 19:44 - 2017-11-05 18:54 - 032555008 ____R C:\Users\User Account\Desktop\The ***** *********** Company, LLC2011.qbw

2017-10-25 17:57 - 2017-10-25 17:58 - 005250048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe

2017-10-23 14:45 - 2017-10-23 14:45 - 000075159 _____ C:\Users\User Account\Desktop\20171020151640642.pdf

2017-10-21 18:13 - 2017-10-20 15:45 - 000009470 _____ C:\Users\User Account\Desktop\St. **uis Association of Realtors Gala  JOB #9-310988 (revised 10-20-17).pdf

2017-10-21 17:13 - 2017-10-21 17:13 - 000000000 ____D C:\Users\User Account\Documents\Joy Spiegel

2017-10-10 15:40 - 2017-09-13 09:33 - 000631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi

2017-10-10 15:40 - 2017-09-13 09:32 - 005547752 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe

2017-10-10 15:40 - 2017-09-13 09:32 - 000706792 _____ (Microsoft Corporation) C:\windows\system32\win**ad.efi

2017-10-10 15:40 - 2017-09-13 09:32 - 000154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys

2017-10-10 15:40 - 2017-09-13 09:32 - 000095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys

2017-10-10 15:40 - 2017-09-13 09:31 - 001732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll

2017-10-10 15:40 - 2017-09-13 09:28 - 001212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll

2017-10-10 15:40 - 2017-09-13 09:28 - 001068544 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll

2017-10-10 15:40 - 2017-09-13 09:28 - 000886272 _____ (Microsoft Corporation) C:\windows\system32\wlansvc.dll

2017-10-10 15:40 - 2017-09-13 09:28 - 000503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll

2017-10-10 15:40 - 2017-09-13 09:28 - 000448512 _____ (Microsoft Corporation) C:\windows\system32\wlansec.dll

2017-10-10 15:40 - 2017-09-13 09:28 - 000414208 _____ (Microsoft Corporation) C:\windows\system32\wlanmsm.dll

2017-10-10 15:40 - 2017-09-13 09:28 - 000362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll

2017-10-10 15:40 - 2017-09-13 09:28 - 000345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll

2017-10-10 15:40 - 2017-09-13 09:28 - 000316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll

2017-10-10 15:40 - 2017-09-13 09:28 - 000312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll

2017-10-10 15:40 - 2017-09-13 09:28 - 000243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll

2017-10-10 15:40 - 2017-09-13 09:28 - 000215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll

2017-10-10 15:40 - 2017-09-13 09:28 - 000210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll

2017-10-10 15:40 - 2017-09-13 09:28 - 000190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll

2017-10-10 15:40 - 2017-09-13 09:28 - 000146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll

2017-10-10 15:40 - 2017-09-13 09:28 - 000135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll

2017-10-10 15:40 - 2017-09-13 09:28 - 000118784 _____ (Microsoft Corporation) C:\windows\system32\wlanhlp.dll

2017-10-10 15:40 - 2017-09-13 09:28 - 000113664 _____ (Microsoft Corporation) C:\windows\system32\wlanapi.dll

2017-10-10 15:40 - 2017-09-13 09:28 - 000086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll

2017-10-10 15:40 - 2017-09-13 09:28 - 000063488 _____ (Microsoft Corporation) C:\windows\system32\setbcd**cale.dll

2017-10-10 15:40 - 2017-09-13 09:28 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll

2017-10-10 15:40 - 2017-09-13 09:28 - 000050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll

2017-10-10 15:40 - 2017-09-13 09:28 - 000028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll

2017-10-10 15:40 - 2017-09-13 09:28 - 000028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll

2017-10-10 15:40 - 2017-09-13 09:28 - 000016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll

2017-10-10 15:40 - 2017-09-13 09:28 - 000013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 001460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 001163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000731648 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-**calregistry-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-**calization-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-library**ader-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-inter**cked-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delay**ad-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:27 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:13 - 004001512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe

2017-10-10 15:40 - 2017-09-13 09:13 - 003945704 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe

2017-10-10 15:40 - 2017-09-13 09:10 - 001314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll

2017-10-10 15:40 - 2017-09-13 09:09 - 001114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll

2017-10-10 15:40 - 2017-09-13 09:09 - 000830464 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll

2017-10-10 15:40 - 2017-09-13 09:09 - 000666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll

2017-10-10 15:40 - 2017-09-13 09:09 - 000428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlanmsm.dll

2017-10-10 15:40 - 2017-09-13 09:09 - 000392704 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlansec.dll

2017-10-10 15:40 - 2017-09-13 09:09 - 000275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll

2017-10-10 15:40 - 2017-09-13 09:09 - 000261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll

2017-10-10 15:40 - 2017-09-13 09:09 - 000254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll

2017-10-10 15:40 - 2017-09-13 09:09 - 000223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll

2017-10-10 15:40 - 2017-09-13 09:09 - 000172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll

2017-10-10 15:40 - 2017-09-13 09:09 - 000146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll

2017-10-10 15:40 - 2017-09-13 09:09 - 000141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll

2017-10-10 15:40 - 2017-09-13 09:09 - 000096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll

2017-10-10 15:40 - 2017-09-13 09:09 - 000083968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlanhlp.dll

2017-10-10 15:40 - 2017-09-13 09:09 - 000082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll

2017-10-10 15:40 - 2017-09-13 09:09 - 000080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlanapi.dll

2017-10-10 15:40 - 2017-09-13 09:09 - 000065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll

2017-10-10 15:40 - 2017-09-13 09:09 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll

2017-10-10 15:40 - 2017-09-13 09:09 - 000043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll

2017-10-10 15:40 - 2017-09-13 09:09 - 000022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll

2017-10-10 15:40 - 2017-09-13 09:09 - 000005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll

2017-10-10 15:40 - 2017-09-13 09:08 - 000690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll

2017-10-10 15:40 - 2017-09-13 09:08 - 000644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll

2017-10-10 15:40 - 2017-09-13 09:08 - 000554496 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll

2017-10-10 15:40 - 2017-09-13 09:08 - 000342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll

2017-10-10 15:40 - 2017-09-13 09:08 - 000050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll

2017-10-10 15:40 - 2017-09-13 09:08 - 000017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll

2017-10-10 15:40 - 2017-09-13 09:08 - 000006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll

2017-10-10 15:40 - 2017-09-13 09:08 - 000005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:08 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:08 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:08 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:08 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:08 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-**calregistry-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:08 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-**calization-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:08 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:08 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:08 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:08 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-library**ader-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:08 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-inter**cked-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:08 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:08 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:08 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:08 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:08 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:08 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:08 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:08 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:08 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delay**ad-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:08 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:08 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:08 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 09:05 - 000324608 _____ (Microsoft Corporation) C:\windows\system32\Drivers\nwifi.sys

2017-10-10 15:40 - 2017-09-13 09:00 - 000148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe

2017-10-10 15:40 - 2017-09-13 09:00 - 000064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe

2017-10-10 15:40 - 2017-09-13 09:00 - 000062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys

2017-10-10 15:40 - 2017-09-13 09:00 - 000017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe

2017-10-10 15:40 - 2017-09-13 08:57 - 000338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe

2017-10-10 15:40 - 2017-09-13 08:56 - 000296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe

2017-10-10 15:40 - 2017-09-13 08:53 - 000291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys

2017-10-10 15:40 - 2017-09-13 08:53 - 000159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys

2017-10-10 15:40 - 2017-09-13 08:53 - 000129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys

2017-10-10 15:40 - 2017-09-13 08:52 - 000112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe

2017-10-10 15:40 - 2017-09-13 08:52 - 000030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe

2017-10-10 15:40 - 2017-09-13 08:50 - 000050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe

2017-10-10 15:40 - 2017-09-13 08:47 - 000025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe

2017-10-10 15:40 - 2017-09-13 08:46 - 000036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll

2017-10-10 15:40 - 2017-09-13 08:46 - 000014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll

2017-10-10 15:40 - 2017-09-13 08:46 - 000007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe

2017-10-10 15:40 - 2017-09-13 08:46 - 000006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 08:46 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 08:46 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 08:46 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2017-10-10 15:40 - 2017-09-13 08:46 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe

2017-10-10 15:40 - 2017-09-08 18:45 - 000395984 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll

2017-10-10 15:40 - 2017-09-08 17:47 - 000347344 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll

2017-10-10 15:40 - 2017-09-08 09:34 - 001680616 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys

2017-10-10 15:40 - 2017-09-08 09:30 - 002319872 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll

2017-10-10 15:40 - 2017-09-08 09:30 - 002222080 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll

2017-10-10 15:40 - 2017-09-08 09:30 - 002058240 _____ (Microsoft Corporation) C:\windows\system32\Query.dll

2017-10-10 15:40 - 2017-09-08 09:30 - 000778240 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll

2017-10-10 15:40 - 2017-09-08 09:30 - 000491520 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll

2017-10-10 15:40 - 2017-09-08 09:30 - 000405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll

2017-10-10 15:40 - 2017-09-08 09:30 - 000288256 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll

2017-10-10 15:40 - 2017-09-08 09:30 - 000149504 _____ (Microsoft Corporation) C:\windows\system32\t2embed.dll

2017-10-10 15:40 - 2017-09-08 09:30 - 000115200 _____ (Microsoft Corporation) C:\windows\system32\mssitlb.dll

2017-10-10 15:40 - 2017-09-08 09:30 - 000099840 _____ (Microsoft Corporation) C:\windows\system32\mssprxy.dll

2017-10-10 15:40 - 2017-09-08 09:30 - 000075264 _____ (Microsoft Corporation) C:\windows\system32\msscntrs.dll

2017-10-10 15:40 - 2017-09-08 09:30 - 000014336 _____ (Microsoft Corporation) C:\windows\system32\msshooks.dll

2017-10-10 15:40 - 2017-09-08 09:14 - 000591872 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe

2017-10-10 15:40 - 2017-09-08 09:13 - 000249856 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe

2017-10-10 15:40 - 2017-09-08 09:13 - 000113664 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe

2017-10-10 15:40 - 2017-09-08 09:10 - 001549824 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll

2017-10-10 15:40 - 2017-09-08 09:10 - 001363968 _____ (Microsoft Corporation) C:\windows\SysWOW64\Query.dll

2017-10-10 15:40 - 2017-09-08 09:10 - 000312832 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll

2017-10-10 15:40 - 2017-09-08 09:10 - 000109568 _____ (Microsoft Corporation) C:\windows\SysWOW64\t2embed.dll

2017-10-10 15:40 - 2017-09-08 09:09 - 001400320 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll

2017-10-10 15:40 - 2017-09-08 09:09 - 000666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll

2017-10-10 15:40 - 2017-09-08 09:09 - 000337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll

2017-10-10 15:40 - 2017-09-08 09:09 - 000197120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssphtb.dll

2017-10-10 15:40 - 2017-09-08 09:09 - 000104448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssitlb.dll

2017-10-10 15:40 - 2017-09-08 09:09 - 000059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscntrs.dll

2017-10-10 15:40 - 2017-09-08 09:09 - 000034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssprxy.dll

2017-10-10 15:40 - 2017-09-08 09:00 - 003222016 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

2017-10-10 15:40 - 2017-09-08 09:00 - 000427520 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe

2017-10-10 15:40 - 2017-09-08 09:00 - 000164352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe

2017-10-10 15:40 - 2017-09-08 08:59 - 000086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchFilterHost.exe

2017-10-10 15:40 - 2017-09-08 08:59 - 000009728 _____ (Microsoft Corporation) C:\windows\SysWOW64\msshooks.dll

2017-10-10 15:40 - 2017-09-08 08:20 - 000640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswstr10.dll

2017-10-10 15:40 - 2017-09-08 08:20 - 000345088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msexcl40.dll

2017-10-10 15:40 - 2017-09-08 08:20 - 000008704 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjint40.dll

2017-10-10 15:40 - 2017-09-07 15:38 - 002724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2017-10-10 15:40 - 2017-09-07 15:37 - 000004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll

2017-10-10 15:40 - 2017-09-07 15:19 - 000066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2017-10-10 15:40 - 2017-09-07 15:18 - 000417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec

2017-10-10 15:40 - 2017-09-07 15:18 - 000048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll

2017-10-10 15:40 - 2017-09-07 15:17 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2017-10-10 15:40 - 2017-09-07 15:17 - 000088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll

2017-10-10 15:40 - 2017-09-07 15:15 - 002902528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2017-10-10 15:40 - 2017-09-07 15:08 - 025729536 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2017-10-10 15:40 - 2017-09-07 15:08 - 000054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2017-10-10 15:40 - 2017-09-07 15:07 - 000034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2017-10-10 15:40 - 2017-09-07 15:02 - 000615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2017-10-10 15:40 - 2017-09-07 15:01 - 000814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll

2017-10-10 15:40 - 2017-09-07 15:01 - 000144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe

2017-10-10 15:40 - 2017-09-07 15:01 - 000116224 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe

2017-10-10 15:40 - 2017-09-07 15:00 - 000817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll

2017-10-10 15:40 - 2017-09-07 14:52 - 000968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe

2017-10-10 15:40 - 2017-09-07 14:48 - 000489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll

2017-10-10 15:40 - 2017-09-07 14:40 - 005982208 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2017-10-10 15:40 - 2017-09-07 14:39 - 000077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll

2017-10-10 15:40 - 2017-09-07 14:38 - 000087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx

2017-10-10 15:40 - 2017-09-07 14:37 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll

2017-10-10 15:40 - 2017-09-07 14:33 - 000199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2017-10-10 15:40 - 2017-09-07 14:32 - 000092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2017-10-10 15:40 - 2017-09-07 14:29 - 000315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll

2017-10-10 15:40 - 2017-09-07 14:27 - 000152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll

2017-10-10 15:40 - 2017-09-07 14:13 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll

2017-10-10 15:40 - 2017-09-07 14:10 - 000807936 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2017-10-10 15:40 - 2017-09-07 14:10 - 000726528 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2017-10-10 15:40 - 2017-09-07 14:08 - 002134528 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

2017-10-10 15:40 - 2017-09-07 14:08 - 001359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll

2017-10-10 15:40 - 2017-09-07 13:44 - 015262720 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2017-10-10 15:40 - 2017-09-07 13:40 - 003240960 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2017-10-10 15:40 - 2017-09-07 13:27 - 002724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2017-10-10 15:40 - 2017-09-07 13:27 - 001548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2017-10-10 15:40 - 2017-09-07 13:17 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

2017-10-10 15:40 - 2017-09-07 13:11 - 000062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2017-10-10 15:40 - 2017-09-07 13:10 - 000499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll

2017-10-10 15:40 - 2017-09-07 13:10 - 000341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec

2017-10-10 15:40 - 2017-09-07 13:10 - 000047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll

2017-10-10 15:40 - 2017-09-07 13:09 - 000064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll

2017-10-10 15:40 - 2017-09-07 13:04 - 020267008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2017-10-10 15:40 - 2017-09-07 13:03 - 002292736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2017-10-10 15:40 - 2017-09-07 13:03 - 000047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2017-10-10 15:40 - 2017-09-07 13:02 - 000030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2017-10-10 15:40 - 2017-09-07 12:59 - 000476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2017-10-10 15:40 - 2017-09-07 12:58 - 000663040 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll

2017-10-10 15:40 - 2017-09-07 12:58 - 000620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll

2017-10-10 15:40 - 2017-09-07 12:58 - 000115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe

2017-10-10 15:40 - 2017-09-07 12:49 - 000416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll

2017-10-10 15:40 - 2017-09-07 12:44 - 000073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx

2017-10-10 15:40 - 2017-09-07 12:44 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll

2017-10-10 15:40 - 2017-09-07 12:43 - 000091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll

2017-10-10 15:40 - 2017-09-07 12:40 - 000168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll

2017-10-10 15:40 - 2017-09-07 12:39 - 000076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

2017-10-10 15:40 - 2017-09-07 12:37 - 000279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll

2017-10-10 15:40 - 2017-09-07 12:36 - 000130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll

2017-10-10 15:40 - 2017-09-07 12:29 - 004547072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2017-10-10 15:40 - 2017-09-07 12:29 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll

2017-10-10 15:40 - 2017-09-07 12:26 - 000694784 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2017-10-10 15:40 - 2017-09-07 12:25 - 002058752 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl

2017-10-10 15:40 - 2017-09-07 12:25 - 001155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll

2017-10-10 15:40 - 2017-09-07 12:17 - 013677568 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2017-10-10 15:40 - 2017-09-07 12:01 - 002767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2017-10-10 15:40 - 2017-09-07 11:57 - 001316864 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2017-10-10 15:40 - 2017-09-07 11:57 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

2017-10-10 15:40 - 2017-09-07 09:31 - 002851328 _____ (Microsoft Corporation) C:\windows\system32\themeui.dll

2017-10-10 15:40 - 2017-09-07 09:12 - 002755072 _____ (Microsoft Corporation) C:\windows\SysWOW64\themeui.dll

2017-10-10 15:40 - 2017-09-07 08:55 - 000461312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys

2017-10-10 15:40 - 2017-09-07 08:55 - 000405504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys

2017-10-10 15:40 - 2017-09-07 08:55 - 000168448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys

2017-10-10 15:40 - 2017-08-19 09:28 - 004121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll

2017-10-10 15:40 - 2017-08-19 09:28 - 000206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll

2017-10-10 15:40 - 2017-08-19 09:28 - 000002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll

2017-10-10 15:40 - 2017-08-19 09:10 - 003209216 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll

2017-10-10 15:40 - 2017-08-19 09:10 - 000103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll

2017-10-10 15:40 - 2017-08-19 09:10 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll

2017-10-10 15:40 - 2017-08-19 09:08 - 000055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe

2017-10-10 15:40 - 2017-08-19 09:08 - 000024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe

2017-10-10 15:40 - 2017-08-19 08:57 - 000050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe

2017-10-10 15:40 - 2017-08-19 08:57 - 000023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe

2017-10-10 15:40 - 2017-08-14 11:35 - 001032192 _____ (Microsoft Corporation) C:\windows\system32\rdpcore.dll

2017-10-10 15:40 - 2017-08-14 11:35 - 000827904 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpcore.dll

2017-10-10 15:40 - 2017-08-14 11:35 - 000022528 _____ (Microsoft Corporation) C:\windows\system32\icaapi.dll

2017-10-10 15:40 - 2017-08-13 15:45 - 000040448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys

2017-10-07 13:03 - 2017-10-07 13:03 - 000000000 ____D C:\Users\User Account\AppData\Roaming\ICAClient

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-11-05 18:28 - 2016-11-05 11:39 - 000000000 ____D C:\Users\User Account\Desktop\For Other Storage **cations

2017-11-05 16:30 - 2009-07-13 22:45 - 000019520 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2017-11-05 16:30 - 2009-07-13 22:45 - 000019520 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-11-05 16:05 - 2009-07-13 23:13 - 000877036 _____ C:\windows\system32\PerfStringBackup.INI

2017-11-05 16:05 - 2009-07-13 21:20 - 000000000 ____D C:\windows\inf

2017-11-05 15:58 - 2009-07-13 23:08 - 000000006 ____H C:\windows\Tasks\SA.DAT

2017-11-04 18:59 - 2009-07-13 20:34 - 000000625 _____ C:\windows\win.ini

2017-11-04 09:05 - 2009-07-13 22:45 - 000475680 _____ C:\windows\system32\FNTCACHE.DAT

2017-11-03 20:48 - 2009-07-13 21:20 - 000000000 ____D C:\windows\registration

2017-11-02 14:55 - 2013-07-02 21:40 - 000136248 _____ C:\Users\User Account\AppData\**cal\GDIPFONTCACHEV1.DAT

2017-11-02 11:56 - 2011-04-28 12:36 - 000000000 ____D C:\Program Files (x86)\Microsoft Office

2017-11-02 11:56 - 2009-07-29 01:23 - 000000000 ____D C:\windows\ShellNew

2017-11-02 11:46 - 2009-07-13 21:20 - 000000000 ____D C:\windows\system

2017-11-01 13:11 - 2013-07-02 21:40 - 000000000 ____D C:\Users\User Account

2017-11-01 12:37 - 2011-07-04 11:27 - 000000481 _____ C:\windows\Brownie.ini

2017-11-01 12:35 - 2016-06-15 20:20 - 000000000 ____D C:\Users\User Account\AppData\Roaming\Skype

2017-11-01 12:25 - 2011-04-28 12:44 - 000000000 ____D C:\ProgramData\VeriFace

2017-10-31 16:09 - 2014-07-22 14:34 - 000000000 ____D C:\Program Files\Microsoft SQL Server

2017-10-30 16:13 - 2013-08-16 17:35 - 000000000 ____D C:\windows\system32\MRT

2017-10-30 16:00 - 2011-07-06 06:58 - 126925120 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe

2017-10-27 19:24 - 2017-03-13 21:41 - 000000000 ____D C:\Program Files\iTunes

2017-10-27 19:24 - 2012-12-25 20:43 - 000000000 ____D C:\Program Files\iPod

2017-10-27 19:24 - 2009-07-13 21:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared

2017-10-27 19:23 - 2012-12-25 20:42 - 000000000 ____D C:\Program Files\Common Files\Apple

2017-10-27 19:22 - 2017-03-13 21:34 - 000000000 ____D C:\Program Files\Bonjour

2017-10-27 16:41 - 2014-02-10 21:40 - 000000000 ____D C:\Users\User Account\AppData\Roaming\vlc

2017-10-27 14:02 - 2017-08-07 19:18 - 000000000 ____D C:\Users\User Account\AppData\Roaming\dvdcss

2017-10-25 18:01 - 2013-10-21 16:04 - 000004312 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater

2017-10-25 18:00 - 2013-10-21 16:04 - 000803328 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2017-10-25 18:00 - 2013-10-21 16:04 - 000144896 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2017-10-25 18:00 - 2013-10-21 16:04 - 000000000 ____D C:\windows\system32\Macromed

2017-10-25 17:58 - 2011-04-28 12:48 - 000000000 ____D C:\windows\SysWOW64\Macromed

2017-10-23 13:04 - 2011-07-04 11:29 - 000000426 _____ C:\windows\BRWMARK.INI

2017-10-21 17:16 - 2016-11-12 14:27 - 000000000 ____D C:\Users\User Account\Documents\*** ******* **** ******

2017-10-21 17:14 - 2017-10-04 19:30 - 000000000 ____D C:\Users\User Account\Documents\******** *******

2017-10-20 12:27 - 2016-11-12 14:24 - 000000000 ____D C:\Users\User Account\Documents\****

2017-10-11 15:58 - 2011-07-25 18:59 - 000869650 _____ C:\windows\SysWOW64\PerfStringBackup.INI

2017-10-08 17:41 - 2011-06-24 20:02 - 000000000 ____D C:\Users\*******

2017-10-07 13:07 - 2014-02-13 19:36 - 000000000 ____D C:\Users\User Account\Desktop\TO BE READ ONLY UPON MY PASSING

2017-10-07 12:59 - 2017-07-05 17:57 - 000000000 ____D C:\Users\User Account\Desktop\*** ***** ******** ***********

2017-10-06 23:25 - 2014-02-08 01:41 - 000000000 ____D C:\Users\User Account\Desktop\******** ********

2017-10-06 20:49 - 2016-11-29 23:28 - 000011983 _____ C:\Users\User Account\Documents\******* *****t.xlsx

 

==================== Files in the root of some directories =======

 

2015-02-20 20:31 - 2015-05-29 23:19 - 000000127 _____ () C:\Users\User Account\AppData\Roaming\WB.CFG

2015-02-20 19:39 - 2015-02-20 19:39 - 000000088 _____ () C:\Users\User Account\AppData\**cal\3b4ed08360f69378a008d7560300e9e2

2015-02-26 12:52 - 2015-02-26 12:52 - 000000010 _____ () C:\Users\User Account\AppData\**cal\DSI.DAT

2017-06-12 00:32 - 2017-06-12 00:32 - 000001565 _____ () C:\Users\User Account\AppData\**cal\recently-used.xbel

2017-11-01 12:29 - 2017-11-01 12:29 - 000000017 _____ () C:\Users\User Account\AppData\**cal\resmon.resmoncfg

2015-06-18 17:34 - 2015-06-18 18:10 - 000000518 _____ () C:\ProgramData\dleescan.**g

2011-04-28 12:37 - 2011-06-24 19:57 - 000000235 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

 

Some files in TEMP:

====================

2012-04-26 18:10 - 2012-04-26 18:10 - 000000000 _____ () C:\Users\*******\AppData\**cal\Temp\haidctqk.dll

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\windows\system32\win**gon.exe => File is digitally signed

C:\windows\system32\wininit.exe => File is digitally signed

C:\windows\SysWOW64\wininit.exe => File is digitally signed

C:\windows\exp**rer.exe => File is digitally signed

C:\windows\SysWOW64\exp**rer.exe => File is digitally signed

C:\windows\system32\svchost.exe => File is digitally signed

C:\windows\SysWOW64\svchost.exe => File is digitally signed

C:\windows\system32\services.exe => File is digitally signed

C:\windows\system32\User32.dll => File is digitally signed

C:\windows\SysWOW64\User32.dll => File is digitally signed

C:\windows\system32\userinit.exe => File is digitally signed

C:\windows\SysWOW64\userinit.exe => File is digitally signed

C:\windows\system32\rpcss.dll => File is digitally signed

C:\windows\system32\dnsapi.dll => File is digitally signed

C:\windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2017-11-03 20:00

 

==================== End of FRST.txt ============================

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017

Ran by User Account (05-11-2017 19:33:14)

Running from C:\Users\User Account\Down**ads

Windows 7 Home Premium Service Pack 1 (X64) (2011-06-25 02:02:48)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-841750178-498971265-2751758377-500 - Administrator - Disabled)

Guest (S-1-5-21-841750178-498971265-2751758377-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-841750178-498971265-2751758377-1004 - Limited - Enabled)

******* (S-1-5-21-841750178-498971265-2751758377-1000 - Administrator - Enabled) => C:\Users\*******

User Account (S-1-5-21-841750178-498971265-2751758377-1003 - Administrator - Enabled) => C:\Users\User Account

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}

AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 1.1.377 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)

Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.183 - Adobe Systems Incorporated)

Adobe Reader 9.0.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90100000001}) (Version: 9.0.1 - Adobe Systems Incorporated)

Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)

Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.0.2282.0 - Microsoft Corporation)

Bing Bar Platform (HKLM-x32\...\{77C4850C-3592-4A2F-B652-ACB77A1EF77C}) (Version: 6.0.2282.0 - Microsoft Corporation) Hidden

Bing Rewards Client Installer (HKLM-x32\...\{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}) (Version: 16.0.345.0 - Microsoft Corporation) Hidden

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Broadcom 802.11 Wireless Driver (HKLM-x32\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )

Brother HL-2040 (HKLM-x32\...\{6DA0C7EF-E4FC-4BDA-A8BA-BA0308DFF30C}) (Version: 1.00 - Brother)

Brother HL-2140 (HKLM-x32\...\{904AC23C-6F8C-482A-84CA-4A6C23ADC0CB}) (Version: 1.00 - Brother)

Cakewalk Pyro 2003 (HKLM-x32\...\Cakewalk Pyro 2003) (Version:  - )

Citrix Presentation Server Client (HKLM-x32\...\{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}) (Version: 10.200.2650 - Citrix Systems, Inc.)

CompanionLink (HKLM-x32\...\{506EA5AF-B1FF-4340-AFC5-7A3EAC61737F}) (Version: 6.00.6000 - CompanionLink Software, Inc.)

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.130.0.60 - Conexant)

Corel Update Manager (HKLM\...\{9E1EE683-0C7B-46E7-83EC-1F5A1D8F2296}) (Version: 2.3.170 - Corel corporation) Hidden

CorelDRAW Graphics Suite 2017 - Capture (x64) (HKLM\...\{AC9BB7B7-A763-43C5-9830-F3B78FDB051D}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - Common (x64) (HKLM\...\{B8C51F00-63AE-4327-A533-375CB7B6BF26}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - Connect (x64) (HKLM\...\{BD0F92AD-DFDB-4BC5-BAA5-FB27892F9483}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - Custom Data (x64) (HKLM\...\{E7975CC5-05E4-45E3-AFD3-234809F694A0}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - Draw (x64) (HKLM\...\{A16C7EEB-69CB-42A1-AD10-0E19A133D957}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - EN (x64) (HKLM\...\{DB9ECE8C-5065-4388-B70D-D137A2C03152}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - Filters (x64) (HKLM\...\{EEC42BAD-9517-450D-AF99-FA3C16D0377C}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - Font Manager (x64) (HKLM\...\{D276DE88-654E-4738-A736-6E18D12F0C34}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - IPM Content EN (x64) (HKLM\...\{D8295DBF-AFAE-4954-98E0-B07DF1853A64}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - IPM T (x64) (HKLM\...\{904B10A6-0D9C-4645-9C61-504FA92B9220}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - PHOTO-PAINT (x64) (HKLM\...\{B2D66383-4F98-4108-B6A3-F9CF8715875C}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - Redist (x64) (HKLM\...\{47865C60-4ED8-4678-B23F-C2D1C2DDC09C}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - Setup Files (x64) (HKLM\...\{07B49D5C-2AB6-4D40-8A9B-BEDA6021A7C7}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - VBA (x64) (HKLM\...\{5330DEB9-A612-4679-ACC1-D3D9C6190824}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - VideoBrowser (x64) (HKLM\...\{C451F155-26B7-48F2-8A8F-9428B4D479D2}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - Workspaces (x64) (HKLM\...\{F3EFAF0E-DF3C-4384-8A0F-90D79FEFD7F5}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - Writing Tools (x64) (HKLM\...\{E38357D4-1B80-400F-A6D7-B4D5DD83D979}) (Version: 19.0 -  Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 (HKLM\...\{79C52519-B717-45C2-8845-E55419A8E685}) (Version: 19.0 - Corel Corporation) Hidden

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.3030 - CyberLink Corp.)

D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden

eMachineShop version 1.916 (HKLM-x32\...\eMachineShop_is1) (Version: 1.916 - )

Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.0.8 - Lenovo)

FileZilla Client 3.25.2 (HKU\S-1-5-21-841750178-498971265-2751758377-1003\...\FileZilla Client) (Version: 3.25.2 - Tim Kosse)

GDR 4033 for SQL Server 2008 R2 (KB2977320) (64-bit) (HKLM\...\KB2977320) (Version: 10.52.4033.0 - Microsoft Corporation)

GDR 4042 for SQL Server 2008 R2 (KB3045313) (64-bit) (HKLM\...\KB3045313) (Version: 10.52.4042.0 - Microsoft Corporation)

Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden

GoldMine (HKLM-x32\...\{BF044A7B-D58D-4F39-AEF5-38585C61E2C3}) (Version: 2013.1.0.298 - FrontRange Solutions USA)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden

GoTo Opener (HKLM-x32\...\{8B2D47CC-1558-4939-B27F-41E30530072A}) (Version: 1.0.467 - **gMeIn, Inc.)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

Intel® Rapid Storage Techno**gy (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)

iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)

Jasc Paint Shop Photo Album (HKLM-x32\...\{B76D4A7F-FF11-4420-947C-C3AD624B9DBA}) (Version: 4.0.1 - Jasc Software, Inc.)

join.me (HKU\S-1-5-21-841750178-498971265-2751758377-1003\...\JoinMe) (Version: 3.2.1.5223 - **gMeIn, Inc.)

Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Lenovo DirectShare (HKLM-x32\...\{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft) Hidden

Lenovo DirectShare (HKLM-x32\...\InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft)

Lenovo EasyCamera (HKLM-x32\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 6.96.2018.21 - Lenovo EasyCamera)

Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.) Hidden

Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.)

Memorex exPressit Label Design Studio (HKLM-x32\...\MVApplication1) (Version:  - )

Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Basic Edition 2003 (HKLM-x32\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version:  - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)

Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{49860BCD-24D6-44C1-922E-AC12FE32234E}) (Version: 10.52.4042.0 - Microsoft Corporation)

Microsoft SQL Server 2008 R2 Policies (HKLM-x32\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation)

Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{B2213E4E-F502-4D36-BE95-9293C866EF3F}) (Version: 10.52.4042.0 - Microsoft Corporation)

Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)

Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM-x32\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)

Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{dd8b09df-3ef8-49f1-bd1a-65278435860b}) (Version: 14.0.23217 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

Olympus Digital Wave Player (HKLM-x32\...\{FB91E774-867B-4567-ACE7-8144EF036068}) (Version:  - )

Onekey Theater (HKLM-x32\...\{DFB19121-0609-49C1-92B1-546E5A940FE8}) (Version: 2.0.1.7 - Lenovo)

ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 2.2.4.25 - ooVoo LLC.)

Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.4809d4 - CyberLink Corp.)

QuickBooks (HKLM-x32\...\{1D70AABC-CB59-4700-A708-EA56D1CA07B0}) (Version: 21.0.4003.904 - Intuit Inc.) Hidden

QuickBooks Pro 2011 (HKLM-x32\...\{11E0AC7D-6822-4F67-865F-EE1C13D28C38}) (Version: 21.0.4003.904 - Intuit Inc.)

QuickBooks Pro Edition 2004 (HKLM-x32\...\{2b02f822-a9b9-458c-80e5-3ea8c0de8471}) (Version:  - )

QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)

Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.)

Service Pack 2 for SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Techno**gies S.A.)

SQL Server 2008 R2 SP2 Common Files (HKLM\...\{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden

SQL Server 2008 R2 SP2 Common Files (HKLM\...\{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden

SQL Server 2008 R2 SP2 Database Engine Services (HKLM\...\{FA7394B8-CE65-4F9E-AC99-F372AD365424}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden

SQL Server 2008 R2 SP2 Database Engine Services (HKLM\...\{FBD367D1-642F-47CF-B79B-9BE48FB34007}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden

SQL Server 2008 R2 SP2 Database Engine Shared (HKLM\...\{A2122A9C-A699-4365-ADF8-68FEAC125D61}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden

SQL Server 2008 R2 SP2 Database Engine Shared (HKLM\...\{C942A025-A840-4BF2-8987-849C0DD44574}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden

SQL Server 2008 R2 SP2 Full text search (HKLM\...\{A7E4E7DD-2099-4D58-AE31-6E0F663066DD}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden

SQL Server 2008 R2 SP2 Management Studio (HKLM\...\{51E5BC99-A087-4CFF-8D93-462903EA7E12}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden

SQL Server 2008 R2 SP2 Management Studio (HKLM\...\{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden

Sql Server Customer Experience Improvement Program (HKLM\...\{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden

SQLBackupAndFTP (HKLM-x32\...\SQLBackupAndFTP) (Version:  - )

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.25.0 - Synaptics Incorporated)

TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)

VeriFace (HKLM-x32\...\VeriFace) (Version: 3.6.0.1211 - Lenovo)

Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)

Windows Driver Package - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)

Windows Driver Package - OLYMPUS IMAGING CORP. (VNUSB) VNUSB  (09/29/2009 2.0.0.0) (HKLM\...\75BD84FDFF77342C2A347F729669CBD84CE11B04) (Version: 09/29/2009 2.0.0.0 - OLYMPUS IMAGING CORP.)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Wisdom-soft ScreenHunter 6.0 Free (HKLM-x32\...\Wisdom-soft ScreenHunter 6.0 Free) (Version:  - Wisdom Software Inc.)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-841750178-498971265-2751758377-1003_Classes\CLSID\{8C04F392-3971-4B7C-9A1E-EE4792A722F5}\InprocServer32 -> C:\Program Files (x86)\TNT2\Profiles\11083\passport64.dll => No File

ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll [2011-04-28] ()

ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)

ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)

ContextMenuHandlers3: [IkeyShlExt] -> {F1E551D1-822B-40e6-B4D8-A9B4A48AA07A} => C:\windows\system32\SimpleExt.dll [2011-04-28] ()

ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2010-03-31] (Intel Corporation)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {37ABADE2-2C96-44FF-B09D-859F43847AB6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-27] (Google Inc.)

Task: {7403344A-5744-4D8A-9047-C4C899C47CB3} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)

Task: {8208CB83-A5E7-4321-A8A1-31C010525B0F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-27] (Google Inc.)

Task: {907F6815-7C67-44AA-9226-FD4495573D4C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-25] (Adobe Systems Incorporated)

Task: {9B4582DC-0186-4294-9A22-7344967E76C5} - System32\Tasks\{F5B58BE7-9D6D-4A4F-B8EF-213E1CAE127A} => "c:\program files\internet exp**rer\iexp**re.exe" hxxp://ui.skype.com/ui/0/7.24.0.104/en/abandoninstall?source=lightinstaller&page=tsMain

Task: {AC9D3394-0F17-4086-A654-EF3DE9C43BB6} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe

Task: {D1C6231D-4C9D-43E9-9EE6-CC9AA602F166} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

Task: {D9FD6F88-BB4A-48C9-815C-A33FB067F933} - System32\Tasks\{0F53CEF4-98B9-46BB-BE05-C7A0C119F028} => C:\windows\system32\pcalua.exe -a G:\NTI\Setup.exe -d G:\NTI

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

 

==================== Shortcuts & WMI ========================

 

(The entries could be listed to be restored or removed.)

 

 

==================== **aded Modules (Whitelisted) ==============

 

2015-06-18 17:41 - 2009-11-04 12:18 - 000189440 _____ () C:\windows\system32\spool\PRTPROCS\x64\dleedrpp.dll

2017-01-13 12:56 - 2017-01-13 12:56 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2017-01-13 12:56 - 2017-01-13 12:56 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2011-04-28 12:44 - 2011-04-28 12:44 - 001502720 _____ () C:\windows\system32\IcnOvrly.dll

2017-04-30 05:19 - 2017-04-30 05:19 - 000052392 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll

2017-09-26 21:50 - 2017-09-21 01:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll

2017-09-26 21:50 - 2017-09-21 01:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll

2017-09-30 19:24 - 2017-09-30 19:24 - 000170496 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\a1c366bd9a6dd80d5b3c4d759fdf9a0a\IsdiInterop.ni.dll

2011-04-28 12:02 - 2010-03-03 14:08 - 000058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Techno**gy\IsdiInterop.dll

2010-09-30 17:51 - 2010-09-30 17:51 - 000268064 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll

2010-09-30 17:51 - 2010-09-30 17:51 - 000020256 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBCompressor.dll

2005-07-19 23:18 - 2005-07-19 23:18 - 000059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\zlib1.dll

2010-09-30 17:51 - 2010-09-30 17:51 - 000337184 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\BackupLib.dll

2010-09-30 17:51 - 2010-09-30 17:51 - 000124704 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBMAPILibrary.dll

2010-09-30 17:51 - 2010-09-30 17:51 - 000175904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll

2010-09-30 17:51 - 2010-09-30 17:51 - 000041248 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\mbpopup.dll

2010-09-30 17:51 - 2010-09-30 17:51 - 000068896 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\IPDWidgetBridge.dll

2010-09-30 17:51 - 2010-09-30 17:51 - 000092448 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\IPDWidgetInterop.dll

2010-09-30 17:51 - 2010-09-30 17:51 - 000057120 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\htmlhelper.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Exp**rer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 20:34 - 2017-08-04 12:29 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-841750178-498971265-2751758377-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\User Account\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.5.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Device Detector 2.lnk => C:\windows\pss\Device Detector 2.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\windows\pss\Intuit Data Protect.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\windows\pss\QuickBooks_Standard_21.lnk.CommonStartup

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: BrStsWnd => C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun

MSCONFIG\startupreg: cAudioFilterAgent => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe

MSCONFIG\startupreg: Chromium => c:\users\user account\appdata\**cal\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session

MSCONFIG\startupreg: Energy Management => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

MSCONFIG\startupreg: EnergyUtility => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe

MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Techno**gy\IAStorIcon.exe

MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe

MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

MSCONFIG\startupreg: OnekeyStudio => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe

MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"

MSCONFIG\startupreg: UpdateP2GShortCut => "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

MSCONFIG\startupreg: Web Companion => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize --restore-last-session

MSCONFIG\startupreg: YouCam Mirror Tray icon => "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{FCF5E484-5030-45AC-BB6A-45053FBDA306}] => (Al**w) C:\Users\User Account\AppData\**cal\iLivid\iLivid.exe

FirewallRules: [{D92E2B90-70BF-41BF-B0C9-7A8147B7C633}] => (Al**w) C:\Users\User Account\AppData\**cal\iLivid\iLivid.exe

FirewallRules: [{DD599FD8-F1A7-4B8B-8B99-254AF00DF254}] => (Al**w) C:\Users\User Account\AppData\**cal\iLivid\iLivid.exe

FirewallRules: [{8F3E0945-A1B6-4148-B1D1-8180686DCCCB}] => (Al**w) C:\Users\User Account\AppData\**cal\iLivid\iLivid.exe

FirewallRules: [{9DB9EA98-46FA-4D6A-B5BA-F1DEFE304D6F}] => (Al**w) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

FirewallRules: [{78AFA655-9E15-4741-932E-A9415B96F1E7}] => (Al**w) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

FirewallRules: [{F3BC9877-37F1-424F-82BD-607E60A4E492}] => (Al**w) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

FirewallRules: [{BD87AEAD-C5DC-4419-A8A0-9D841BD7FD92}] => (Al**w) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

FirewallRules: [{C003C618-80BC-4BAA-BB60-FE9D88FE45D0}] => (Al**w) C:\windows\system32\dleecoms.exe

FirewallRules: [TCP Query User{5BE7E736-6AA6-41DB-9DCB-8B1151230376}C:\program files (x86)\oovoo\oovoo.exe] => (B**ck) C:\program files (x86)\oovoo\oovoo.exe

FirewallRules: [UDP Query User{3DA29734-E55E-49D1-94F2-33164E30386A}C:\program files (x86)\oovoo\oovoo.exe] => (B**ck) C:\program files (x86)\oovoo\oovoo.exe

FirewallRules: [{18C28282-1877-4078-B5BA-5E5B13F532BC}] => (Al**w) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [TCP Query User{2CD41C4C-01EE-4D3F-BB4C-B7266324DBFD}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Al**w) C:\program files (x86)\filezilla ftp client\filezilla.exe

FirewallRules: [UDP Query User{DA761CB4-7F10-407A-B66A-17CB6CF4EE3D}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Al**w) C:\program files (x86)\filezilla ftp client\filezilla.exe

FirewallRules: [{6EE8E1E0-3291-4B37-98DE-85C5A6B37219}] => (Al**w) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{A831DFC3-1AB8-4576-941C-22FCE00E3BD2}] => (Al**w) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{B3582B47-AE33-41E2-BECB-8367E8D51483}] => (Al**w) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{88415435-5378-4A96-86F0-69769CDE837D}] => (Al**w) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{93956DBC-42B3-4BEF-8F24-5EBDD110B19A}] => (Al**w) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{0F412A46-445D-4E79-BD02-E38E39DF7996}] => (B**ck) c:\Program Files\Corel\CorelDRAW Graphics Suite 2017\Programs64\CorelDrw.exe

FirewallRules: [{526DED6B-F016-4D59-BAC0-DEF17F45B04F}] => (B**ck) c:\Program Files\Corel\CorelDRAW Graphics Suite 2017\Programs64\CorelPP.exe

FirewallRules: [{75F4969A-C1FD-46B0-BA68-A8E98C2EB9FD}] => (Al**w) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Restore Points =========================

 

01-11-2017 12:58:17 Removed Microsoft Office Home and Student 2010

02-11-2017 11:49:31 Installed Microsoft Office Basic Edition 2003

03-11-2017 09:29:57 Windows Update

04-11-2017 08:42:52 Windows Update

04-11-2017 18:53:29 Windows Update

 

==================== Faulty Device Manager Devices =============

 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft Teredo Tunneling Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

 

==================== Event **g errors: =========================

 

Application errors:

==================

Error: (11/05/2017 06:40:56 PM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks Pro 2011":

DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

 

Error: (11/05/2017 06:40:56 PM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks Pro 2011":

Connection String:CON=QBConnectionPool-Probe-QB_data_engine_21; ;DBF=C:\Users\User Account\Desktop\The ***nt *********** Company, LLC2011.qbw;ENG=QB_data_engine_21;DBN=5417337a2716455886641d3cef181c15

 

Error: (11/05/2017 06:40:56 PM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks Pro 2011":

Connection Error:Invalid user ID or password

 

Error: (11/05/2017 06:40:07 PM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks":

Returning NULL QBWinInstance Handle

 

Error: (11/05/2017 06:40:07 PM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks":

Returning NULL QBWinInstance Handle

 

Error: (11/05/2017 06:40:07 PM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks":

Returning NULL QBWinInstance Handle

 

Error: (11/05/2017 04:18:40 PM) (Source: SideBySide) (EventID: 63) (User: )

Description: Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.

The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

 

Error: (11/05/2017 04:06:03 PM) (Source: SideBySide) (EventID: 59) (User: )

Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll".Error in manifest or policy file "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll" on line 2.

Invalid Xml syntax.

 

Error: (11/05/2017 04:03:28 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Information only.

(Stream product id=0x0066): Streaming Failed

 

Error: (11/05/2017 04:02:31 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Information only.

Too many failures while down**ading ranges: 2

 

 

System errors:

=============

Error: (11/05/2017 06:07:08 PM) (Source: cdrom) (EventID: 7) (User: )

Description: The device, \Device\CdRom0, has a bad b**ck.

 

Error: (11/05/2017 06:07:01 PM) (Source: cdrom) (EventID: 7) (User: )

Description: The device, \Device\CdRom0, has a bad b**ck.

 

Error: (11/05/2017 06:06:53 PM) (Source: cdrom) (EventID: 7) (User: )

Description: The device, \Device\CdRom0, has a bad b**ck.

 

Error: (11/05/2017 06:06:46 PM) (Source: cdrom) (EventID: 7) (User: )

Description: The device, \Device\CdRom0, has a bad b**ck.

 

Error: (11/05/2017 06:06:38 PM) (Source: cdrom) (EventID: 7) (User: )

Description: The device, \Device\CdRom0, has a bad b**ck.

 

Error: (11/05/2017 06:06:31 PM) (Source: cdrom) (EventID: 7) (User: )

Description: The device, \Device\CdRom0, has a bad b**ck.

 

Error: (11/05/2017 06:06:23 PM) (Source: cdrom) (EventID: 7) (User: )

Description: The device, \Device\CdRom0, has a bad b**ck.

 

Error: (11/05/2017 06:06:16 PM) (Source: cdrom) (EventID: 7) (User: )

Description: The device, \Device\CdRom0, has a bad b**ck.

 

Error: (11/05/2017 06:06:08 PM) (Source: cdrom) (EventID: 7) (User: )

Description: The device, \Device\CdRom0, has a bad b**ck.

 

Error: (11/05/2017 03:58:38 PM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: The SQL Server (SQLEXPRESS) service terminated with service-specific error %%17058.

 

 

CodeIntegrity:

===================================

  Date: 2017-09-29 20:35:17.878

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-02-15 18:37:15.751

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-01-04 23:25:55.275

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-12-22 00:54:36.298

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-11-13 12:12:54.007

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-11-13 12:12:54.002

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-11-13 12:12:05.113

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-10-23 20:30:18.198

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-10-23 20:29:06.817

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-10-21 12:17:17.018

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info ===========================

 

Processor: Intel® Pentium® CPU P6100 @ 2.00GHz

Percentage of memory in use: 48%

Total physical RAM: 3894.85 MB

Available physical RAM: 2007.36 MB

Total Virtual: 7787.89 MB

Available Virtual: 5599.37 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:254.14 GB) (Free:28.24 GB) NTFS

Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.46 GB) NTFS

Drive f: (OFFICE11) (CDROM) (Total:0.22 GB) (Free:0 GB) CDFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 306370D0)

Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=254.1 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)

Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

 

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 polskamachina

polskamachina

  • Malware Response Team
  • 3,999 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 AM

Posted 06 November 2017 - 03:12 PM

Hi mybcun,

My name is polskamachina and I would like to :welcome: you to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.
 
I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-8 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine. Running any additional tools may detect false positives, interfere with our tools, cause unforeseen damage, or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Please give me some time to review your situation and I will get back to you with further instructions.
 
polskamachina



#3 mybcun

mybcun
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 06 November 2017 - 04:04 PM

Thank you in advance, polskamachina!!!



#4 polskamachina

polskamachina

  • Malware Response Team
  • 3,999 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 AM

Posted 06 November 2017 - 07:02 PM

You are quite welcome. :)

 

polskamachina



#5 polskamachina

polskamachina

  • Malware Response Team
  • 3,999 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 AM

Posted 08 November 2017 - 04:38 PM

Hi mybcun :)
 
Thanks for waiting.
 
You said:

Some of my programs aren't working. For example, I can't even open my Goldmine database program.

Can you please give me a complete list of programs which are not working? When you try to launch them, do you get any response at all? Please be as detailed as possible in describing your difficulties when opening a program.

Next:

I noticed you replaced the username in your logs with asterisks. This is fine with me but I think you have inadvertently affected other parts of the log which display words with the letters "LO." For example, the word download is displayed as "down**ad." Since the asterisks have a specific meaning in computer language, would you please run FRST64 again and paste the logs "as is" except for your username? I would like to suggest instead of using asterisks to replace the characters in your name that you use a pseudonym such as John Doe or some other easily recognizable name.

Next:

I would like you to install Malwarebytes Anti-Malware. The directions below may not match exactly the layout of the diagrams but they are close enough so that you should be able to follow them. Let me know if you have any questions.
  • Click here and download Malwarebytes Anti-Malware version 3.2.2.2029
  • Once downloaded, close all programs and Windows on your computer, including this one.
  • Double-click on the icon on your desktop named mb3-setup-1878.1878-3.2.2.2029.exe
  • When the installation begins, keep following the prompts in order to continue with the installation process
  • Do not make any changes to the default settings and when the program has finished installing, make sure you leave Launch Malwarebytes Anti-Malware checked. Then click on the Finish button. If MalwareBytes prompts you to reboot, please do not do so at this time
  • MBAM will now start and you will be at the main screen as shown below

malwarebytes.jpg

  • We now need to enable rootkit scanning to detect the largest amount of malware and unwanted programs that is possible with MalwareBytes. To do this, click on the Settings button on the left side of the screen and you will be brought to the general settings section
  • Now click on the Protection tab at the top of the screen. You will now be shown the settings MalwareBytes will use when scanning your computer

protection-settings.jpg

  • At this screen, please enable the Scan for rootkits setting by clicking on the toggle switch so it turns green
  • Now that you have enabled rootkit scanning, click on the Scan button to go to the scan screen

scan-screen.jpg

  • Make sure Threat Scan is selected and then click on the Start Scan button. If there is an update available for Malwarebytes it will automatically download and install it before performing the scan
  • MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you do something else and periodically check on the status of the scan to see when it is finished

scanning.jpg

  • When MBAM is finished scanning it will display a screen that displays any malware, adware, or potentially unwanted programs that it has detected. Please note that the items found may be different than what is shown in the image below due to the guide being updated for newer versions of MBAM

scan-results.jpg

  • You should now click on the Quarantine Selected button to remove all the selected items
  • MBAM will now delete all of the files and registry keys and add them to the program's quarantine
  • When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so
  • When the computer has finished restarting, open MBAM, click on Reports, and copy and paste the latest scan report into your next reply to me
In summary I will need from you:
  • FRST.txt (with pseudonym inserted if desired)
  • Addition.txt (with pseudonym inserted if desired)
  • MBAM log
  • How is your computer performing now?
Let me know if you have any questions.

polskamachina

#6 polskamachina

polskamachina

  • Malware Response Team
  • 3,999 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 AM

Posted 11 November 2017 - 05:55 PM

Hi mybcun :)

 

It's been a while since you've checked in. Did you need any more help with this? If not, this topic will be closed in 48 hours.
 
Please let me know if you have any questions.
 
polskamachina



#7 mybcun

mybcun
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 12 November 2017 - 03:00 PM

Hello Polksamachina,

 

Here are the first two logs you requested.  I'll get the other information you requested later as soon as I can.  Thanks again, Polksamachina!!!

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03

Ran by User Account (12-11-2017 13:44:11)

Running from C:\Users\User Account\Downloads

Windows 7 Home Premium Service Pack 1 (X64) (2011-06-25 02:02:48)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-841750178-498971265-2751758377-500 - Administrator - Disabled)

Guest (S-1-5-21-841750178-498971265-2751758377-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-841750178-498971265-2751758377-1004 - Limited - Enabled)

Jane (S-1-5-21-841750178-498971265-2751758377-1000 - Administrator - Enabled) => C:\Users\Jane

User Account (S-1-5-21-841750178-498971265-2751758377-1003 - Administrator - Enabled) => C:\Users\User Account

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}

AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 1.1.377 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)

Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.183 - Adobe Systems Incorporated)

Adobe Reader 9.0.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90100000001}) (Version: 9.0.1 - Adobe Systems Incorporated)

Apple Application Support (32-bit) (HKLM-x32\...\{D811A40A-9791-497C-B9DC-2D89C8E95EA1}) (Version: 6.1 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{8B47B514-F5D2-4E0D-B951-6E250618A7CD}) (Version: 6.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}) (Version: 11.0.1.2 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)

Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.0.2282.0 - Microsoft Corporation)

Bing Bar Platform (HKLM-x32\...\{77C4850C-3592-4A2F-B652-ACB77A1EF77C}) (Version: 6.0.2282.0 - Microsoft Corporation) Hidden

Bing Rewards Client Installer (HKLM-x32\...\{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}) (Version: 16.0.345.0 - Microsoft Corporation) Hidden

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Broadcom 802.11 Wireless Driver (HKLM-x32\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )

Brother HL-2040 (HKLM-x32\...\{6DA0C7EF-E4FC-4BDA-A8BA-BA0308DFF30C}) (Version: 1.00 - Brother)

Brother HL-2140 (HKLM-x32\...\{904AC23C-6F8C-482A-84CA-4A6C23ADC0CB}) (Version: 1.00 - Brother)

Cakewalk Pyro 2003 (HKLM-x32\...\Cakewalk Pyro 2003) (Version:  - )

Citrix Presentation Server Client (HKLM-x32\...\{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}) (Version: 10.200.2650 - Citrix Systems, Inc.)

CompanionLink (HKLM-x32\...\{506EA5AF-B1FF-4340-AFC5-7A3EAC61737F}) (Version: 6.00.6000 - CompanionLink Software, Inc.)

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.130.0.60 - Conexant)

Corel Update Manager (HKLM\...\{9E1EE683-0C7B-46E7-83EC-1F5A1D8F2296}) (Version: 2.3.170 - Corel corporation) Hidden

CorelDRAW Graphics Suite 2017 - Capture (x64) (HKLM\...\{AC9BB7B7-A763-43C5-9830-F3B78FDB051D}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - Common (x64) (HKLM\...\{B8C51F00-63AE-4327-A533-375CB7B6BF26}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - Connect (x64) (HKLM\...\{BD0F92AD-DFDB-4BC5-BAA5-FB27892F9483}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - Custom Data (x64) (HKLM\...\{E7975CC5-05E4-45E3-AFD3-234809F694A0}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - Draw (x64) (HKLM\...\{A16C7EEB-69CB-42A1-AD10-0E19A133D957}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - EN (x64) (HKLM\...\{DB9ECE8C-5065-4388-B70D-D137A2C03152}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - Filters (x64) (HKLM\...\{EEC42BAD-9517-450D-AF99-FA3C16D0377C}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - Font Manager (x64) (HKLM\...\{D276DE88-654E-4738-A736-6E18D12F0C34}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - IPM Content EN (x64) (HKLM\...\{D8295DBF-AFAE-4954-98E0-B07DF1853A64}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - IPM T (x64) (HKLM\...\{904B10A6-0D9C-4645-9C61-504FA92B9220}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - PHOTO-PAINT (x64) (HKLM\...\{B2D66383-4F98-4108-B6A3-F9CF8715875C}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - Redist (x64) (HKLM\...\{47865C60-4ED8-4678-B23F-C2D1C2DDC09C}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - Setup Files (x64) (HKLM\...\{07B49D5C-2AB6-4D40-8A9B-BEDA6021A7C7}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - VBA (x64) (HKLM\...\{5330DEB9-A612-4679-ACC1-D3D9C6190824}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - VideoBrowser (x64) (HKLM\...\{C451F155-26B7-48F2-8A8F-9428B4D479D2}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - Workspaces (x64) (HKLM\...\{F3EFAF0E-DF3C-4384-8A0F-90D79FEFD7F5}) (Version: 19.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 - Writing Tools (x64) (HKLM\...\{E38357D4-1B80-400F-A6D7-B4D5DD83D979}) (Version: 19.0 -  Corel Corporation) Hidden

CorelDRAW Graphics Suite 2017 (HKLM\...\{79C52519-B717-45C2-8845-E55419A8E685}) (Version: 19.0 - Corel Corporation) Hidden

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.3030 - CyberLink Corp.)

D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden

eMachineShop version 1.916 (HKLM-x32\...\eMachineShop_is1) (Version: 1.916 - )

Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.0.8 - Lenovo)

FileZilla Client 3.25.2 (HKU\S-1-5-21-841750178-498971265-2751758377-1003\...\FileZilla Client) (Version: 3.25.2 - Tim Kosse)

GDR 4033 for SQL Server 2008 R2 (KB2977320) (64-bit) (HKLM\...\KB2977320) (Version: 10.52.4033.0 - Microsoft Corporation)

GDR 4042 for SQL Server 2008 R2 (KB3045313) (64-bit) (HKLM\...\KB3045313) (Version: 10.52.4042.0 - Microsoft Corporation)

Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden

GoldMine (HKLM-x32\...\{BF044A7B-D58D-4F39-AEF5-38585C61E2C3}) (Version: 2013.1.0.298 - FrontRange Solutions USA)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.89 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden

GoTo Opener (HKLM-x32\...\{8B2D47CC-1558-4939-B27F-41E30530072A}) (Version: 1.0.467 - LogMeIn, Inc.)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)

iTunes (HKLM\...\{F2517A28-8CB8-4206-B86C-5EDD4EA26682}) (Version: 12.7.1.14 - Apple Inc.)

Jasc Paint Shop Photo Album (HKLM-x32\...\{B76D4A7F-FF11-4420-947C-C3AD624B9DBA}) (Version: 4.0.1 - Jasc Software, Inc.)

join.me (HKU\S-1-5-21-841750178-498971265-2751758377-1003\...\JoinMe) (Version: 3.2.1.5223 - LogMeIn, Inc.)

Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Lenovo DirectShare (HKLM-x32\...\{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft) Hidden

Lenovo DirectShare (HKLM-x32\...\InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft)

Lenovo EasyCamera (HKLM-x32\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 6.96.2018.21 - Lenovo EasyCamera)

Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.) Hidden

Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.)

Memorex exPressit Label Design Studio (HKLM-x32\...\MVApplication1) (Version:  - )

Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Basic Edition 2003 (HKLM-x32\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version:  - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)

Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{49860BCD-24D6-44C1-922E-AC12FE32234E}) (Version: 10.52.4042.0 - Microsoft Corporation)

Microsoft SQL Server 2008 R2 Policies (HKLM-x32\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation)

Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{B2213E4E-F502-4D36-BE95-9293C866EF3F}) (Version: 10.52.4042.0 - Microsoft Corporation)

Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)

Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM-x32\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)

Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{dd8b09df-3ef8-49f1-bd1a-65278435860b}) (Version: 14.0.23217 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

Olympus Digital Wave Player (HKLM-x32\...\{FB91E774-867B-4567-ACE7-8144EF036068}) (Version:  - )

Onekey Theater (HKLM-x32\...\{DFB19121-0609-49C1-92B1-546E5A940FE8}) (Version: 2.0.1.7 - Lenovo)

ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 2.2.4.25 - ooVoo LLC.)

Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.4809d4 - CyberLink Corp.)

QuickBooks (HKLM-x32\...\{1D70AABC-CB59-4700-A708-EA56D1CA07B0}) (Version: 21.0.4003.904 - Intuit Inc.) Hidden

QuickBooks Pro 2011 (HKLM-x32\...\{11E0AC7D-6822-4F67-865F-EE1C13D28C38}) (Version: 21.0.4003.904 - Intuit Inc.)

QuickBooks Pro Edition 2004 (HKLM-x32\...\{2b02f822-a9b9-458c-80e5-3ea8c0de8471}) (Version:  - )

QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)

Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.)

Service Pack 2 for SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)

SQL Server 2008 R2 SP2 Common Files (HKLM\...\{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden

SQL Server 2008 R2 SP2 Common Files (HKLM\...\{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden

SQL Server 2008 R2 SP2 Database Engine Services (HKLM\...\{FA7394B8-CE65-4F9E-AC99-F372AD365424}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden

SQL Server 2008 R2 SP2 Database Engine Services (HKLM\...\{FBD367D1-642F-47CF-B79B-9BE48FB34007}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden

SQL Server 2008 R2 SP2 Database Engine Shared (HKLM\...\{A2122A9C-A699-4365-ADF8-68FEAC125D61}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden

SQL Server 2008 R2 SP2 Database Engine Shared (HKLM\...\{C942A025-A840-4BF2-8987-849C0DD44574}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden

SQL Server 2008 R2 SP2 Full text search (HKLM\...\{A7E4E7DD-2099-4D58-AE31-6E0F663066DD}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden

SQL Server 2008 R2 SP2 Management Studio (HKLM\...\{51E5BC99-A087-4CFF-8D93-462903EA7E12}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden

SQL Server 2008 R2 SP2 Management Studio (HKLM\...\{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden

Sql Server Customer Experience Improvement Program (HKLM\...\{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden

SQLBackupAndFTP (HKLM-x32\...\SQLBackupAndFTP) (Version:  - )

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.25.0 - Synaptics Incorporated)

TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)

VeriFace (HKLM-x32\...\VeriFace) (Version: 3.6.0.1211 - Lenovo)

Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)

Windows Driver Package - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)

Windows Driver Package - OLYMPUS IMAGING CORP. (VNUSB) VNUSB  (09/29/2009 2.0.0.0) (HKLM\...\75BD84FDFF77342C2A347F729669CBD84CE11B04) (Version: 09/29/2009 2.0.0.0 - OLYMPUS IMAGING CORP.)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Wisdom-soft ScreenHunter 6.0 Free (HKLM-x32\...\Wisdom-soft ScreenHunter 6.0 Free) (Version:  - Wisdom Software Inc.)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-841750178-498971265-2751758377-1003_Classes\CLSID\{8C04F392-3971-4B7C-9A1E-EE4792A722F5}\InprocServer32 -> C:\Program Files (x86)\TNT2\Profiles\11083\passport64.dll => No File

ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll [2011-04-28] ()

ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)

ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)

ContextMenuHandlers3: [IkeyShlExt] -> {F1E551D1-822B-40e6-B4D8-A9B4A48AA07A} => C:\windows\system32\SimpleExt.dll [2011-04-28] ()

ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2010-03-31] (Intel Corporation)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {1245E66B-9D3D-4849-9617-7A636B9519C1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)

Task: {37ABADE2-2C96-44FF-B09D-859F43847AB6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-27] (Google Inc.)

Task: {8208CB83-A5E7-4321-A8A1-31C010525B0F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-27] (Google Inc.)

Task: {907F6815-7C67-44AA-9226-FD4495573D4C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-25] (Adobe Systems Incorporated)

Task: {9B4582DC-0186-4294-9A22-7344967E76C5} - System32\Tasks\{F5B58BE7-9D6D-4A4F-B8EF-213E1CAE127A} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.24.0.104/en/abandoninstall?source=lightinstaller&page=tsMain

Task: {AC9D3394-0F17-4086-A654-EF3DE9C43BB6} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe

Task: {D2A5F037-FF72-46D1-88B5-C24B0F9F4CA7} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)

Task: {D9FD6F88-BB4A-48C9-815C-A33FB067F933} - System32\Tasks\{0F53CEF4-98B9-46BB-BE05-C7A0C119F028} => C:\windows\system32\pcalua.exe -a G:\NTI\Setup.exe -d G:\NTI

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

 

==================== Shortcuts & WMI ========================

 

(The entries could be listed to be restored or removed.)

 

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-06-18 17:41 - 2009-11-04 12:18 - 000189440 _____ () C:\windows\system32\spool\PRTPROCS\x64\dleedrpp.dll

2017-10-18 23:51 - 2017-10-18 23:51 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2017-01-13 12:56 - 2017-01-13 12:56 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2011-04-28 12:44 - 2011-04-28 12:44 - 001502720 _____ () C:\windows\system32\IcnOvrly.dll

2017-04-30 05:19 - 2017-04-30 05:19 - 000052392 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll

2017-10-20 15:22 - 2017-10-20 15:22 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll

2017-10-20 15:22 - 2017-10-20 15:22 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll

2017-11-07 15:41 - 2017-11-05 03:12 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.89\libglesv2.dll

2017-11-07 15:41 - 2017-11-05 03:12 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.89\libegl.dll

2017-10-20 15:20 - 2017-10-20 15:20 - 000235832 _____ () C:\Program Files\iTunes\libxslt.dll

2017-10-18 23:52 - 2017-10-18 23:52 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2017-01-13 12:56 - 2017-01-13 12:56 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2017-09-30 19:24 - 2017-09-30 19:24 - 000170496 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\a1c366bd9a6dd80d5b3c4d759fdf9a0a\IsdiInterop.ni.dll

2011-04-28 12:02 - 2010-03-03 14:08 - 000058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2010-09-30 17:51 - 2010-09-30 17:51 - 000268064 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll

2010-09-30 17:51 - 2010-09-30 17:51 - 000020256 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBCompressor.dll

2005-07-19 23:18 - 2005-07-19 23:18 - 000059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\zlib1.dll

2010-09-30 17:51 - 2010-09-30 17:51 - 000337184 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\BackupLib.dll

2010-09-30 17:51 - 2010-09-30 17:51 - 000124704 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBMAPILibrary.dll

2010-09-30 17:51 - 2010-09-30 17:51 - 000175904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll

2010-09-30 17:51 - 2010-09-30 17:51 - 000041248 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\mbpopup.dll

2010-09-30 17:51 - 2010-09-30 17:51 - 000068896 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\IPDWidgetBridge.dll

2010-09-30 17:51 - 2010-09-30 17:51 - 000092448 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\IPDWidgetInterop.dll

2010-09-30 17:51 - 2010-09-30 17:51 - 000057120 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\htmlhelper.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 20:34 - 2017-08-04 12:29 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-841750178-498971265-2751758377-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\User Account\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.5.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Device Detector 2.lnk => C:\windows\pss\Device Detector 2.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\windows\pss\Intuit Data Protect.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\windows\pss\QuickBooks_Standard_21.lnk.CommonStartup

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: BrStsWnd => C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun

MSCONFIG\startupreg: cAudioFilterAgent => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe

MSCONFIG\startupreg: Chromium => c:\users\user account\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session

MSCONFIG\startupreg: Energy Management => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

MSCONFIG\startupreg: EnergyUtility => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe

MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe

MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

MSCONFIG\startupreg: OnekeyStudio => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe

MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"

MSCONFIG\startupreg: UpdateP2GShortCut => "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

MSCONFIG\startupreg: Web Companion => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize --restore-last-session

MSCONFIG\startupreg: YouCam Mirror Tray icon => "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{FCF5E484-5030-45AC-BB6A-45053FBDA306}] => (Allow) C:\Users\User Account\AppData\Local\iLivid\iLivid.exe

FirewallRules: [{D92E2B90-70BF-41BF-B0C9-7A8147B7C633}] => (Allow) C:\Users\User Account\AppData\Local\iLivid\iLivid.exe

FirewallRules: [{DD599FD8-F1A7-4B8B-8B99-254AF00DF254}] => (Allow) C:\Users\User Account\AppData\Local\iLivid\iLivid.exe

FirewallRules: [{8F3E0945-A1B6-4148-B1D1-8180686DCCCB}] => (Allow) C:\Users\User Account\AppData\Local\iLivid\iLivid.exe

FirewallRules: [{9DB9EA98-46FA-4D6A-B5BA-F1DEFE304D6F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

FirewallRules: [{78AFA655-9E15-4741-932E-A9415B96F1E7}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

FirewallRules: [{F3BC9877-37F1-424F-82BD-607E60A4E492}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

FirewallRules: [{BD87AEAD-C5DC-4419-A8A0-9D841BD7FD92}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

FirewallRules: [{C003C618-80BC-4BAA-BB60-FE9D88FE45D0}] => (Allow) C:\windows\system32\dleecoms.exe

FirewallRules: [TCP Query User{5BE7E736-6AA6-41DB-9DCB-8B1151230376}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe

FirewallRules: [UDP Query User{3DA29734-E55E-49D1-94F2-33164E30386A}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe

FirewallRules: [{18C28282-1877-4078-B5BA-5E5B13F532BC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [TCP Query User{2CD41C4C-01EE-4D3F-BB4C-B7266324DBFD}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe

FirewallRules: [UDP Query User{DA761CB4-7F10-407A-B66A-17CB6CF4EE3D}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe

FirewallRules: [{6EE8E1E0-3291-4B37-98DE-85C5A6B37219}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{A831DFC3-1AB8-4576-941C-22FCE00E3BD2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{B3582B47-AE33-41E2-BECB-8367E8D51483}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{88415435-5378-4A96-86F0-69769CDE837D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{0F412A46-445D-4E79-BD02-E38E39DF7996}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite 2017\Programs64\CorelDrw.exe

FirewallRules: [{526DED6B-F016-4D59-BAC0-DEF17F45B04F}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite 2017\Programs64\CorelPP.exe

FirewallRules: [{01522CB9-1CDD-4EC9-93A6-E9D371B1C2EE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{01BB23E6-FB9E-48FD-9476-EB2F1E0600F1}] => (Allow) C:\Program Files\iTunes\iTunes.exe

 

==================== Restore Points =========================

 

01-11-2017 12:58:17 Removed Microsoft Office Home and Student 2010

02-11-2017 11:49:31 Installed Microsoft Office Basic Edition 2003

03-11-2017 09:29:57 Windows Update

04-11-2017 08:42:52 Windows Update

04-11-2017 18:53:29 Windows Update

07-11-2017 12:59:20 Windows Update

07-11-2017 13:48:05 Windows Update

07-11-2017 15:49:03 Windows Update

10-11-2017 14:18:44 Installed iTunes

11-11-2017 13:20:37 Windows Update

 

==================== Faulty Device Manager Devices =============

 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft Teredo Tunneling Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (11/12/2017 12:50:27 PM) (Source: SideBySide) (EventID: 63) (User: )

Description: Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.

The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

 

Error: (11/12/2017 12:46:20 PM) (Source: SideBySide) (EventID: 59) (User: )

Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll".Error in manifest or policy file "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll" on line 2.

Invalid Xml syntax.

 

Error: (11/12/2017 12:41:18 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Information only.

(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

 

Error: (11/12/2017 12:40:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 79910482

 

Error: (11/12/2017 12:40:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 79910482

 

Error: (11/12/2017 12:40:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (11/12/2017 12:40:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 79909484

 

Error: (11/12/2017 12:40:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 79909484

 

Error: (11/12/2017 12:40:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (11/12/2017 12:40:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 79908376

 

 

System errors:

=============

Error: (11/10/2017 02:57:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

 

Error: (11/10/2017 02:56:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

 

Error: (11/10/2017 02:55:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

 

Error: (11/10/2017 02:54:26 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The Security Center service hung on starting.

 

Error: (11/10/2017 02:54:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

 

Error: (11/10/2017 02:53:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

 

Error: (11/10/2017 02:52:24 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The Intel® Management & Security Application User Notification Service service hung on starting.

 

Error: (11/10/2017 02:50:11 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The Function Discovery Resource Publication service hung on starting.

 

Error: (11/10/2017 02:43:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the QBCFMonitorService service to connect.

 

Error: (11/10/2017 02:43:00 PM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: The SQL Server (SQLEXPRESS) service terminated with service-specific error %%17058.

 

 

CodeIntegrity:

===================================

  Date: 2017-09-29 20:35:17.878

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-02-15 18:37:15.751

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-01-04 23:25:55.275

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-12-22 00:54:36.298

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-11-13 12:12:54.007

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-11-13 12:12:54.002

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-11-13 12:12:05.113

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-10-23 20:30:18.198

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-10-23 20:29:06.817

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-10-21 12:17:17.018

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info ===========================

 

Processor: Intel® Pentium® CPU P6100 @ 2.00GHz

Percentage of memory in use: 73%

Total physical RAM: 3894.85 MB

Available physical RAM: 1039.86 MB

Total Virtual: 7787.89 MB

Available Virtual: 3955.45 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:254.14 GB) (Free:7.47 GB) NTFS

Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.36 GB) NTFS

Drive f: (OFFICE11) (CDROM) (Total:0.22 GB) (Free:0 GB) CDFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 306370D0)

Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=254.1 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)

Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

 

==================== End of Addition.txt ============================

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2017 03

Ran by User Account (administrator) on LENOVA (12-11-2017 13:43:24)

Running from C:\Users\User Account\Downloads

Loaded Profiles: User Account (Available Profiles: Jane & User Account)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

( ) C:\Windows\System32\dleecoms.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE

(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2011\QBHelp.exe

(Apple Inc.) C:\Program Files\iTunes\iTunes.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE

(Microsoft Corporation) C:\Windows\splwow64.exe

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-841750178-498971265-2751758377-1003\...\MountPoints2: {f68c4ecb-71c1-11e0-83bc-806e6f6e6963} - F:\SETUP.EXE /AUTORUN

HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2014-12-22] (Microsoft Corporation)

GroupPolicy: Restriction - Chrome <==== ATTENTION

GroupPolicy\User: Restriction <==== ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.5.1

Tcpip\..\Interfaces\{A811259D-7D56-47E3-8E32-2D8D5567608E}: [DhcpNameServer] 192.168.5.1

Tcpip\..\Interfaces\{B2DAE0FE-DF5C-4764-8489-2E22C6ABEA71}: [DhcpNameServer] 192.168.5.1

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ytd_17_31&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEtD0BtAyDyC0EtAtCtA0DtN0D0Tzu0StBtDyEtCtN1L2XzuyEtFtCtDtFtDtFyDtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyC0FzyyCyByDtBtBtGtCtDtDtBtG0FyDzy0AtGtA0Dzy0EtGzztCtAyCtB0CyC0C0AtDtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyEyD1Q1TyD1T1TtGtC1T1TtCtGyE1P1O1PtG1StBtCzztG1Q1OtBzyyB1SyDtC1RzztDtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAyCyDtAtN1Q2Z1B1P1RzutCyDtDtCyBzyzzyEyCyD%26cr%3D1767014744%26a%3Dwbf_ytd_17_31%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ytd_17_31&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEtD0BtAyDyC0EtAtCtA0DtN0D0Tzu0StBtDyEtCtN1L2XzuyEtFtCtDtFtDtFyDtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyC0FzyyCyByDtBtBtGtCtDtDtBtG0FyDzy0AtGtA0Dzy0EtGzztCtAyCtB0CyC0C0AtDtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyEyD1Q1TyD1T1TtGtC1T1TtCtGyE1P1O1PtG1StBtCzztG1Q1OtBzyyB1SyDtC1RzztDtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAyCyDtAtN1Q2Z1B1P1RzutCyDtDtCyBzyzzyEyCyD%26cr%3D1767014744%26a%3Dwbf_ytd_17_31%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

SearchScopes: HKLM -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL =

SearchScopes: HKLM -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ytd_17_31&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEtD0BtAyDyC0EtAtCtA0DtN0D0Tzu0StBtDyEtCtN1L2XzuyEtFtCtDtFtDtFyDtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyC0FzyyCyByDtBtBtGtCtDtDtBtG0FyDzy0AtGtA0Dzy0EtGzztCtAyCtB0CyC0C0AtDtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyEyD1Q1TyD1T1TtGtC1T1TtCtGyE1P1O1PtG1StBtCzztG1Q1OtBzyyB1SyDtC1RzztDtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAyCyDtAtN1Q2Z1B1P1RzutCyDtDtCyBzyzzyEyCyD%26cr%3D1767014744%26a%3Dwbf_ytd_17_31%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}

SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ytd_17_27&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEtD0BtAyDyC0EtAtCtA0DtN0D0Tzu0StBtDtCyDtN1L2XzutAtFtBzytFtAtFzztAtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtD0DyDyCyBtDtDtGyC0B0FzytGyCtC0EtAtGtAtDyDtAtGzyyB0DzztD0E0BtCzyzytA0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0AyEtCtBtA0E0EtGzz0AyC0DtGyE0FtD0CtGzy0D0EtCtGtCzzyCyEzytDyDzyzztBzzzy2QtN0A0LzutB%26cr%3D977900038%26a%3Dwbf_ytd_17_27%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ytd_17_27&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEtD0BtAyDyC0EtAtCtA0DtN0D0Tzu0StBtDtCyDtN1L2XzutAtFtBzytFtAtFzztAtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtD0DyDyCyBtDtDtGyC0B0FzytGyCtC0EtAtGtAtDyDtAtGzyyB0DzztD0E0BtCzyzytA0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0AyEtCtBtA0E0EtGzz0AyC0DtGyE0FtD0CtGzy0D0EtCtGtCzzyCyEzytDyDzyzztBzzzy2QtN0A0LzutB%26cr%3D977900038%26a%3Dwbf_ytd_17_27%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ytd_17_27&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEtD0BtAyDyC0EtAtCtA0DtN0D0Tzu0StBtDtCyDtN1L2XzutAtFtBzytFtAtFzztAtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtD0DyDyCyBtDtDtGyC0B0FzytGyCtC0EtAtGtAtDyDtAtGzyyB0DzztD0E0BtCzyzytA0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0AyEtCtBtA0E0EtGzz0AyC0DtGyE0FtD0CtGzy0D0EtCtGtCzzyCyEzytDyDzyzztBzzzy2QtN0A0LzutB%26cr%3D977900038%26a%3Dwbf_ytd_17_27%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}

SearchScopes: HKLM-x32 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ytd_17_31&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEtD0BtAyDyC0EtAtCtA0DtN0D0Tzu0StBtDyEtCtN1L2XzuyEtFtCtDtFtDtFyDtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyC0FzyyCyByDtBtBtGtCtDtDtBtG0FyDzy0AtGtA0Dzy0EtGzztCtAyCtB0CyC0C0AtDtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyEyD1Q1TyD1T1TtGtC1T1TtCtGyE1P1O1PtG1StBtCzztG1Q1OtBzyyB1SyDtC1RzztDtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAyCyDtAtN1Q2Z1B1P1RzutCyDtDtCyBzyzzyEyCyD%26cr%3D1767014744%26a%3Dwbf_ytd_17_31%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}

SearchScopes: HKLM-x32 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

SearchScopes: HKU\.DEFAULT -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL =

SearchScopes: HKU\S-1-5-21-841750178-498971265-2751758377-1003 -> {93FA4593-19F7-4A0E-B3E2-4293BF144411} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=407453&p={searchTerms}

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)

BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27] (Microsoft Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)

BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll => No File

Toolbar: HKLM - FindWide Toolbar - {8C04F392-3971-4B7C-9A1E-EE4792A722F5} - C:\Program Files (x86)\TNT2\Profiles\11083\passport64.dll No File

Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll No File

Toolbar: HKU\S-1-5-21-841750178-498971265-2751758377-1003 -> FindWide Toolbar - {8C04F392-3971-4B7C-9A1E-EE4792A722F5} - C:\Program Files (x86)\TNT2\Profiles\11083\passport64.dll No File

DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll [2016-11-14] (Intuit, Inc.)

Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

 

FireFox:

========

FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox => not found

FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension

FF Extension: (Search Helper Extension) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2013-01-19] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension

FF Extension: (Default Manager) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2013-01-19] [not signed]

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [No File]

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll [No File]

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-22] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

 

Chrome:

=======

CHR DefaultSearchURL: Default -> hxxp://search.searchtcn.com/s?remove=remove&query={searchTerms}

CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}

CHR Profile: C:\Users\User Account\AppData\Local\Google\Chrome\User Data\Default [2017-11-12]

CHR Extension: (Slides) - C:\Users\User Account\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-21]

CHR Extension: (Docs) - C:\Users\User Account\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-21]

CHR Extension: (Google Drive) - C:\Users\User Account\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-27]

CHR Extension: (YouTube) - C:\Users\User Account\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-27]

CHR Extension: (Sheets) - C:\Users\User Account\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-21]

CHR Extension: (Google Docs Offline) - C:\Users\User Account\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-28]

CHR Extension: (Chrome Web Store Payments) - C:\Users\User Account\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-27]

CHR Extension: (Tube World) - C:\Users\User Account\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknbbfglleniifhfokkamioogejffnfc [2017-08-27]

CHR Extension: (Gmail) - C:\Users\User Account\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-27]

CHR Extension: (Chrome Media Router) - C:\Users\User Account\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-09]

CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

CHR HKU\S-1-5-21-841750178-498971265-2751758377-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oknbbfglleniifhfokkamioogejffnfc] - hxxps://clients2.google.com/service/update2/crx

CHR HKU\S-1-5-21-841750178-498971265-2751758377-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)

R2 dlee_device; C:\windows\system32\dleecoms.exe [1052328 2010-05-21] ( )

S2 GearSecurity; C:\Windows\SysWOW64\gearsec.exe [61440 2002-12-16] (GEAR Software) [File not signed]

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)

S2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62382256 2015-03-29] (Microsoft Corporation)

S3 MSSQLFDLauncher$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [42168 2015-03-29] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)

R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)

S2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2010-09-30] (Intuit) [File not signed]

S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]

R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2016-11-14] (Intuit Inc.) [File not signed]

S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [442536 2015-03-29] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 GearAspiWDM; C:\Windows\SysWOW64\drivers\gearaspiwdm.sys [9184 2002-12-16] (GEAR Software) [File not signed]

R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)

R1 MpKsl2a4042ff; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{94B38DC9-4F58-4E28-AA1D-8D1CB119AB01}\MpKsl2a4042ff.sys [58120 2017-11-11] (Microsoft Corporation)

R3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)

S3 RimUsb; C:\windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)

S4 RsFx0153; C:\windows\System32\DRIVERS\RsFx0153.sys [322736 2015-03-29] (Microsoft Corporation)

U3 BcmSqlStartupSvc; no ImagePath

U3 IGRS; no ImagePath

U2 IviRegMgr; no ImagePath

S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]

U2 ReadyComm.DirectRouter; no ImagePath

U2 RichVideo; no ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-11-12 13:12 - 2017-11-12 13:12 - 000000000 ____D C:\Users\User Account\Downloads\FRST-OlderVersion

2017-11-10 15:44 - 2017-11-10 15:48 - 000000000 ____D C:\windows\rescache

2017-11-10 14:33 - 2017-11-10 14:33 - 000001707 _____ C:\Users\Public\Desktop\iTunes.lnk

2017-11-10 14:33 - 2017-11-10 14:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2017-11-10 14:32 - 2017-11-10 14:33 - 000000000 ____D C:\Program Files\iTunes

2017-11-10 14:18 - 2017-11-10 14:18 - 000000000 ____D C:\windows\System32\Tasks\Apple

2017-11-10 14:18 - 2017-11-10 14:18 - 000000000 ____D C:\Program Files (x86)\Apple Software Update

2017-11-10 13:42 - 2017-11-10 14:11 - 261135176 _____ (Apple Inc.) C:\Users\User Account\Downloads\iTunes64Setup.exe

2017-11-05 19:33 - 2017-11-12 13:18 - 000041910 _____ C:\Users\User Account\Downloads\Addition.txt

2017-11-05 19:29 - 2017-11-12 13:43 - 000021100 _____ C:\Users\User Account\Downloads\FRST.txt

2017-11-05 19:23 - 2017-11-12 13:43 - 000000000 ____D C:\FRST

2017-11-05 19:22 - 2017-11-12 13:12 - 002392576 _____ (Farbar) C:\Users\User Account\Downloads\FRST64.exe

2017-11-04 18:38 - 2017-11-11 14:22 - 000000374 _____ C:\Users\User Account\Desktop\The John Doe Company, LLC2011.qbw.ND

2017-11-04 18:37 - 2017-11-11 14:22 - 000589824 ____R C:\Users\User Account\Desktop\The John Doe Company, LLC2011.QBW.TLG

2017-11-04 12:19 - 2017-11-04 18:52 - 000000000 ____D C:\Users\User Account\AppData\Roaming\SoftGrid Client

2017-11-04 12:19 - 2017-11-04 12:19 - 000000000 ____D C:\Users\User Account\AppData\Local\SoftGrid Client

2017-11-03 20:35 - 2017-11-03 20:39 - 000000000 ____D C:\Users\User Account\Documents\SQL Server Management Studio

2017-11-03 20:12 - 2017-11-03 20:16 - 000000000 ____D C:\GMBU

2017-11-02 11:59 - 2017-11-02 12:00 - 000000376 _____ C:\windows\ODBC.INI

2017-11-02 11:56 - 2017-11-04 18:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

2017-11-02 11:56 - 2017-11-02 11:56 - 000000000 ____D C:\Program Files (x86)\Microsoft ActiveSync

2017-11-02 11:46 - 2017-11-02 11:46 - 000000000 __RHD C:\MSOCache

2017-11-01 12:46 - 2017-11-01 12:49 - 000000000 ____D C:\AdwCleaner

2017-11-01 12:46 - 2017-10-07 11:40 - 008250832 _____ (Malwarebytes) C:\Users\User Account\Desktop\adwcleaner_7.0.3.1.exe

2017-11-01 12:40 - 2017-11-01 12:40 - 000000000 ____D C:\windows\pss

2017-11-01 12:38 - 2017-11-01 12:39 - 000160858 _____ C:\windows\ntbtlog.txt

2017-11-01 12:29 - 2017-11-01 12:29 - 000000017 _____ C:\Users\User Account\AppData\Local\resmon.resmoncfg

2017-10-31 13:11 - 2017-10-31 13:11 - 000000000 ____D C:\Program Files\SQL Server Management Studio

2017-10-30 16:00 - 2017-10-30 16:00 - 126925120 ____C (Microsoft Corporation) C:\windows\system32\MRT-KB890830.exe

2017-10-27 19:44 - 2017-11-11 14:22 - 032555008 ____R C:\Users\User Account\Desktop\The John Doe Company, LLC2011.qbw

2017-10-25 17:57 - 2017-10-25 17:58 - 005250048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe

2017-10-23 14:45 - 2017-10-23 14:45 - 000075159 _____ C:\Users\User Account\Desktop\20171020151640642.pdf

2017-10-21 18:13 - 2017-10-20 15:45 - 000009470 _____ C:\Users\User Account\Desktop\St. Louis Association of Realtors Gala  JOB #9-310988 (revised 10-20-17).pdf

2017-10-21 17:13 - 2017-10-21 17:13 - 000000000 ____D C:\Users\User Account\Documents\Joy Spiegel

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-11-12 13:12 - 2009-07-13 22:45 - 000019520 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2017-11-12 13:12 - 2009-07-13 22:45 - 000019520 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-11-12 12:44 - 2009-07-13 23:13 - 000877036 _____ C:\windows\system32\PerfStringBackup.INI

2017-11-12 12:44 - 2009-07-13 21:20 - 000000000 ____D C:\windows\inf

2017-11-10 14:41 - 2009-07-13 23:08 - 000000006 ____H C:\windows\Tasks\SA.DAT

2017-11-10 14:33 - 2012-12-25 20:43 - 000000000 ____D C:\Program Files\iPod

2017-11-10 14:18 - 2011-10-22 16:14 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2017-11-10 13:38 - 2016-11-05 11:39 - 000000000 ____D C:\Users\User Account\Desktop\For Other Storage Locations

2017-11-10 13:37 - 2014-02-10 21:40 - 000000000 ____D C:\Users\User Account\AppData\Roaming\vlc

2017-11-07 15:41 - 2016-03-27 18:21 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2017-11-07 15:41 - 2016-03-27 18:21 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2017-11-04 18:59 - 2009-07-13 20:34 - 000000625 _____ C:\windows\win.ini

2017-11-04 09:05 - 2009-07-13 22:45 - 000475680 _____ C:\windows\system32\FNTCACHE.DAT

2017-11-03 20:48 - 2009-07-13 21:20 - 000000000 ____D C:\windows\registration

2017-11-02 14:55 - 2013-07-02 21:40 - 000136248 _____ C:\Users\User Account\AppData\Local\GDIPFONTCACHEV1.DAT

2017-11-02 11:56 - 2011-04-28 12:36 - 000000000 ____D C:\Program Files (x86)\Microsoft Office

2017-11-02 11:56 - 2009-07-29 01:23 - 000000000 ____D C:\windows\ShellNew

2017-11-02 11:46 - 2009-07-13 21:20 - 000000000 ____D C:\windows\system

2017-11-01 13:11 - 2013-07-02 21:40 - 000000000 ____D C:\Users\User Account

2017-11-01 12:37 - 2011-07-04 11:27 - 000000481 _____ C:\windows\Brownie.ini

2017-11-01 12:35 - 2016-06-15 20:20 - 000000000 ____D C:\Users\User Account\AppData\Roaming\Skype

2017-11-01 12:25 - 2011-04-28 12:44 - 000000000 ____D C:\ProgramData\VeriFace

2017-10-31 16:09 - 2014-07-22 14:34 - 000000000 ____D C:\Program Files\Microsoft SQL Server

2017-10-30 16:13 - 2013-08-16 17:35 - 000000000 ____D C:\windows\system32\MRT

2017-10-30 16:00 - 2011-07-06 06:58 - 126925120 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe

2017-10-27 19:24 - 2009-07-13 21:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared

2017-10-27 19:23 - 2012-12-25 20:42 - 000000000 ____D C:\Program Files\Common Files\Apple

2017-10-27 19:22 - 2017-03-13 21:34 - 000000000 ____D C:\Program Files\Bonjour

2017-10-27 14:02 - 2017-08-07 19:18 - 000000000 ____D C:\Users\User Account\AppData\Roaming\dvdcss

2017-10-25 18:01 - 2013-10-21 16:04 - 000004312 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater

2017-10-25 18:00 - 2013-10-21 16:04 - 000803328 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2017-10-25 18:00 - 2013-10-21 16:04 - 000144896 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2017-10-25 18:00 - 2013-10-21 16:04 - 000000000 ____D C:\windows\system32\Macromed

2017-10-25 17:58 - 2011-04-28 12:48 - 000000000 ____D C:\windows\SysWOW64\Macromed

2017-10-23 13:04 - 2011-07-04 11:29 - 000000426 _____ C:\windows\BRWMARK.INI

2017-10-21 17:16 - 2016-11-12 14:27 - 000000000 ____D C:\Users\User Account\Documents\St. Dominic High School

2017-10-21 17:14 - 2017-10-04 19:30 - 000000000 ____D C:\Users\User Account\Documents\Ballpark Village

2017-10-20 12:27 - 2016-11-12 14:24 - 000000000 ____D C:\Users\User Account\Documents\1WIP

 

==================== Files in the root of some directories =======

 

2015-02-20 20:31 - 2015-05-29 23:19 - 000000127 _____ () C:\Users\User Account\AppData\Roaming\WB.CFG

2015-02-20 19:39 - 2015-02-20 19:39 - 000000088 _____ () C:\Users\User Account\AppData\Local\3b4ed08360f69378a008d7560300e9e2

2015-02-26 12:52 - 2015-02-26 12:52 - 000000010 _____ () C:\Users\User Account\AppData\Local\DSI.DAT

2017-06-12 00:32 - 2017-06-12 00:32 - 000001565 _____ () C:\Users\User Account\AppData\Local\recently-used.xbel

2017-11-01 12:29 - 2017-11-01 12:29 - 000000017 _____ () C:\Users\User Account\AppData\Local\resmon.resmoncfg

2015-06-18 17:34 - 2015-06-18 18:10 - 000000518 _____ () C:\ProgramData\dleescan.log

2011-04-28 12:37 - 2011-06-24 19:57 - 000000235 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

 

Some files in TEMP:

====================

2012-04-26 18:10 - 2012-04-26 18:10 - 000000000 _____ () C:\Users\Jane\AppData\Local\Temp\haidctqk.dll

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\windows\system32\winlogon.exe => File is digitally signed

C:\windows\system32\wininit.exe => File is digitally signed

C:\windows\SysWOW64\wininit.exe => File is digitally signed

C:\windows\explorer.exe => File is digitally signed

C:\windows\SysWOW64\explorer.exe => File is digitally signed

C:\windows\system32\svchost.exe => File is digitally signed

C:\windows\SysWOW64\svchost.exe => File is digitally signed

C:\windows\system32\services.exe => File is digitally signed

C:\windows\system32\User32.dll => File is digitally signed

C:\windows\SysWOW64\User32.dll => File is digitally signed

C:\windows\system32\userinit.exe => File is digitally signed

C:\windows\SysWOW64\userinit.exe => File is digitally signed

C:\windows\system32\rpcss.dll => File is digitally signed

C:\windows\system32\dnsapi.dll => File is digitally signed

C:\windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2017-11-10 15:37

 

==================== End of FRST.txt ============================



#8 polskamachina

polskamachina

  • Malware Response Team
  • 3,999 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 AM

Posted 13 November 2017 - 02:34 PM

Hi mybcun :)
 
Good job with the FRST logs. Please do copy and paste your MBAM log as well. Just as important, please reply to my previous inquiry:

Can you please give me a complete list of programs which are not working? When you try to launch them, do you get any response at all? Please be as detailed as possible in describing your difficulties when opening a program.

Also make sure you respond with a new post, do not edit your previous post.
 
In summary I will need from you:

  • MBAM log
  • Details about what is or is not happening when you try to open a program

Let me know if you have any questions.
 
polskamachina



#9 polskamachina

polskamachina

  • Malware Response Team
  • 3,999 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 AM

Posted 16 November 2017 - 03:40 PM

Hi mybcun :)
 
It's been a while since you've checked in. Did you need any more help with this? If not, this topic will be closed in 48 hours.
 
Please let me know if you have any questions.
 
polskamachina



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,379 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:59 AM

Posted 18 November 2017 - 08:55 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,379 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:59 AM

Posted 20 November 2017 - 08:07 PM

This topic has been re-opened at the request of the person who originally posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#12 mybcun

mybcun
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 22 November 2017 - 03:20 PM

Polksamachina,

 

Thanks for  your patience!  Here is my Malwarebytes log:

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 11/13/17
Scan Time: 2:44 PM
Log File: 63f7ae5e-c8b3-11e7-b71b-b870f40b356e.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3247
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: lenova\User Account
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 410318
Threats Detected: 44
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 36 min, 4 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 25
PUP.Optional.Spigot, HKU\S-1-5-21-841750178-498971265-2751758377-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{93FA4593-19F7-4A0E-B3E2-4293BF144411}, No Action By User, [648], [243431],1.0.3247
PUP.Optional.SafeSearch.ShrtCln, HKU\S-1-5-21-841750178-498971265-2751758377-1003_Classes\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, No Action By User, [1888], [248763],1.0.3247
PUP.Optional.SafeSearch.ShrtCln, HKU\S-1-5-21-841750178-498971265-2751758377-1003_Classes\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BA1BE292-1D15-488B-934D-008742212380}, No Action By User, [1888], [248763],1.0.3247
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ, No Action By User, [528], [183362],1.0.3247
PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ, No Action By User, [528], [183362],1.0.3247
PUP.Optional.SearchManager, HKU\S-1-5-21-841750178-498971265-2751758377-1003\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, No Action By User, [528], [183362],1.0.3247
PUP.Optional.WinYahoo, HKU\S-1-5-21-841750178-498971265-2751758377-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0CE02FFA-A6B0-46F6-BA2F-BD32C3630126}, No Action By User, [63], [182758],1.0.3247
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0CE02FFA-A6B0-46F6-BA2F-BD32C3630126}, No Action By User, [63], [182758],1.0.3247
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0CE02FFA-A6B0-46F6-BA2F-BD32C3630126}, No Action By User, [63], [182758],1.0.3247
PUP.Optional.WinYahoo, HKU\S-1-5-21-841750178-498971265-2751758377-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2211D4A5-48D0-47F5-A7CD-81E861470F7F}, No Action By User, [63], [182758],1.0.3247
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2211D4A5-48D0-47F5-A7CD-81E861470F7F}, No Action By User, [63], [182758],1.0.3247
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}, No Action By User, [63], [182758],1.0.3247
PUP.Optional.WinYahoo, HKU\S-1-5-21-841750178-498971265-2751758377-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, No Action By User, [63], [182758],1.0.3247
PUP.Optional.WinYahoo, HKU\S-1-5-21-841750178-498971265-2751758377-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, No Action By User, [63], [182758],1.0.3247
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, No Action By User, [63], [182758],1.0.3247
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, No Action By User, [63], [182758],1.0.3247
PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Update gate snapper, No Action By User, [39], [253987],1.0.3247
PUP.Optional.Yontoo, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME, No Action By User, [39], [-1],0.0.0
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME, No Action By User, [39], [-1],0.0.0
PUP.Optional.SafeSearch, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{17189BF4-937C-32B1-9FEF-678D99FCD5AC}, No Action By User, [1180], [169252],1.0.3247
PUP.Optional.SafeSearch, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{17189BF4-937C-32B1-9FEF-678D99FCD5AC}, No Action By User, [1180], [169252],1.0.3247
PUP.Optional.SafeSearch, HKLM\SOFTWARE\CLASSES\CLSID\{17189BF4-937C-32B1-9FEF-678D99FCD5AC}, No Action By User, [1180], [169252],1.0.3247
PUP.Optional.SafeSearch, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{424C7C0E-32E9-3F18-B6E0-C88DC2CF309B}, No Action By User, [1180], [169253],1.0.3247
PUP.Optional.SafeSearch, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{424C7C0E-32E9-3F18-B6E0-C88DC2CF309B}, No Action By User, [1180], [169253],1.0.3247
PUP.Optional.SafeSearch, HKLM\SOFTWARE\CLASSES\CLSID\{424C7C0E-32E9-3F18-B6E0-C88DC2CF309B}, No Action By User, [1180], [169253],1.0.3247
 
Registry Value: 11
PUP.Optional.Spigot, HKU\S-1-5-21-841750178-498971265-2751758377-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{93FA4593-19F7-4A0E-B3E2-4293BF144411}|URL, No Action By User, [648], [243431],1.0.3247
PUP.Optional.SafeSearch.ShrtCln, HKU\S-1-5-21-841750178-498971265-2751758377-1003_Classes\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FAVICONPATH, No Action By User, [1888], [248763],1.0.3247
PUP.Optional.SafeSearch.ShrtCln, HKU\S-1-5-21-841750178-498971265-2751758377-1003_Classes\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FAVICONURLFALLBACK, No Action By User, [1888], [248763],1.0.3247
PUP.Optional.SafeSearch.ShrtCln, HKU\S-1-5-21-841750178-498971265-2751758377-1003_Classes\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURLFALLBACK, No Action By User, [1888], [248763],1.0.3247
PUP.Optional.SafeSearch.ShrtCln, HKU\S-1-5-21-841750178-498971265-2751758377-1003_Classes\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, No Action By User, [1888], [248763],1.0.3247
PUP.Optional.SafeSearch.ShrtCln, HKU\S-1-5-21-841750178-498971265-2751758377-1003_Classes\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BA1BE292-1D15-488B-934D-008742212380}|FAVICONURL, No Action By User, [1888], [248763],1.0.3247
PUP.Optional.SafeSearch.ShrtCln, HKU\S-1-5-21-841750178-498971265-2751758377-1003_Classes\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BA1BE292-1D15-488B-934D-008742212380}|URL, No Action By User, [1888], [248763],1.0.3247
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0CE02FFA-A6B0-46F6-BA2F-BD32C3630126}|URL, No Action By User, [63], [182758],1.0.3247
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}|URL, No Action By User, [63], [182758],1.0.3247
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, No Action By User, [63], [182758],1.0.3247
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0CE02FFA-A6B0-46F6-BA2F-BD32C3630126}|URL, No Action By User, [63], [182758],1.0.3247
 
Registry Data: 2
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, No Action By User, [63], [293461],1.0.3247
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, No Action By User, [63], [293461],1.0.3247
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 6
PUP.Optional.SearchManager, C:\USERS\USER ACCOUNT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, [528], [183362],1.0.3247
PUP.Optional.Yontoo, C:\PROGRAMDATA\NTUSER.POL, No Action By User, [39], [-1],0.0.0
PUP.Optional.Yontoo, C:\USERS\USER ACCOUNT\NTUSER.POL, No Action By User, [39], [-1],0.0.0
PUP.Optional.Yontoo, C:\WINDOWS\SYSTEM32\GROUPPOLICY\USER\REGISTRY.POL, No Action By User, [39], [-1],0.0.0
PUP.Optional.Yontoo, C:\WINDOWS\SYSTEM32\GROUPPOLICY\MACHINE\REGISTRY.POL, No Action By User, [39], [-1],0.0.0
PUP.Optional.BundleInstaller, C:\USERS\USER ACCOUNT\DOWNLOADS\VLC-2.1.3-WIN32.EXE, No Action By User, [20], [425688],1.0.3247
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#13 polskamachina

polskamachina

  • Malware Response Team
  • 3,999 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 AM

Posted 24 November 2017 - 12:29 AM

Hi mybcun,
 
Good job with the MBAM scan. :thumbup2: I would like you to rerun MBAM but this time when the scan has finished, please quarantine all the found objects.
 
Next:
 
I still need to know which programs aren't running. Also, please tell me in detail what is, or what is not happening when you try to open these programs.
 
In summary I will need from you:

  • MBAM log
  • Details about which programs aren't running and what happens after you try and launch them

Let me know if you have any questions.
 
polskamachina



#14 polskamachina

polskamachina

  • Malware Response Team
  • 3,999 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 AM

Posted 27 November 2017 - 12:38 AM

Hi mybcun :)
 
It's been a while since you've checked in. Did you need any more help with this? If not, this topic will be closed in 48 hours.
 
Please let me know if you have any questions.
 
polskamachina



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,379 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:59 AM

Posted 29 November 2017 - 11:41 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users