Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible malware. Limited wireless connectivity.


  • This topic is locked This topic is locked
10 replies to this topic

#1 cpotter

cpotter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 13 January 2018 - 09:32 AM

I have a laptop with a Killer Wireless N-1202 network adapter.  I'm currently having problems connecting to the internet.  On this laptop:

  • When connected with a wired connection, I can access the internet normally.
  • When connected with a wireless connection, I have only very limited internet connectivity
  • When trying to connect, I get: "Resolving host".  Ends up ultimately in "This Site Could Not Be Reached".  Server IP address could not be found.
  • If I try to obtain DNS server automatically in IPv6 and IPv4, I can get the google web page, but virtually nothing else.
  • If I try to obtain DNS server automatically in IPv6 and use 8.8.8.8 and 8.8.4.4 for IPv4, I can get google and YouTube websites, but virtually nothing else.

We have several additional computers in the home connected via wireless.  They are functioning normally.  I read that these symptoms can be a result of malware, which is why I'm posting here.  Other than getting help here, I'm at a loss as to what to do next.  Logs below.  Thanks in advance for the help.

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.01.2018
Ran by Chad (administrator) on CHAD-LAPTOP (13-01-2018 08:18:25)
Running from C:\Users\Chad\Downloads
Loaded Profiles: Chad & UpdatusUser (Available Profiles: Chad & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(BillP Studios) C:\Program Files (x86)\WinPatrol\WinPatrol.exe
() C:\Users\Chad\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe
(Callicia) C:\Program Files (x86)\BirdieSync\BirdieSync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Dropbox, Inc.) C:\Users\Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Dropbox, Inc.) C:\Users\Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
() C:\Program Files (x86)\BirdieSync\Android\Adb\1.0.32\adb.exe
(Dropbox, Inc.) C:\Users\Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
() C:\Program Files (x86)\BirdieSync\Android\Adb\1.0.32\adb.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6469736 2012-03-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2871096 2012-07-10] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [5752480 2012-07-11] (Dell Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [181208 2013-04-03] (cyberlink)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285680 2013-03-05] (Intel Corporation)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
HKLM-x32\...\Run: [PowerDVD13Agent] => "C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe"
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [533616 2017-02-15] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [324720 2017-02-15] (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-04] (Qualcomm®Atheros®)
HKU\S-1-5-21-1761084545-470814309-1483654965-1003\...\Run: [WinPatrol] => C:\Program Files (x86)\WinPatrol\winpatrol.exe [455744 2013-12-09] (BillP Studios)
HKU\S-1-5-21-1761084545-470814309-1483654965-1003\...\Run: [TouchFreeze] => C:\Users\Chad\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe [40960 2012-07-24] ()
HKU\S-1-5-21-1761084545-470814309-1483654965-1003\...\Run: [BirdieSync] => C:\Program Files (x86)\BirdieSync\BirdieSync.exe [999424 2015-02-02] (Callicia)
HKU\S-1-5-21-1761084545-470814309-1483654965-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-1761084545-470814309-1483654965-1003\...\Run: [Dropbox Update] => C:\Users\Chad\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-11-21] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-11-21] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-08-24]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{3D0217CA-88BC-42C7-998A-6C598CA624BF}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DishAnywherePlayerShortcut.lnk [2016-10-21]
ShortcutTarget: DishAnywherePlayerShortcut.lnk -> C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe (No File)
Startup: C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-01-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk [2014-10-30]
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1
Tcpip\..\Interfaces\{0DB97A86-7135-439B-AB7E-01D345F737A1}: [DhcpNameServer] 172.16.0.1
Tcpip\..\Interfaces\{3FD1069C-EDE7-4296-B920-1E2F280131B6}: [DhcpNameServer] 172.16.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1761084545-470814309-1483654965-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-1761084545-470814309-1483654965-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
SearchScopes: HKU\S-1-5-21-1761084545-470814309-1483654965-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-09-05] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2017-09-05] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-09-05] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-08-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-12] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2017-09-05] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-09-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-12] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
 
FireFox:
========
FF DefaultProfile: mp4vsqov.default
FF ProfilePath: C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\mp4vsqov.default [2018-01-13]
FF Homepage: Mozilla\Firefox\Profiles\mp4vsqov.default -> hxxps://www.google.com/
FF Extension: (New Tab Homepage) - C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\mp4vsqov.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2015-11-02] [Legacy]
FF Extension: (QuickJava) - C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\mp4vsqov.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2015-11-13] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2017-01-20] [Legacy] [not signed]
FF HKLM-x32\...\Sunbird\Extensions: [{A69F5EC7-88F0-4902-A15C-E569DFA33C3A}] - C:\Program Files (x86)\BirdieSync\Sunbird Service
FF Extension: (BirdieSync) - C:\Program Files (x86)\BirdieSync\Sunbird Service [2015-03-17] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [{A69F5EC7-88F0-4902-A15C-E569DFA33C3A}] - C:\Program Files (x86)\BirdieSync\Thunderbird Service
FF Extension: (BirdieSync) - C:\Program Files (x86)\BirdieSync\Thunderbird Service [2015-03-17] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VLC\npvlc.dll [No File]
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2017-02-15] (Citrix Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-30] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files (x86)\Sibelius Software\Scorch\npsibelius.dll [2013-03-11] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Chad\AppData\Roaming\mozilla\plugins\cgpcfg.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Chad\AppData\Roaming\mozilla\plugins\CgpCore.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Chad\AppData\Roaming\mozilla\plugins\confmgr.dll [2008-08-16] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Chad\AppData\Roaming\mozilla\plugins\ctxlogging.dll [2008-08-16] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Chad\AppData\Roaming\mozilla\plugins\ctxmui.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Chad\AppData\Roaming\mozilla\plugins\icafile.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Chad\AppData\Roaming\mozilla\plugins\icalogon.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Chad\AppData\Roaming\mozilla\plugins\msvcm80.dll [2008-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Chad\AppData\Roaming\mozilla\plugins\msvcp80.dll [2008-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Chad\AppData\Roaming\mozilla\plugins\msvcr80.dll [2008-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Chad\AppData\Roaming\mozilla\plugins\npicaN.dll [2008-08-16] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Chad\AppData\Roaming\mozilla\plugins\sslsdk_b.dll [2008-06-05] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Chad\AppData\Roaming\mozilla\plugins\TcpPServ.dll [2008-08-16] (Citrix Systems, Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default [2018-01-13]
CHR Extension: (Slides) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Docs) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-21]
CHR Extension: (YouTube) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-21]
CHR Extension: (Sheets) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Google Docs Offline) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-30]
CHR Extension: (Gmail) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-21]
CHR Extension: (Chrome Media Router) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-04] (Windows ® Win 7 DDK provider) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058416 2017-09-05] (Microsoft Corporation)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [247768 2013-04-03] (CyberLink)
R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1659456 2017-08-25] (Foxit Software Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [340480 2013-09-24] (Qualcomm Atheros) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2011-05-18] (Realtek Semiconductor)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-17] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X]
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Ak27x64; C:\Windows\System32\DRIVERS\Ak27x64.sys [4057808 2013-09-04] (Qualcomm Atheros, Inc.)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-09-04] (Qualcomm Atheros)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23312 2013-01-22] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2013-01-22] (Dell Computer Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-03-06] (Intel Corporation)
S3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [26504 2012-05-16] (Intel Corporation)
S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [44992 2012-02-09] ()
S3 lehidmini; C:\Windows\system32\drivers\leath_hid.sys [39704 2013-09-05] (Atheros)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-01-05] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2018-01-13] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2018-01-13] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-13] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2018-01-13] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-11-21] (NVIDIA Corporation)
S3 SmbDrvAMDASF; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [24888 2012-07-10] (Synaptics Incorporated)
R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [24888 2012-07-10] (Synaptics Incorporated)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [67184 2012-01-03] (STMicroelectronics)
S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
S3 Delldiag; \??\C:\__de11ctstestfolder20120wdcsa__\DellDiags\WBT_W64\DDDriver.sys [X]
S3 iscFlash; \??\C:\Users\Chad\AppData\Local\Temp\7zSB634.tmp\iscflashx64.sys [X] <==== ATTENTION
S1 MpKsl5f589d61; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{46F7B2F7-8AC5-4D60-8986-3293D571C467}\MpKsl5f589d61.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-13 08:18 - 2018-01-13 08:19 - 000030895 _____ C:\Users\Chad\Downloads\FRST.txt
2018-01-13 08:17 - 2018-01-13 08:18 - 000000000 ____D C:\FRST
2018-01-13 08:17 - 2018-01-13 08:17 - 002393088 _____ (Farbar) C:\Users\Chad\Downloads\FRST64.exe
2018-01-13 08:02 - 2018-01-13 08:02 - 000000000 ___RD C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2018-01-13 07:56 - 2018-01-13 07:56 - 000013292 _____ C:\Users\Chad\Downloads\DEC 2017 (1).xlsx
2018-01-13 07:54 - 2018-01-13 07:54 - 000013201 _____ C:\Users\Chad\Downloads\DEC 2017.xlsx
2018-01-12 09:28 - 2018-01-12 09:28 - 000374576 _____ C:\Users\Chad\Downloads\MyDISHBill_01-10-18.pdf
2018-01-11 16:36 - 2018-01-11 16:36 - 000363406 _____ C:\Users\Chad\Downloads\Statement_012018_5946.pdf
2018-01-11 16:23 - 2018-01-11 16:23 - 000014378 _____ C:\Users\Chad\Downloads\Discover-Last12Months-20180111.pdf
2018-01-11 16:23 - 2018-01-11 16:23 - 000009899 _____ C:\Users\Chad\Downloads\Discover-AccountActivity-20171227.pdf
2018-01-11 16:22 - 2018-01-11 16:22 - 000007714 _____ C:\Users\Chad\Downloads\Discover-RecentActivity-20180111.pdf
2018-01-11 12:32 - 2018-01-11 12:32 - 000000000 ____D C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-01-10 10:08 - 2018-01-10 10:08 - 000016150 _____ C:\Users\Chad\Downloads\2018-01-10_transaction_download.ofx
2018-01-10 09:24 - 2018-01-10 09:24 - 000007557 _____ C:\Users\Chad\Downloads\Discover-RecentActivity-20180110.pdf
2018-01-10 09:10 - 2018-01-10 09:10 - 000030065 _____ C:\Users\Chad\Downloads\CMH 457b enroll (3).pdf
2018-01-07 18:19 - 2018-01-07 18:19 - 002299218 _____ C:\Users\Chad\Desktop\2018 MO W-4.pdf
2018-01-06 08:59 - 2018-01-06 08:59 - 003704837 _____ C:\Users\Chad\Downloads\CMH 2017 W-4 AND MO W-4.pdf
2018-01-05 08:41 - 2017-12-31 20:21 - 005581544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-01-05 08:41 - 2017-12-31 20:21 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-01-05 08:41 - 2017-12-31 20:21 - 000948968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-01-05 08:41 - 2017-12-31 20:21 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-01-05 08:41 - 2017-12-31 20:21 - 000288488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2018-01-05 08:41 - 2017-12-31 20:21 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-01-05 08:41 - 2017-12-31 20:21 - 000213736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2018-01-05 08:41 - 2017-12-31 20:21 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-01-05 08:41 - 2017-12-31 20:21 - 000114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-01-05 08:41 - 2017-12-31 20:21 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-01-05 08:41 - 2017-12-31 20:19 - 001665384 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 014183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 002004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 001741312 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 001110528 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000977408 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000961024 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000863232 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2018-01-05 08:41 - 2017-12-31 20:18 - 000842752 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000705024 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2018-01-05 08:41 - 2017-12-31 20:18 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000473600 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000439296 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000366592 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2018-01-05 08:41 - 2017-12-31 20:18 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000264704 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000120320 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\ndptsp.tsp
2018-01-05 08:41 - 2017-12-31 20:18 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2018-01-05 08:41 - 2017-12-31 20:18 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\traffic.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapPeerProxy.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapAuthProxy.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\wshqos.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wshnetbs.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 20:18 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-01-05 08:41 - 2017-12-31 20:13 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-01-05 08:41 - 2017-12-31 20:04 - 000559616 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2018-01-05 08:41 - 2017-12-31 20:02 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 001390080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2P.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2018-01-05 08:41 - 2017-12-31 20:00 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWCN.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ndptsp.tsp
2018-01-05 08:41 - 2017-12-31 20:00 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\traffic.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-01-05 08:41 - 2017-12-31 20:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2018-01-05 08:41 - 2017-12-31 19:59 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2018-01-05 08:41 - 2017-12-31 19:59 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-01-05 08:41 - 2017-12-31 19:59 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-01-05 08:41 - 2017-12-31 19:59 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-01-05 08:41 - 2017-12-31 19:59 - 000309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2018-01-05 08:41 - 2017-12-31 19:59 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-01-05 08:41 - 2017-12-31 19:59 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-01-05 08:41 - 2017-12-31 19:59 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 19:59 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 19:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 19:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 19:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 19:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 19:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 19:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 19:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 19:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 19:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 19:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 19:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 19:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 19:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 19:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 19:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 19:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 19:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 19:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 19:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 19:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 19:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 19:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 19:55 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2018-01-05 08:41 - 2017-12-31 19:55 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2018-01-05 08:41 - 2017-12-31 19:55 - 000058368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2018-01-05 08:41 - 2017-12-31 19:55 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
2018-01-05 08:41 - 2017-12-31 19:55 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2018-01-05 08:41 - 2017-12-31 19:54 - 004013800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-01-05 08:41 - 2017-12-31 19:54 - 003959016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-01-05 08:41 - 2017-12-31 19:54 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-01-05 08:41 - 2017-12-31 19:50 - 000455680 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2018-01-05 08:41 - 2017-12-31 19:49 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-01-05 08:41 - 2017-12-31 19:49 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-01-05 08:41 - 2017-12-31 19:49 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-01-05 08:41 - 2017-12-31 19:49 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-01-05 08:41 - 2017-12-31 19:46 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-01-05 08:41 - 2017-12-31 19:45 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-01-05 08:41 - 2017-12-31 19:43 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
2018-01-05 08:41 - 2017-12-31 19:43 - 000038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2018-01-05 08:41 - 2017-12-31 19:43 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2018-01-05 08:41 - 2017-12-31 19:43 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2018-01-05 08:41 - 2017-12-31 19:43 - 000020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapPeerProxy.dll
2018-01-05 08:41 - 2017-12-31 19:43 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapAuthProxy.dll
2018-01-05 08:41 - 2017-12-31 19:43 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2018-01-05 08:41 - 2017-12-31 19:43 - 000013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshqos.dll
2018-01-05 08:41 - 2017-12-31 19:42 - 000460288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-01-05 08:41 - 2017-12-31 19:42 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-01-05 08:41 - 2017-12-31 19:42 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-01-05 08:41 - 2017-12-31 19:42 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-01-05 08:41 - 2017-12-31 19:41 - 000754176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-01-05 08:41 - 2017-12-31 19:41 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-01-05 08:41 - 2017-12-31 19:41 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-01-05 08:41 - 2017-12-31 19:41 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-01-05 08:41 - 2017-12-31 19:41 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-01-05 08:41 - 2017-12-31 19:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-01-05 08:41 - 2017-12-31 19:41 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-01-05 08:41 - 2017-12-31 19:39 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-01-05 08:41 - 2017-12-31 19:36 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-01-05 08:41 - 2017-12-31 19:36 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-01-05 08:41 - 2017-12-31 19:36 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-01-05 08:41 - 2017-12-31 19:36 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-01-05 08:41 - 2017-12-31 19:35 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-01-05 08:41 - 2017-12-31 19:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 19:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 19:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-01-05 08:41 - 2017-12-31 19:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-01-05 08:41 - 2017-12-30 01:29 - 000395968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-01-05 08:41 - 2017-12-30 00:42 - 000347328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-01-05 08:41 - 2017-12-29 12:39 - 020274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-01-05 08:41 - 2017-12-29 12:24 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-01-05 08:41 - 2017-12-29 12:13 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-01-05 08:41 - 2017-12-29 12:13 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-01-05 08:41 - 2017-12-29 12:12 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-01-05 08:41 - 2017-12-29 12:12 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-01-05 08:41 - 2017-12-29 12:11 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-01-05 08:41 - 2017-12-29 12:09 - 002294272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-01-05 08:41 - 2017-12-29 12:06 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-01-05 08:41 - 2017-12-29 12:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-01-05 08:41 - 2017-12-29 12:04 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-01-05 08:41 - 2017-12-29 12:03 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-01-05 08:41 - 2017-12-29 12:03 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-01-05 08:41 - 2017-12-29 12:03 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-01-05 08:41 - 2017-12-29 11:55 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-01-05 08:41 - 2017-12-29 11:51 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-01-05 08:41 - 2017-12-29 11:50 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-01-05 08:41 - 2017-12-29 11:50 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-01-05 08:41 - 2017-12-29 11:47 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-01-05 08:41 - 2017-12-29 11:47 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-01-05 08:41 - 2017-12-29 11:46 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-01-05 08:41 - 2017-12-29 11:45 - 004508160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-01-05 08:41 - 2017-12-29 11:44 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-01-05 08:41 - 2017-12-29 11:39 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-01-05 08:41 - 2017-12-29 11:38 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-01-05 08:41 - 2017-12-29 11:38 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-01-05 08:41 - 2017-12-29 11:37 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-01-05 08:41 - 2017-12-29 11:36 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-01-05 08:41 - 2017-12-29 11:19 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-01-05 08:41 - 2017-12-29 11:15 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-01-05 08:41 - 2017-12-29 11:13 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-01-05 08:41 - 2017-12-29 03:15 - 025737728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-01-05 08:41 - 2017-12-29 03:04 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-01-05 08:41 - 2017-12-29 03:04 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-01-05 08:41 - 2017-12-29 02:52 - 002900480 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-01-05 08:41 - 2017-12-29 02:51 - 005796352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-01-05 08:41 - 2017-12-29 02:51 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-01-05 08:41 - 2017-12-29 02:50 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-01-05 08:41 - 2017-12-29 02:50 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-01-05 08:41 - 2017-12-29 02:50 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-01-05 08:41 - 2017-12-29 02:50 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-01-05 08:41 - 2017-12-29 02:44 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-01-05 08:41 - 2017-12-29 02:43 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-01-05 08:41 - 2017-12-29 02:40 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-01-05 08:41 - 2017-12-29 02:39 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-01-05 08:41 - 2017-12-29 02:39 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-01-05 08:41 - 2017-12-29 02:39 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-01-05 08:41 - 2017-12-29 02:39 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-01-05 08:41 - 2017-12-29 02:32 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-01-05 08:41 - 2017-12-29 02:28 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-01-05 08:41 - 2017-12-29 02:22 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-01-05 08:41 - 2017-12-29 02:22 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-01-05 08:41 - 2017-12-29 02:21 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-01-05 08:41 - 2017-12-29 02:18 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-01-05 08:41 - 2017-12-29 02:18 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-01-05 08:41 - 2017-12-29 02:16 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-01-05 08:41 - 2017-12-29 02:14 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-01-05 08:41 - 2017-12-29 02:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-01-05 08:41 - 2017-12-29 02:04 - 015284224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-01-05 08:41 - 2017-12-29 02:03 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-01-05 08:41 - 2017-12-29 02:03 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-01-05 08:41 - 2017-12-29 02:01 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-01-05 08:41 - 2017-12-29 02:01 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-01-05 08:41 - 2017-12-29 01:50 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-01-05 08:41 - 2017-12-29 01:39 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-01-05 08:41 - 2017-12-29 01:27 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-01-05 08:41 - 2017-12-21 00:27 - 000634312 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-01-05 08:41 - 2017-12-13 10:31 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-01-05 08:41 - 2017-12-13 10:27 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-01-05 08:41 - 2017-12-13 10:27 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-01-05 08:41 - 2017-12-13 10:27 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-01-05 08:41 - 2017-12-13 10:27 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-01-05 08:41 - 2017-12-13 10:15 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-01-05 08:41 - 2017-12-13 10:11 - 000071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-01-05 08:41 - 2017-12-13 10:11 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-01-05 08:41 - 2017-12-13 10:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-01-05 08:41 - 2017-12-13 09:50 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-01-05 08:41 - 2017-12-05 11:36 - 000625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2018-01-05 08:41 - 2017-12-05 11:36 - 000250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2018-01-05 08:41 - 2017-12-05 11:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2018-01-05 08:41 - 2017-12-05 11:08 - 000481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2018-01-05 08:41 - 2017-12-05 11:08 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2018-01-05 08:41 - 2017-12-05 09:59 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-01-05 08:41 - 2017-12-05 09:49 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2018-01-05 08:18 - 2018-01-05 08:22 - 000721991 _____ C:\Users\Chad\Downloads\Radiology Dec 2017.xlsx
2018-01-05 08:16 - 2018-01-05 08:16 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-01-05 08:15 - 2018-01-13 07:59 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-01-05 08:15 - 2018-01-13 07:59 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-01-05 08:15 - 2018-01-13 07:59 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-01-05 08:15 - 2018-01-13 07:59 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-01-05 08:15 - 2018-01-05 08:15 - 000001833 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-05 08:15 - 2018-01-05 08:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-05 08:15 - 2018-01-05 08:15 - 000000000 ____D C:\ProgramData\MB2Migration
2018-01-05 08:15 - 2018-01-05 08:15 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-05 08:15 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-01-04 10:06 - 2018-01-04 10:06 - 000237488 _____ C:\Users\Chad\Downloads\statement (14).pdf
2018-01-04 10:02 - 2018-01-04 10:02 - 000242846 _____ C:\Users\Chad\Downloads\statement (13).pdf
2018-01-04 09:59 - 2018-01-04 09:59 - 000237596 _____ C:\Users\Chad\Downloads\statement (12).pdf
2018-01-04 09:57 - 2018-01-04 09:57 - 000237580 _____ C:\Users\Chad\Downloads\statement (11).pdf
2018-01-04 09:51 - 2018-01-04 09:51 - 000273935 _____ C:\Users\Chad\Downloads\statement (10).pdf
2018-01-04 09:46 - 2018-01-04 09:46 - 000243347 _____ C:\Users\Chad\Downloads\statement (9).pdf
2018-01-04 08:49 - 2018-01-04 08:50 - 000040719 _____ C:\Users\Chad\Downloads\Radiology Board Report 2017-2018 (7).xlsx
2017-12-31 14:46 - 2017-12-31 14:47 - 000368400 _____ C:\Windows\Minidump\123117-28875-01.dmp
2017-12-29 09:56 - 2017-12-29 09:56 - 000012184 _____ C:\Users\Chad\Downloads\2017-12-29_transaction_download.ofx
2017-12-21 09:37 - 2017-12-21 09:37 - 000587982 _____ C:\Users\Chad\Downloads\ECR2013_C-2515 (1).pdf
2017-12-21 09:35 - 2017-12-21 09:35 - 000587982 _____ C:\Users\Chad\Downloads\ECR2013_C-2515.pdf
2017-12-17 13:01 - 2017-12-17 13:02 - 000009538 _____ C:\Users\Chad\Downloads\2017-12-17_transaction_download.ofx
2017-12-14 10:39 - 2017-12-14 10:39 - 000059983 _____ C:\Users\Chad\Downloads\2018 Missouri Valley Junior Schedule - 2018 Junior Schedule.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-13 08:13 - 2009-07-13 22:45 - 000027936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-13 08:13 - 2009-07-13 22:45 - 000027936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-13 08:02 - 2014-02-26 17:14 - 000000000 ____D C:\Users\Chad\AppData\Roaming\stickies
2018-01-13 08:01 - 2014-01-08 16:02 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2018-01-13 08:01 - 2014-01-08 16:02 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2018-01-13 08:01 - 2014-01-08 15:53 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2018-01-13 07:59 - 2014-01-08 15:29 - 000000000 ____D C:\ProgramData\NVIDIA
2018-01-13 07:59 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-13 07:53 - 2009-07-13 23:13 - 000783606 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-13 07:53 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2018-01-13 07:50 - 2015-06-15 19:46 - 000000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1761084545-470814309-1483654965-1003UA.job
2018-01-13 07:23 - 2014-08-24 17:11 - 000000000 ____D C:\Users\Chad\Documents\Bluetooth Folder
2018-01-12 22:20 - 2014-01-08 15:41 - 000000000 ____D C:\ProgramData\Sonic
2018-01-12 22:16 - 2017-05-29 15:24 - 000000000 ____D C:\Users\Chad\AppData\LocalLow\Mozilla
2018-01-12 22:15 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\system32\NDF
2018-01-12 22:06 - 2014-01-16 22:20 - 000000000 ____D C:\Users\Chad\AppData\Roaming\MediaMonkey
2018-01-11 20:49 - 2015-06-15 19:46 - 000000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1761084545-470814309-1483654965-1003Core.job
2018-01-11 12:33 - 2014-01-15 17:47 - 000000000 ____D C:\Users\Chad\AppData\Roaming\Dropbox
2018-01-11 03:16 - 2014-01-13 18:30 - 000000000 ____D C:\Windows\system32\MRT
2018-01-11 03:10 - 2017-10-16 07:42 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-01-11 03:10 - 2014-01-13 18:30 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-01-11 03:03 - 2014-01-08 16:16 - 000776220 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-01-10 07:59 - 2014-01-25 23:05 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-01-10 07:59 - 2014-01-25 23:05 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-10 07:59 - 2014-01-25 23:05 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-01-10 07:58 - 2014-01-25 23:05 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-01-10 07:58 - 2014-01-25 23:05 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-08 19:03 - 2017-07-21 08:12 - 000002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-07 18:15 - 2014-09-30 09:19 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-07 18:14 - 2014-09-08 20:34 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-01-06 10:24 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\rescache
2018-01-06 09:05 - 2015-11-02 15:14 - 000519040 _____ C:\Windows\system32\FNTCACHE.DAT
2018-01-05 08:15 - 2014-01-15 15:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-05 08:15 - 2014-01-15 11:28 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security
2018-01-04 08:43 - 2015-08-24 11:24 - 000000000 ____D C:\ProgramData\Sonos,_Inc
2017-12-31 14:49 - 2014-01-13 21:31 - 000000000 ____D C:\Users\UpdatusUser
2017-12-31 14:46 - 2016-08-22 07:45 - 1016839913 _____ C:\Windows\MEMORY.DMP
2017-12-31 14:46 - 2014-04-23 08:10 - 000000000 ____D C:\Windows\Minidump
2017-12-29 12:12 - 2017-06-10 22:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-12-29 12:12 - 2014-01-17 19:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-21 09:51 - 2015-09-14 18:29 - 000000000 ____D C:\Users\Chad\Desktop\Radiology Documents
2017-12-15 03:20 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\SysWOW64\Setup
2017-12-15 03:20 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\system32\Setup
2017-12-14 12:11 - 2017-08-30 08:10 - 000000000 ____D C:\Program Files (x86)\TeamViewer
 
==================== Files in the root of some directories =======
 
2017-06-27 08:32 - 2017-06-27 08:32 - 000000000 _____ () C:\Users\Chad\AppData\Roaming\3d44d8bd-2c87-4690-ac9b-c72728314c42.storage
2014-09-01 10:28 - 2015-08-31 08:26 - 000000093 _____ () C:\Users\Chad\AppData\Roaming\ARCompanion.log
2014-03-03 11:29 - 2014-03-09 15:09 - 000000045 _____ () C:\Users\Chad\AppData\Roaming\mbam.context.scan
2014-08-12 12:59 - 2014-10-11 07:46 - 000073092 _____ () C:\Users\Chad\AppData\Roaming\Scorch_Install.log
2014-08-24 17:02 - 2014-08-24 17:02 - 000000000 _____ () C:\Users\Chad\AppData\Local\BluetoothPresent.flag
2014-08-24 17:02 - 2014-08-24 17:02 - 000000000 _____ () C:\Users\Chad\AppData\Local\Driver_Jupiter_01Present.flag
2014-01-15 11:23 - 2014-01-15 11:23 - 000007609 _____ () C:\Users\Chad\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
2015-12-04 11:03 - 2015-12-04 11:03 - 000071168 _____ () C:\Users\Chad\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv2yauu.dll
2017-10-10 07:34 - 2015-07-21 20:01 - 005005504 _____ (Foxit Corporation) C:\Users\Chad\AppData\Local\Temp\FoxitUpdater.exe
2016-10-21 18:35 - 2016-10-21 18:35 - 000737856 _____ (Oracle Corporation) C:\Users\Chad\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-03-12 13:17 - 2017-03-12 13:17 - 000739904 _____ (Oracle Corporation) C:\Users\Chad\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-07-29 07:29 - 2017-07-29 07:29 - 000740416 _____ (Oracle Corporation) C:\Users\Chad\AppData\Local\Temp\jre-8u144-windows-au.exe
2016-02-06 08:44 - 2016-02-06 08:44 - 000736352 _____ (Oracle Corporation) C:\Users\Chad\AppData\Local\Temp\jre-8u73-windows-au.exe
2016-03-25 18:47 - 2016-03-25 18:47 - 000736320 _____ (Oracle Corporation) C:\Users\Chad\AppData\Local\Temp\jre-8u77-windows-au.exe
2016-06-25 08:23 - 2016-06-25 08:23 - 000739904 _____ (Oracle Corporation) C:\Users\Chad\AppData\Local\Temp\jre-8u91-windows-au.exe
2017-06-10 21:50 - 2017-06-10 21:50 - 007178424 _____ (VS Revo Group                                               ) C:\Users\Chad\AppData\Local\Temp\VSUSetup.exe
2015-08-02 17:58 - 2015-08-02 17:58 - 000118784 _____ () C:\Users\Chad\AppData\Local\Temp\xmlUpdater.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-01-08 07:21
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.01.2018
Ran by Chad (13-01-2018 08:20:01)
Running from C:\Users\Chad\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2014-01-13 23:45:17)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1761084545-470814309-1483654965-500 - Administrator - Disabled)
Chad (S-1-5-21-1761084545-470814309-1483654965-1003 - Administrator - Enabled) => C:\Users\Chad
Guest (S-1-5-21-1761084545-470814309-1483654965-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1761084545-470814309-1483654965-1005 - Limited - Enabled)
UpdatusUser (S-1-5-21-1761084545-470814309-1483654965-1006 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon Music (HKU\S-1-5-21-1761084545-470814309-1483654965-1003\...\Amazon Amazon Music) (Version: 3.1.0.570 - Amazon Services LLC)
AutoHotkey 1.1.14.01 (HKLM\...\AutoHotkey) (Version: 1.1.14.01 - Lexikos)
BirdieSync 2.4.11.0 (HKLM-x32\...\BirdieSync) (Version: 2.4.11.0 - Callicia)
BlueStacks Notification Center (HKLM-x32\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
Brother MFL-Pro Suite MFC-7840W (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Citrix Receiver 4.7 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.7.0.13011 - Citrix Systems, Inc.)
Citrix XenApp Web Plugin (HKLM-x32\...\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)
ComposerHE 2.7.2 (HKLM\...\{2657CB2E-7F88-49AF-B3E2-0AEFD5C68AA4}_is1) (Version: 2.7.2.507543-res - Control4 Corporation)
CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.6523 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell Support Center (HKLM\...\{0090A87C-3E0E-43D4-AA71-A71B06563A4A}) (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 15.3.45.93 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKU\S-1-5-21-1761084545-470814309-1483654965-1003\...\Dropbox) (Version: 41.4.80 - Dropbox, Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.3.2.25013 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.4.1001 - Intel Corporation)
IPMIView (HKLM-x32\...\IPMIView) (Version: 2.6.0.0 - SUPERMICRO)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4989.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
MKV Chapter Editor (HKLM-x32\...\{F4C6A7F1-39A1-479F-B0EC-E7DDA88F60F1}) (Version: 1.0.4 - Rob Dahlgren)
MKVToolNix 6.7.0 [20140102-565] (HKLM-x32\...\MKVToolNix) (Version: 6.7.0 - Moritz Bunkus)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.5.2.6564 - Mozilla)
Mozilla Thunderbird 52.5.2 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.5.2 (x86 en-US)) (Version: 52.5.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team)
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4989.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4989.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4989.1000 - Microsoft Corporation) Hidden
Online Plug-in (HKLM-x32\...\{EACEB844-8CDD-4F3B-9EA2-E299741D1652}) (Version: 14.7.0.13011 - Citrix Systems, Inc.) Hidden
PhotoShowExpress (HKLM-x32\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) Hidden
Qualcomm Atheros Bandwidth Control Filter Driver (HKLM\...\{FAA77686-35B1-4D19-9BCB-C3A374C85EF4}) (Version: 1.0.35.1064 - Qualcomm Atheros) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.304 - Qualcomm Atheros Communications) Hidden
Qualcomm Atheros Killer Wireless-N Drivers (HKLM\...\{BA6A758C-94E7-4F96-9131-D3F57459F9BA}) (Version: 1.0.35.1064 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (HKLM\...\{3D0217CA-88BC-42C7-998A-6C598CA624BF}) (Version: 1.0.35.1064 - Qualcomm Atheros) Hidden
Qualcomm Atheros Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.0.35.1064 - Qualcomm Atheros)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.005 - Dell Inc.)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6606 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden
ScanSoft PaperPort 11 (HKLM-x32\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Self-service Plug-in (HKLM-x32\...\{5D678EB8-64FD-4681-AACF-3D18FBCA77A3}) (Version: 4.7.0.15674 - Citrix Systems, Inc.) Hidden
Sibelius Scorch (Firefox, Opera, Netscape, Chrome only) (HKLM-x32\...\{41626CC0-A854-4402-AD06-D7939515C282}) (Version: 6.2.0 - Sibelius Software, a division of Avid Technology, Inc.)
SMPlayer 0.8.6.6026 (x64) (HKLM\...\SMPlayer) (Version: 0.8.6.6026 - Ricardo Villalba)
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) Hidden
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 36.4.41272 - Sonos, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stickies 8.0b (HKLM-x32\...\ZhornStickies) (Version:  - Zhorn Software)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.82216 - TeamViewer)
TouchFreeze (HKLM-x32\...\{9C9744E5-2BB7-4042-BD1C-8A339480A08C}) (Version: 1.1.0 - Ivan Zhakov)
Ubiquiti UniFi (remove only) (HKLM-x32\...\Ubiquiti UniFi) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 29.2.2013 - BillP Studios)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1761084545-470814309-1483654965-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1761084545-470814309-1483654965-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1761084545-470814309-1483654965-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1761084545-470814309-1483654965-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1761084545-470814309-1483654965-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1761084545-470814309-1483654965-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1761084545-470814309-1483654965-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1761084545-470814309-1483654965-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1761084545-470814309-1483654965-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1761084545-470814309-1483654965-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1761084545-470814309-1483654965-1003_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1761084545-470814309-1483654965-1003_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1761084545-470814309-1483654965-1003_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [2013-09-04] (Qualcomm®Atheros®)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2017-08-19] (Foxit Software Inc.)
ContextMenuHandlers1: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2010-11-10] (TODO: <Company name>)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [2013-09-04] (Qualcomm®Atheros®)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-12-14] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2013-10-23] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2017-08-19] (Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers1_S-1-5-21-1761084545-470814309-1483654965-1003: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-1761084545-470814309-1483654965-1003: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-1761084545-470814309-1483654965-1003: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0593775A-4C30-4811-92CC-6F56DD789E97} - System32\Tasks\{E8C970CB-C798-44DE-A1F8-6353BB68B728} => C:\Windows\system32\pcalua.exe -a D:\ppport\InstPPSE.exe -d D:\ppport
Task: {1CF07CF6-6027-4CC1-B603-0311F5BA0F51} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {2157DDF6-0E55-4EFD-94B9-BFE8D0A49965} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {6149C579-B40F-4591-9945-494F19165841} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1761084545-470814309-1483654965-1003UA => C:\Users\Chad\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {62E88FC5-82AB-4CE8-8C53-54FF215FDC6F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-21] (Google Inc.)
Task: {76FF56CE-8993-4BD2-BC16-1C9267453D83} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {7EA3141C-A46C-43E6-882A-AFF1043864DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-21] (Google Inc.)
Task: {7F6C6A57-DB72-4E74-90EF-6C7E1643BBAC} - System32\Tasks\Malwarebytes Anti-Malware (Update) => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Task: {83192E92-245B-448F-8AAB-CF29B92200C5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {939887CA-3853-4619-8DA9-B2D3F2DC071D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
Task: {95016DFC-1F63-417C-9BBE-61E152A0181E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1761084545-470814309-1483654965-1003Core => C:\Users\Chad\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {B6A59D73-D8D9-404A-AE31-DEDB07CBEFB1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-10] (Adobe Systems Incorporated)
Task: {CC3BB740-F601-4C35-974B-952F31158F7C} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2011-12-13] (PC-Doctor, Inc.)
Task: {E0793A1A-1F90-4B20-ADEB-DF533BC35B43} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {E11AB1E7-6B43-44A6-8715-867320AD04BB} - System32\Tasks\Malwarebytes Anti-Malware => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Task: {F7F4BB58-B5ED-4BB5-9D4D-10CFA64C6145} - System32\Tasks\BackItUp_Launch => C:\Program Files (x86)\Nero\Nero BackItUp\BackItUp.exe
Task: {FD249E62-E18C-4CDC-91CA-D8A38D6D6C42} - System32\Tasks\{3E6D440D-D6E8-4D1B-8AD8-1EADAC3FE6D8} => C:\Windows\system32\pcalua.exe -a C:\Users\Chad\Desktop\ppport\InstPPSE.exe -d C:\Users\Chad\Desktop\ppport
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1761084545-470814309-1483654965-1003Core.job => C:\Users\Chad\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1761084545-470814309-1483654965-1003UA.job => C:\Users\Chad\AppData\Local\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-01-08 17:26 - 2013-10-23 02:20 - 000102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-30 08:53 - 2017-01-17 03:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-01-26 15:16 - 2005-04-22 13:36 - 000143360 ____N () C:\Windows\system32\BrSNMP64.dll
2018-01-05 08:15 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-01-05 08:15 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-03-23 09:41 - 2017-01-31 06:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-01-08 15:54 - 2012-01-26 21:49 - 002751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2013-09-04 23:03 - 2013-09-04 23:03 - 000086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2014-01-08 15:10 - 2012-02-14 08:53 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-24 19:26 - 2012-07-24 19:26 - 000040960 _____ () C:\Users\Chad\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe
2010-11-17 10:35 - 2010-11-17 10:35 - 000514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2013-09-24 11:03 - 2013-09-24 11:03 - 000283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2015-02-02 07:55 - 2015-02-02 07:55 - 001009664 _____ () C:\Program Files (x86)\BirdieSync\Android\Adb\1.0.32\adb.exe
2018-01-08 19:03 - 2018-01-03 03:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-08 19:03 - 2018-01-03 03:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2014-01-15 15:14 - 2013-07-15 11:29 - 000620718 ____N () C:\Program Files (x86)\WinPatrol\sqlite3.dll
2012-07-24 19:26 - 2012-07-24 19:26 - 000034304 _____ () C:\Users\Chad\AppData\Local\Programs\TouchFreeze\TouchFreeze.dll
2014-03-26 06:23 - 2014-03-26 06:23 - 000799232 _____ () C:\Program Files (x86)\BirdieSync\BirdieSync.Lib\sqlite3.dll
2014-07-26 03:55 - 2014-07-26 03:55 - 000029696 _____ () C:\Program Files (x86)\BirdieSync\BirdieSync.Lib\QtSolutions_SingleApplication-head.dll
2018-01-11 03:23 - 2018-01-11 03:23 - 000016384 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\a59aa61a1ac8160da5fafb2921d95e93\PSIClient.ni.dll
2010-11-24 22:44 - 2010-11-24 22:44 - 000375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2014-01-26 15:16 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2018-01-11 12:32 - 2018-01-08 15:15 - 000732480 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2018-01-11 12:32 - 2018-01-08 15:15 - 002061632 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2018-01-11 12:32 - 2018-01-08 15:15 - 000100296 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2018-01-11 12:32 - 2018-01-08 15:15 - 000018888 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\select.pyd
2018-01-11 12:32 - 2018-01-08 15:16 - 000020800 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2018-01-11 12:32 - 2018-01-08 15:15 - 000035792 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2018-01-11 12:32 - 2018-01-08 15:15 - 000694224 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2018-01-11 12:32 - 2018-01-08 15:16 - 000021848 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2018-01-11 12:32 - 2018-01-08 15:15 - 000130512 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2018-01-11 12:32 - 2018-01-08 15:16 - 001856848 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2018-01-11 12:32 - 2018-01-08 15:16 - 000022864 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2018-01-11 12:32 - 2018-01-08 15:15 - 000145864 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2018-01-11 12:32 - 2018-01-08 15:15 - 000116688 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2018-01-11 12:32 - 2018-01-08 15:15 - 000105928 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\win32api.pyd
2018-01-11 12:32 - 2018-01-08 15:16 - 000022864 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2018-01-11 12:32 - 2018-01-08 15:16 - 000063296 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2018-01-11 12:32 - 2018-01-08 15:15 - 000024528 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\win32event.pyd
2018-01-11 12:32 - 2018-01-08 15:16 - 000040248 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\fastpath.pyd
2018-01-11 12:32 - 2018-01-08 15:15 - 000020936 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2018-01-11 12:32 - 2018-01-08 15:15 - 000124880 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\win32file.pyd
2018-01-11 12:32 - 2018-01-08 15:15 - 000116176 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\win32security.pyd
2018-01-11 12:32 - 2018-01-08 15:15 - 000392656 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2018-01-11 12:32 - 2018-01-08 15:16 - 000392512 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2018-01-11 12:32 - 2018-01-08 15:16 - 000026456 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2018-01-11 12:32 - 2018-01-08 15:15 - 000024016 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2018-01-11 12:32 - 2018-01-08 15:15 - 000175560 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\win32gui.pyd
2018-01-11 12:32 - 2018-01-08 15:15 - 000030160 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2018-01-11 12:32 - 2018-01-08 15:15 - 000043472 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\win32process.pyd
2018-01-11 12:32 - 2018-01-08 15:15 - 000026056 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\win32job.pyd
2018-01-11 12:32 - 2018-01-08 15:15 - 000048592 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\win32service.pyd
2018-01-11 12:32 - 2018-01-08 15:15 - 000057808 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2018-01-11 12:32 - 2018-01-08 15:16 - 000021824 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2018-01-11 12:32 - 2018-01-08 15:17 - 000023368 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.pyd
2018-01-11 12:32 - 2018-01-08 15:16 - 000022856 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.pyd
2018-01-11 12:32 - 2018-01-08 15:16 - 000066392 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2018-01-11 12:32 - 2018-01-08 15:16 - 001796920 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2018-01-11 12:32 - 2018-01-08 15:15 - 000084424 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\sip.pyd
2018-01-11 12:32 - 2018-01-08 15:16 - 001956152 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2018-01-11 12:32 - 2018-01-08 15:16 - 003859264 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2018-01-11 12:32 - 2018-01-08 15:16 - 000155464 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2018-01-11 12:32 - 2018-01-08 15:16 - 000521024 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2018-01-11 12:32 - 2018-01-08 15:16 - 000050496 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.pyd
2018-01-11 12:32 - 2018-01-08 15:16 - 000042304 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2018-01-11 12:32 - 2018-01-08 15:16 - 000131384 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2018-01-11 12:32 - 2018-01-08 15:16 - 000218944 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2018-01-11 12:32 - 2018-01-08 15:16 - 000204096 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2018-01-11 12:32 - 2018-01-08 15:17 - 000025432 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2018-01-11 12:32 - 2018-01-08 15:15 - 000060880 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\win32print.pyd
2018-01-11 12:32 - 2018-01-08 15:17 - 000054608 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2018-01-11 12:32 - 2018-01-08 15:15 - 000024016 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\win32profile.pyd
2018-01-11 12:32 - 2018-01-08 15:17 - 000022864 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2018-01-11 12:32 - 2018-01-08 15:15 - 000028616 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\win32ts.pyd
2018-01-11 12:32 - 2018-01-08 15:16 - 000022360 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2018-01-11 12:32 - 2018-01-08 15:17 - 000021848 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2018-01-11 12:32 - 2018-01-08 15:17 - 000022360 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2018-01-11 12:32 - 2018-01-08 15:16 - 000027488 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2018-01-11 12:32 - 2018-01-08 15:15 - 000349128 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2018-01-11 12:32 - 2018-01-08 15:17 - 000023896 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2018-01-11 12:32 - 2018-01-08 15:16 - 000025424 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2018-01-11 12:32 - 2018-01-08 15:15 - 000036296 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\librsync.dll
2018-01-11 12:32 - 2018-01-08 15:16 - 000021848 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-01-11 12:32 - 2018-01-08 15:16 - 000181056 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2018-01-11 12:32 - 2018-01-08 15:16 - 000030536 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2018-01-11 12:32 - 2018-01-08 15:16 - 000024368 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\libEGL.DLL
2018-01-11 12:32 - 2018-01-08 15:16 - 001638200 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2018-01-11 12:32 - 2018-01-08 15:17 - 000026456 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-01-11 12:32 - 2018-01-08 15:16 - 000545080 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2018-01-11 12:32 - 2018-01-08 15:16 - 000359224 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2018-01-11 12:32 - 2018-01-08 15:16 - 000038208 _____ () C:\Users\Chad\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngine.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Chad\Desktop\Radiology Documents:com.dropbox.attributes [168]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1761084545-470814309-1483654965-1003\...\google.com -> hxxps://accounts.google.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1761084545-470814309-1483654965-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 172.16.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{2266C48D-A9AD-4A90-92C4-6D4450731961}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{CBF6CC84-25CA-49FB-A94F-AA89216D5917}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{BE3AEE91-2CC3-4C7A-ADEB-8C285879542E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{868752B6-F260-4BE9-850D-1282FDAFA534}] => (Allow) C:\Users\Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{02454A0C-072A-4544-858F-5D25F1AA55F2}] => (Allow) C:\Users\Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{167598F2-3657-4A5B-8171-D21E5A56FC09}C:\users\chad\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\chad\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{7D4A9624-9D31-4AD0-BA91-16203996E422}C:\users\chad\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\chad\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{1C8CEA7B-02E9-4B41-B07E-629D82D1DBDF}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe
FirewallRules: [{848A6EE2-E06C-4A50-A42F-F26D8B459AFF}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe
FirewallRules: [{6128E845-4F69-4395-BFDC-FA674D6EF55F}] => (Allow) LPort=54925
FirewallRules: [TCP Query User{B726D510-54B6-4297-8D4C-38AD945ADCDC}C:\users\chad\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\chad\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{061B0316-F176-4644-8DE0-E14EB6835AF0}C:\users\chad\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\chad\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{C92374F3-FA53-45DD-8B97-0795B628D93D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [PotPlayer(PotPlayerMini64.exe)] => (Allow) C:\Program Files\PotPlayer\PotPlayerMini64.exe
FirewallRules: [{29C598E3-CF89-4BE1-9E3E-C046C7136A6F}] => (Allow) C:\Program Files\PotPlayer\PotPlayerMini64.exe
FirewallRules: [{2FD54074-A3C7-40AB-97CC-80AAE470F295}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2E1CE47E-05DB-47EC-994A-9093DDE16249}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CBDD6FBD-5BB2-4C21-B693-04FBD90E7033}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{ABA670D3-6C44-45CC-828F-695AF43F5D0E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{BCCB7102-487C-4E82-85AD-0B8145523B26}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{984686EC-E3B1-4CCD-83FD-306A3C7AA07D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{5653C332-EE71-4BB7-B4A1-2A012520B9B3}C:\users\chad\appdata\local\temp\temp1_jap-2g-a5-21d-firmware.zip\jap-2g-a5-21d-firmware\bonjour browser.exe] => (Allow) C:\users\chad\appdata\local\temp\temp1_jap-2g-a5-21d-firmware.zip\jap-2g-a5-21d-firmware\bonjour browser.exe
FirewallRules: [UDP Query User{E79D70A2-E52B-47D1-8A15-E1B389EB03E9}C:\users\chad\appdata\local\temp\temp1_jap-2g-a5-21d-firmware.zip\jap-2g-a5-21d-firmware\bonjour browser.exe] => (Allow) C:\users\chad\appdata\local\temp\temp1_jap-2g-a5-21d-firmware.zip\jap-2g-a5-21d-firmware\bonjour browser.exe
FirewallRules: [{0E9D1C01-479F-4778-8C22-054CFED8AE42}] => (Block) C:\users\chad\appdata\local\temp\temp1_jap-2g-a5-21d-firmware.zip\jap-2g-a5-21d-firmware\bonjour browser.exe
FirewallRules: [{F9264F22-FACE-46FF-8C89-E16D27A1896D}] => (Block) C:\users\chad\appdata\local\temp\temp1_jap-2g-a5-21d-firmware.zip\jap-2g-a5-21d-firmware\bonjour browser.exe
FirewallRules: [TCP Query User{4E1F077E-3C9D-458D-964D-0CFE61FD10E4}C:\users\chad\appdata\local\temp\temp2_jap-2g-a5-21d-firmware.zip\jap-2g-a5-21d-firmware\bonjour browser.exe] => (Allow) C:\users\chad\appdata\local\temp\temp2_jap-2g-a5-21d-firmware.zip\jap-2g-a5-21d-firmware\bonjour browser.exe
FirewallRules: [UDP Query User{AC73FA17-95D8-4EB5-B51F-62D0D763885B}C:\users\chad\appdata\local\temp\temp2_jap-2g-a5-21d-firmware.zip\jap-2g-a5-21d-firmware\bonjour browser.exe] => (Allow) C:\users\chad\appdata\local\temp\temp2_jap-2g-a5-21d-firmware.zip\jap-2g-a5-21d-firmware\bonjour browser.exe
FirewallRules: [{F12F32CF-1709-41A0-BAD4-E94DA8F96DDB}] => (Block) C:\users\chad\appdata\local\temp\temp2_jap-2g-a5-21d-firmware.zip\jap-2g-a5-21d-firmware\bonjour browser.exe
FirewallRules: [{2817A470-E631-4010-B57F-29A22777E46D}] => (Block) C:\users\chad\appdata\local\temp\temp2_jap-2g-a5-21d-firmware.zip\jap-2g-a5-21d-firmware\bonjour browser.exe
FirewallRules: [TCP Query User{6BCD7151-8D86-4564-8E39-195DAF5CD847}C:\users\chad\appdata\local\temp\temp3_jap-2g-a5-21d-firmware.zip\jap-2g-a5-21d-firmware\bonjour browser.exe] => (Allow) C:\users\chad\appdata\local\temp\temp3_jap-2g-a5-21d-firmware.zip\jap-2g-a5-21d-firmware\bonjour browser.exe
FirewallRules: [UDP Query User{26974BF7-CD1C-44A6-B3E1-77733572E830}C:\users\chad\appdata\local\temp\temp3_jap-2g-a5-21d-firmware.zip\jap-2g-a5-21d-firmware\bonjour browser.exe] => (Allow) C:\users\chad\appdata\local\temp\temp3_jap-2g-a5-21d-firmware.zip\jap-2g-a5-21d-firmware\bonjour browser.exe
FirewallRules: [{6D26762B-A782-449E-B493-A24C58E0DC5A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{F9624F4A-074D-443D-88FA-42A930597F0D}] => (Allow) C:\Program Files (x86)\BirdieSync\BirdieSync.exe
FirewallRules: [{D2271D69-434B-47F3-B985-3FF4F9355F8C}] => (Allow) C:\Program Files (x86)\BirdieSync\BirdieSync.exe
FirewallRules: [{4474F4FE-62B8-4C6B-B6F3-AEF958B7B54C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B739B04D-475C-4A21-85B0-EA5ACF1675CA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{FFED2B84-D2BF-40A6-B31D-ACC895582A84}C:\program files (x86)\supermicro\ipmiview\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\supermicro\ipmiview\jre\bin\javaw.exe
FirewallRules: [UDP Query User{109E7A52-DF6D-4B98-B102-F2E4EC960CD5}C:\program files (x86)\supermicro\ipmiview\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\supermicro\ipmiview\jre\bin\javaw.exe
FirewallRules: [TCP Query User{4522CD2D-3AAC-4EC0-AF42-E61300B07805}C:\program files (x86)\supermicro\ipmiview\jre\bin\javaw.exe] => (Block) C:\program files (x86)\supermicro\ipmiview\jre\bin\javaw.exe
FirewallRules: [UDP Query User{8FD4433E-C7B9-45FF-9D43-7403FF356FBD}C:\program files (x86)\supermicro\ipmiview\jre\bin\javaw.exe] => (Block) C:\program files (x86)\supermicro\ipmiview\jre\bin\javaw.exe
FirewallRules: [{9E8FA867-B02F-41A1-9991-FB9E94623EF7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{08319D43-804C-47B6-BA8A-C2C71009FC69}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{AB69B69F-52DF-4672-A951-D9B581FAADEE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{0EA17566-5F2F-4E3D-834D-8AD33926ED6C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{FFAAFB16-6DC3-4A2A-83A1-6C676744F0BE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F28DB758-3539-4499-AF88-38528A88EF4C}] => (Allow) LPort=2869
FirewallRules: [{5C3B030D-B956-41CB-893F-2A51ABFEB2BA}] => (Allow) LPort=1900
FirewallRules: [{232426B1-0424-4172-B47E-C7B6907AF2DE}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{41F02CA7-4292-49F4-AE12-9097124E1506}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Block) C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [UDP Query User{51CECE0B-7549-4191-9368-E474FBA8C074}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Block) C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [TCP Query User{7ABD5986-E8C7-43C5-9EF3-0DCB7843BFB6}C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe] => (Allow) C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe
FirewallRules: [UDP Query User{DA19527B-0302-48BF-96E7-D200925CB0D4}C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe] => (Allow) C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe
FirewallRules: [TCP Query User{06F53DD8-F02B-4E0B-9243-3A36E4D12253}C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe] => (Block) C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe
FirewallRules: [UDP Query User{60A546AB-49C2-4AC0-BDFE-02ED6DF9880B}C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe] => (Block) C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe
FirewallRules: [{D1B167FC-12B5-4E8A-971A-4ACA76F0A08A}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_65\bin\java.exe
FirewallRules: [{A1665C4E-3B08-4CE6-8A4F-0358A32B222E}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_65\bin\java.exe
FirewallRules: [{8244C310-E577-4CC6-9320-6882CB9CB284}] => (Allow) C:\Users\Chad\Ubiquiti UniFi\bin\mongod.exe
FirewallRules: [{C0FCA8DF-9E29-467E-BA8C-446AD64E9EE3}] => (Allow) C:\Users\Chad\Ubiquiti UniFi\bin\mongod.exe
FirewallRules: [TCP Query User{77A5155A-A2BB-4859-B283-C20CB94F237C}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [UDP Query User{CBFEB050-E535-4D05-90C3-21E5CB6A8461}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [{C030FB84-0858-4D01-A997-587D9FCC4C7E}] => (Block) C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [{198B44BC-BB56-4093-96D5-A7A7FD60C44F}] => (Block) C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [TCP Query User{6D76CFD8-8037-42FB-8BE3-183EEA02FE27}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [UDP Query User{5BB802C6-D89D-4AB6-852A-166A45454DA5}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [TCP Query User{9CAF4BC4-2ADF-40CC-9632-F0B161ECA3A4}C:\program files (x86)\java\jre1.8.0_121\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\java.exe
FirewallRules: [UDP Query User{C97B63BE-449C-498C-B052-577AAC78EDA6}C:\program files (x86)\java\jre1.8.0_121\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\java.exe
FirewallRules: [{C3C33ACD-3F86-4C4B-84A2-49333F03D16F}] => (Block) C:\program files (x86)\java\jre1.8.0_121\bin\java.exe
FirewallRules: [{0D05DC85-2CF7-40E0-A6C1-03E5ED437D11}] => (Block) C:\program files (x86)\java\jre1.8.0_121\bin\java.exe
FirewallRules: [{528FFA6D-8058-4258-8E60-DBB87C711D8D}] => (Block) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [{BAF348DB-8493-4440-815A-81538E78B7F5}] => (Block) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [{68B3BF34-3237-4220-80C2-3E0618FCC289}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe
FirewallRules: [{E6BEBE2C-B023-4544-B171-CF5769B4B092}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe
FirewallRules: [{BA8E3356-B00A-4DDD-A390-3BD7468D8F98}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B005327E-BDDC-4231-8CC4-88E6962D1F5E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{CEE177D4-A64D-44F0-B5DF-ACD24FE688E1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{69471642-630E-40E6-9D26-1A0DA5C0C1D4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F66D0636-F147-49E6-97CF-910028D4731A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BEABEFD9-0F0C-4C83-93E9-0D94BB60F6F6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{A13607B2-6342-406E-A4C3-E21894007C60}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{0CAA0C4B-1FFF-42AF-942D-36F96DE68344}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [{893DC884-BB09-45E1-B5B7-DCA0AF20EF57}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
04-01-2018 08:42:47 Windows Update
06-01-2018 08:16:34 Windows Update
09-01-2018 12:46:32 Windows Update
11-01-2018 03:00:11 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: MpKsl5f589d61
Description: MpKsl5f589d61
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl5f589d61
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: BlueStacks Hypervisor
Description: BlueStacks Hypervisor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: BstHdDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/13/2018 08:00:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/13/2018 07:47:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/12/2018 10:19:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/10/2018 09:00:51 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2018/01/10 09:00:51.022]: [00008836]: Initialize TwdsMain Class failed!
 
Error: (01/10/2018 09:00:51 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2018/01/10 09:00:51.022]: [00008836]: ##### Fatal ERROR!! Create STI-device failed! #####
 
Error: (01/10/2018 09:00:48 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2018/01/10 09:00:48.156]: [00011488]: Initialize TwdsMain Class failed!
 
Error: (01/10/2018 09:00:48 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2018/01/10 09:00:48.156]: [00011488]: ##### Fatal ERROR!! Create STI-device failed! #####
 
Error: (01/10/2018 09:00:47 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2018/01/10 09:00:47.956]: [00011488]: Initialize TwdsMain Class failed!
 
Error: (01/10/2018 09:00:47 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2018/01/10 09:00:47.956]: [00011488]: ##### Fatal ERROR!! Create STI-device failed! #####
 
Error: (01/07/2018 06:15:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (01/13/2018 08:04:50 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The NVIDIA Update Service Daemon service hung on starting.
 
Error: (01/13/2018 07:59:33 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The BlueStacks Android Service service depends on the BlueStacks Hypervisor service which failed to start because of the following error: 
The system cannot find the path specified.
 
Error: (01/13/2018 07:59:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Updater Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (01/13/2018 07:59:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Log Rotator Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (01/13/2018 07:59:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Hypervisor service failed to start due to the following error: 
The system cannot find the path specified.
 
Error: (01/13/2018 07:46:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The BlueStacks Android Service service depends on the BlueStacks Hypervisor service which failed to start because of the following error: 
The system cannot find the path specified.
 
Error: (01/13/2018 07:46:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Updater Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (01/13/2018 07:46:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Log Rotator Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (01/13/2018 07:46:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Hypervisor service failed to start due to the following error: 
The system cannot find the path specified.
 
Error: (01/12/2018 10:18:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The BlueStacks Android Service service depends on the BlueStacks Hypervisor service which failed to start because of the following error: 
The system cannot find the path specified.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 44%
Total physical RAM: 8074.31 MB
Available physical RAM: 4513.08 MB
Total Virtual: 16146.79 MB
Available Virtual: 12397.2 MB
 
==================== Drives ================================
 
Drive c: (OSDisk) (Fixed) (Total:684.96 GB) (Free:516.62 GB) NTFS
Drive f: (DATAPART1) (Fixed) (Total:29.82 GB) (Free:29.73 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 512FB4E3)
Partition 1: (Not Active) - (Size=685 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=13.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 29.8 GB) (Disk ID: D2EB59E3)
Partition 1: (Not Active) - (Size=29.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:01 PM

Posted 13 January 2018 - 03:05 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program in bold via the Control Panel > Programs > Programs and Features.
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 29.2.2013 - BillP Studios)
This program is no longer supported. You call if you want to keep it.

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VLC\npvlc.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S2 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X]
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]
S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
S3 Delldiag; \??\C:\__de11ctstestfolder20120wdcsa__\DellDiags\WBT_W64\DDDriver.sys [X]
S3 iscFlash; \??\C:\Users\Chad\AppData\Local\Temp\7zSB634.tmp\iscflashx64.sys [X] <==== ATTENTION

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
Hosts:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Let me know if the problem persists.

#3 cpotter

cpotter
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 14 January 2018 - 11:07 AM

Problem persists in both google chrome (my default browser) and IE.

 

 

 

Log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 13.01.2018 01
Ran by Chad (14-01-2018 09:43:52) Run:1
Running from C:\Users\Chad\Desktop
Loaded Profiles: Chad & UpdatusUser (Available Profiles: Chad & UpdatusUser)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VLC\npvlc.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S2 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X]
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]
S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
S3 Delldiag; \??\C:\__de11ctstestfolder20120wdcsa__\DellDiags\WBT_W64\DDDriver.sys [X]
S3 iscFlash; \??\C:\Users\Chad\AppData\Local\Temp\7zSB634.tmp\iscflashx64.sys [X] <==== ATTENTION
 
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
Hosts:
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\System\CurrentControlSet\Services\BstHdAndroidSvc" => removed successfully
BstHdAndroidSvc => service removed successfully
"HKLM\System\CurrentControlSet\Services\BstHdLogRotatorSvc" => removed successfully
BstHdLogRotatorSvc => service removed successfully
"HKLM\System\CurrentControlSet\Services\BstHdUpdaterSvc" => removed successfully
BstHdUpdaterSvc => service removed successfully
"HKLM\System\CurrentControlSet\Services\BstHdDrv" => removed successfully
BstHdDrv => service removed successfully
"HKLM\System\CurrentControlSet\Services\Delldiag" => removed successfully
Delldiag => service removed successfully
"HKLM\System\CurrentControlSet\Services\iscFlash" => removed successfully
iscFlash => service removed successfully
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= IPCONFIG /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
 
Ethernet adapter Local Area Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::31af:af48:e085:bf98%15
   Default Gateway . . . . . . . . . : 
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::fd35:960:bcf4:e926%11
   Default Gateway . . . . . . . . . : 
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{5917F549-91D4-41D8-96B0-D22E41F71D46}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.attlocal.net:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{A7EEFDCA-C05C-4B92-A828-5E96004012FA}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
========= IPCONFIG /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
 
Ethernet adapter Local Area Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : attlocal.net
   Link-local IPv6 Address . . . . . : fe80::31af:af48:e085:bf98%15
   IPv4 Address. . . . . . . . . . . : 192.168.1.118
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : attlocal.net
   Link-local IPv6 Address . . . . . : fe80::fd35:960:bcf4:e926%11
   IPv4 Address. . . . . . . . . . . : 192.168.1.112
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{5917F549-91D4-41D8-96B0-D22E41F71D46}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.attlocal.net:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : attlocal.net
 
Tunnel adapter isatap.{A7EEFDCA-C05C-4B92-A828-5E96004012FA}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset c:\resetlog.txt =========
 
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= netsh int ipv4 reset =========
 
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ipv6 reset =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {4E1166BE-4FF4-420E-B63F-30A55B831081}.
Unable to cancel {21A2277C-6864-4100-A86D-65BE0A7629A0}.
Unable to cancel {C5FD1DC5-2536-4671-B28D-B21115F3ACDB}.
0 out of 3 jobs canceled.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 104179672 B
Java, Flash, Steam htmlcache => 37056932 B
Windows/system/drivers => 294314810 B
Edge => 0 B
Chrome => 692038547 B
Firefox => 18514752 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 82939 B
systemprofile32 => 71566 B
LocalService => 0 B
NetworkService => 10291406 B
Chad => 2817029491 B
UpdatusUser => 0 B
 
RecycleBin => 4379596911 B
EmptyTemp: => 7.8 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 09:45:51 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:01 PM

Posted 14 January 2018 - 01:30 PM

:step1: Remove Chrome from your Computer and reinstall a fresh copy later.

:step2: Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

:step3: If you sync you account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data
https://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/


:step4: Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en


:step5: Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

:step6: Re-install Chrome and the Bookmarks.
====

It's a Syncing issue.
To remove it you will have to reset the Sync in Chrome.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
<<<>>>

#5 cpotter

cpotter
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 14 January 2018 - 02:15 PM

IE does similar but even less reliable loading.  Still need to remove / reinstall chrome?

 

Thanks.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:01 PM

Posted 14 January 2018 - 02:16 PM

You can try to reset the Syncing if you set otherwise yes remove and reinstall Chrome.

#7 cpotter

cpotter
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 14 January 2018 - 06:08 PM

I deleted sync data, backed up bookmarks, deleted cache and cookies, deleted and reinstalled chrome, and then imported bookmarks.  Still having same problem.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:01 PM

Posted 15 January 2018 - 07:32 AM

Hi,

Reset your router. It may be infected.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

====
How to tell if my Wireless is secure.
http://www.ehow.com/how_6775466_tell-wireless-secure_.html

#9 cpotter

cpotter
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 15 January 2018 - 03:02 PM

It can't be my router.  I have identical problems when connecting to a different network while at work.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:01 PM

Posted 16 January 2018 - 08:23 AM



Hi,



Hi,

Please read this article and try some of the suggestions it may be helpful.
https://answers.microsoft.com/en-us/windows/forum/windows_7-networking/windows-7-home-64-bit-wireless-connection-has/7246952a-187f-4110-a0d3-13077a3e435e?auth=1

If the problem persists the I suggest you check with the Networking Experts in this forum.
https://www.bleepingcomputer.com/forums/f/21/networking/

This is not caused by malware and not my forte.

I will leave this topic open for 6 days.

#11 cpotter

cpotter
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 16 January 2018 - 11:09 AM

Thank you very much for the help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users