Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have admin rights, but can't terminate processes, FRST logs attached


  • This topic is locked This topic is locked
38 replies to this topic

#1 maddbassist

maddbassist

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 PM

Posted 17 March 2018 - 03:35 PM

Original post from today before I ran FRST....
 
"Posted Today, 12:35 PM
I am the original owner of my computer. Been having odd things happen lately, and need your input. I have Malwarebytes for example, and though it is set to run at startup, it doesn't unless I manually click on it a few times. Also, I note when I log in, before using any programs, if I run netstat -a, I see about 15 items whose IPs trace back to Microsoft servers, Amazon, and other companies I've never heard of. My Malwarebytes and Eset antivirus programs find nothing, and I've run Kaspersky's TDSSKiller to no avail. The computer is a bit slow, and when I open Task manager, I see things like Adobe Updater processes running, and even with Admin account, I can't terminate ANY processes. The hotel where I am doesn't have any encryption between my computer and their Spectrum router...just an FYI.
 
Any thoughts on how I can recover Admin rights/figure out if I have rookits, malware, viruses, etc?
 
Thanks."
 
My FRST logs...
 
**Content removed modified logs posted below**

Edited by Oh My!, 04 April 2018 - 09:23 AM.
Deleted offensive material


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:07 PM

Posted 22 March 2018 - 03:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/673390 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 maddbassist

maddbassist
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 PM

Posted 25 March 2018 - 04:21 PM

3-25-18...I still need help...
 
 
Original post of my problem when I first opened this ticket last week...the problem is still the same....no one yet replied to my post...
 
"Posted 3-17-18 12:35 PM
 
I am the original owner of my computer. Been having odd things happen lately, and need your input. I have Malwarebytes for example, and though it is set to run at startup, it doesn't unless I manually click on it a few times. Also, I note when I log in, before using any programs, if I run netstat -a, I see about 15 items whose IPs trace back to Microsoft servers, Amazon, and other companies I've never heard of. My Malwarebytes and Eset antivirus programs find nothing, and I've run Kaspersky's TDSSKiller to no avail. The computer is a bit slow, and when I open Task manager, I see things like Adobe Updater processes running, and even with Admin account, I can't terminate ANY processes. The hotel where I am doesn't have any encryption between my computer and their Spectrum router...just an FYI.
 
Any thoughts on how I can recover Admin rights/figure out if I have rookits, malware, viruses, etc?
 
Thanks."
 
I do have the original Windows DVD, but not available unless I get it out of storage, which will be a while....
 
Attached is the second set of FRST logs I've run (I ran this second scan today 3-25-18)....

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by djc (administrator) on MUSICMACHINE (25-03-2018 16:58:28)
Running from C:\Users\djc\Downloads
Loaded Profiles: djc & UpdatusUser (Available Profiles: djc & UpdatusUser & kingd)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\ASTSRV.EXE
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe
(TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\A6100\A6100.EXE
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\djc\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [324352 2017-12-18] (ESET)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3676960 2018-03-03] (Malwarebytes)
HKU\S-1-5-21-3468514421-691215125-1347498807-1000\...\MountPoints2: {a91eac5b-a7db-11e2-a819-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-3468514421-691215125-1347498807-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.100.74 192.168.100.1
Tcpip\..\Interfaces\{47B3186A-3C99-483A-A159-E172EC28533B}: [DhcpNameServer] 192.168.100.72 192.168.100.1
Tcpip\..\Interfaces\{EB7B4F6B-B634-4125-9114-AD7842414572}: [DhcpNameServer] 192.168.100.74 192.168.100.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3468514421-691215125-1347498807-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-11-04] (Nuance Communications, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-11-04] (Nuance Communications, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-22] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-22] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\djc\AppData\Roaming\Mozilla\Firefox\Profiles\8fyqsfzw.default [2018-03-25]
FF user.js: detected! => C:\Users\djc\AppData\Roaming\Mozilla\Firefox\Profiles\8fyqsfzw.default\user.js [2015-12-28]
FF Homepage: Mozilla\Firefox\Profiles\8fyqsfzw.default -> www.google.com
FF NetworkProxy: Mozilla\Firefox\Profiles\8fyqsfzw.default -> type", 0
FF Extension: (Video DownloadHelper) - C:\Users\djc\AppData\Roaming\Mozilla\Firefox\Profiles\8fyqsfzw.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-03-16]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-11-04] (Nuance Communications, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-11-04] (Nuance Communications, Inc.)
FF Plugin HKU\S-1-5-21-3468514421-691215125-1347498807-1000: @citrixonline.com/appdetectorplugin -> C:\Users\djc\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-11-03] (Citrix Online)

Chrome:
=======
CHR Profile: C:\Users\djc\AppData\Local\Google\Chrome\User Data\Default [2016-11-18]
CHR Extension: (Google Slides) - C:\Users\djc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-19]
CHR Extension: (Google Docs) - C:\Users\djc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-19]
CHR Extension: (Google Drive) - C:\Users\djc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-19]
CHR Extension: (YouTube) - C:\Users\djc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-19]
CHR Extension: (Google Sheets) - C:\Users\djc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-19]
CHR Extension: (Google Docs Offline) - C:\Users\djc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-18]
CHR Extension: (Kaspersky Protection) - C:\Users\djc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2016-06-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\djc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-19]
CHR Extension: (Gmail) - C:\Users\djc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 astcc; C:\Windows\SysWOW64\ASTSRV.EXE [61760 2009-08-11] (Nalpeiron Ltd.)
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [151616 2014-11-04] (Nuance Communications, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1940584 2017-12-18] (ESET)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2018-01-16] (Ellora Assets Corp.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
R2 NitroDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [324928 2009-08-11] (Nitro PDF Software)
R2 Realtek8723AU; C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe [45784 2013-07-02] (Realtek Semiconductor Corp.)
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-14] (TechSmith Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 A6100; C:\Windows\System32\DRIVERS\A6100.sys [4863752 2016-02-17] (Realtek Semiconductor Corporation )
R3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [134368 2018-01-19] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [107328 2018-01-19] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [180088 2018-01-19] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [106304 2018-01-19] (ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76200 2018-01-18] ()
R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193248 2018-03-18] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [109800 2018-03-25] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [45960 2018-03-25] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-03-25] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [92280 2018-03-25] (Malwarebytes)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X]
S3 NTACCESS; \??\D:\NTACCESS_64.sys [X]
S3 SetupNTGLM7X; \??\D:\NTGLM7X.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-25 16:58 - 2018-03-25 16:58 - 002403328 _____ (Farbar) C:\Users\djc\Downloads\FRST64(1).exe
2018-03-25 15:57 - 2018-03-25 15:57 - 000045960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-03-22 21:50 - 2018-03-22 21:50 - 000000118 _____ C:\Users\djc\Desktop\goth.txt
2018-03-21 21:55 - 2018-03-21 21:55 - 000000193 _____ C:\Users\djc\Desktop\aff alt rejects.txt
2018-03-21 21:14 - 2018-03-21 21:21 - 000000000 ____D C:\Users\djc\Desktop\cool pics
2018-03-21 16:26 - 2016-01-17 12:16 - 016105397 _____ C:\Users\djc\Desktop\sony_kdf-60-xs-955_chassis_la-3.pdf
2018-03-18 06:14 - 2018-03-25 16:04 - 000092280 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-03-18 06:14 - 2018-03-25 15:57 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-03-18 06:14 - 2018-03-25 15:57 - 000109800 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-03-18 06:14 - 2018-03-18 06:14 - 000193248 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-03-18 06:13 - 2018-03-18 06:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-18 06:13 - 2018-01-18 08:03 - 000076200 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-03-17 15:55 - 2018-03-17 15:58 - 000053988 _____ C:\Users\djc\Downloads\Addition.txt
2018-03-17 15:53 - 2018-03-25 16:59 - 000015830 _____ C:\Users\djc\Downloads\FRST.txt
2018-03-17 15:50 - 2018-03-25 16:58 - 000000000 ____D C:\FRST
2018-03-17 14:47 - 2018-03-17 14:48 - 002403328 _____ (Farbar) C:\Users\djc\Downloads\FRST64.exe
2018-03-17 14:14 - 2018-03-17 14:14 - 001222134 _____ C:\Users\djc\Desktop\craigslist Inquire within 1.vsdx
2018-03-17 13:36 - 2018-03-17 13:36 - 000000916 _____ C:\Users\djc\Desktop\bleeping computer post.txt
2018-03-17 13:15 - 2018-03-17 13:21 - 000207244 _____ C:\TDSSKiller.3.1.0.16_17.03.2018_13.15.54_log.txt
2018-03-17 13:15 - 2018-03-17 13:15 - 004944584 _____ (AO Kaspersky Lab) C:\Users\djc\Downloads\tdsskiller.exe
2018-03-17 12:30 - 2018-03-17 12:30 - 000001413 _____ C:\Users\kingd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-03-17 12:30 - 2018-03-17 12:30 - 000000000 ____D C:\Users\kingd\AppData\Roaming\Adobe
2018-03-17 12:28 - 2018-03-17 12:28 - 000000000 ____D C:\Users\kingd\AppData\Local\VirtualStore
2018-03-17 12:27 - 2018-03-17 12:29 - 000000000 ____D C:\Users\kingd
2018-03-17 12:27 - 2018-03-17 12:27 - 000000020 ___SH C:\Users\kingd\ntuser.ini
2018-03-17 12:27 - 2016-10-17 12:35 - 000000000 ____D C:\Users\kingd\AppData\Roaming\Macromedia
2018-03-17 12:27 - 2014-10-10 03:03 - 000000000 ____D C:\Users\kingd\AppData\Local\Microsoft Help
2018-03-17 12:27 - 2014-10-08 21:33 - 000002100 _____ C:\Users\kingd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2018-03-17 12:27 - 2009-07-14 03:45 - 000000000 ____D C:\Users\kingd\AppData\Roaming\Media Center Programs
2018-03-17 11:14 - 2018-03-22 08:32 - 000000000 ____D C:\Users\djc\Downloads\Downloads 4
2018-03-17 07:23 - 2018-03-17 07:23 - 000000903 _____ C:\Users\djc\Desktop\jim.txt
2018-03-16 17:35 - 2018-03-16 17:36 - 000000000 ____D C:\Users\djc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-03-16 05:38 - 2018-03-16 05:38 - 000002152 _____ C:\Users\djc\Desktop\frank email.txt
2018-03-13 15:33 - 2018-03-15 12:44 - 000000082 _____ C:\Users\djc\Desktop\Meech phones.txt
2018-03-12 07:48 - 2018-03-12 07:48 - 000000000 ____D C:\Users\djc\AppData\Local\ESET
2018-03-09 03:25 - 2018-03-09 03:25 - 000000000 ____D C:\Users\djc\AppData\Roaming\Nuance
2018-03-08 18:58 - 2018-03-08 18:58 - 000000023 _____ C:\Users\djc\Desktop\coredy 5g network name.txt
2018-03-08 16:43 - 2018-03-08 16:43 - 000002787 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Dragon NaturallySpeaking.lnk
2018-03-08 16:43 - 2018-03-08 16:43 - 000001866 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk
2018-03-08 16:43 - 2018-03-08 16:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking
2018-03-08 16:09 - 2018-03-08 16:09 - 000000000 ____D C:\Program Files (x86)\Nuance
2018-03-06 20:21 - 2018-03-06 20:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2018-03-06 20:21 - 2018-03-06 20:21 - 000000000 ____D C:\ProgramData\ESET
2018-03-06 20:21 - 2018-03-06 20:21 - 000000000 ____D C:\Program Files\ESET
2018-03-06 13:59 - 2018-03-06 13:59 - 000019546 _____ C:\Users\djc\Documents\Transports 2-6-18.xlsx
2018-03-05 16:08 - 2018-03-17 06:52 - 000000000 ____D C:\Users\djc\Downloads\Downloads 3
2018-03-04 15:42 - 2018-03-09 19:18 - 000000008 _____ C:\Users\djc\Desktop\medicaid id.txt
2018-03-04 11:42 - 2018-03-23 08:09 - 000024491 _____ C:\Users\djc\Desktop\Transports.xlsx
2018-03-02 21:32 - 2018-03-02 21:32 - 000000000 ____D C:\Users\djc\Desktop\3CDaemon
2018-02-26 19:00 - 2018-02-26 19:03 - 048895965 _____ C:\Users\djc\Downloads\fontfile10.zip
2018-02-26 19:00 - 2018-02-26 19:02 - 044254836 _____ C:\Users\djc\Downloads\fontfile9.zip
2018-02-26 18:56 - 2018-02-26 18:57 - 043073479 _____ C:\Users\djc\Downloads\fontfile7.zip
2018-02-26 18:56 - 2018-02-26 18:57 - 031720406 _____ C:\Users\djc\Downloads\fontfile8.zip
2018-02-26 18:52 - 2018-02-26 18:52 - 040896159 _____ C:\Users\djc\Downloads\fontfile6.zip
2018-02-26 18:51 - 2018-02-26 18:52 - 042923560 _____ C:\Users\djc\Downloads\fontfile5.zip
2018-02-26 18:49 - 2018-02-26 18:49 - 044339366 _____ C:\Users\djc\Downloads\fontfile4.zip
2018-02-26 18:48 - 2018-02-26 18:49 - 040842078 _____ C:\Users\djc\Downloads\fontfile3.zip
2018-02-26 18:47 - 2018-02-26 18:48 - 050263859 _____ C:\Users\djc\Downloads\Catalog.zip
2018-02-26 18:46 - 2018-02-26 18:47 - 053628230 _____ C:\Users\djc\Downloads\fontfile2.zip
2018-02-26 18:46 - 2018-02-26 18:47 - 047710988 _____ C:\Users\djc\Downloads\fontfile1.zip
2018-02-26 18:38 - 2018-02-26 18:44 - 438469892 _____ C:\Users\djc\Downloads\10000fonts.zip
2018-02-26 18:08 - 2018-02-28 21:07 - 000000000 ____D C:\Users\djc\Desktop\Clip art complete
2018-02-26 17:39 - 2018-02-28 21:02 - 000000000 ____D C:\Users\djc\Desktop\Clip art
2018-02-26 16:00 - 2018-02-26 16:00 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoPad Image Editor.lnk
==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-25 16:50 - 2017-07-10 13:36 - 000000000 ____D C:\Users\djc\AppData\Local\GoToMeeting
2018-03-25 16:50 - 2016-11-03 14:01 - 000003648 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-3468514421-691215125-1347498807-1000
2018-03-25 16:50 - 2016-11-03 14:01 - 000003552 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3468514421-691215125-1347498807-1000
2018-03-25 16:50 - 2016-11-03 14:01 - 000000618 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3468514421-691215125-1347498807-1000.job
2018-03-25 16:50 - 2016-11-03 14:01 - 000000522 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3468514421-691215125-1347498807-1000.job
2018-03-25 16:50 - 2013-04-18 00:22 - 000000000 ____D C:\Users\djc
2018-03-25 16:32 - 2015-06-16 20:00 - 000000910 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3468514421-691215125-1347498807-1000UA.job
2018-03-25 16:10 - 2016-11-20 12:52 - 000000000 ____D C:\Users\djc\AppData\LocalLow\Mozilla
2018-03-25 16:10 - 2009-07-14 00:45 - 000013632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-25 16:10 - 2009-07-14 00:45 - 000013632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-25 15:57 - 2013-04-18 01:05 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-25 15:57 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-22 17:15 - 2013-05-05 12:11 - 000000000 ____D C:\Users\djc\AppData\Roaming\vlc
2018-03-22 12:09 - 2018-02-02 18:35 - 000000000 ____D C:\Users\djc\Downloads\Captions slogans etc 2-2-18
2018-03-22 11:31 - 2015-06-16 20:00 - 000000858 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3468514421-691215125-1347498807-1000Core.job
2018-03-21 16:19 - 2017-04-12 11:36 - 000000000 ____D C:\Users\djc\Desktop\New Folder (10)
2018-03-19 00:31 - 2014-09-04 21:33 - 000000000 ____D C:\Users\djc\AppData\Roaming\Skype
2018-03-18 19:24 - 2018-02-03 15:19 - 000000000 ____D C:\ProgramData\TEMP
2018-03-18 15:44 - 2018-02-06 20:40 - 000001275 _____ C:\Users\djc\AppData\Roaming\SAS7_000.DAT
2018-03-18 06:53 - 2018-02-09 06:52 - 000000000 ____D C:\Users\djc\Downloads\App downloads
2018-03-17 05:46 - 2018-02-01 11:41 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-03-17 05:46 - 2013-06-04 22:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-16 19:13 - 2015-02-10 21:37 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-03-16 17:36 - 2014-12-08 21:38 - 000000000 ____D C:\Users\djc\AppData\Roaming\Dropbox
2018-03-16 16:12 - 2018-02-04 14:01 - 000000000 ____D C:\Users\djc\AppData\Roaming\BioniX Wallpaper Changer
2018-03-15 10:58 - 2015-12-20 14:36 - 000000000 ____D C:\Users\djc\Documents\Outlook Files
2018-03-12 05:34 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-03-11 15:49 - 2009-07-14 01:13 - 000782010 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-08 15:20 - 2014-12-05 00:48 - 000000000 ____D C:\Windows\system32\appmgmt
2018-03-06 20:43 - 2016-11-19 08:53 - 000032570 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-03-06 07:32 - 2018-02-04 20:14 - 000000000 ____D C:\Users\djc\Downloads\Downloads 2
2018-02-27 15:29 - 2016-08-21 09:06 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-27 02:06 - 2014-08-18 15:55 - 000000000 ____D C:\Windows\System32\Tasks\NCH Software
2018-02-26 17:17 - 2015-02-07 14:50 - 000000000 ____D C:\ProgramData\Package Cache
2018-02-26 17:14 - 2015-01-19 20:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2018-02-26 16:00 - 2015-12-12 00:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graphics Related Programs
2018-02-26 16:00 - 2015-10-08 17:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2018-02-26 16:00 - 2015-09-13 05:59 - 000000000 ____D C:\Users\djc\AppData\Roaming\NCH Software
2018-02-26 16:00 - 2014-08-18 15:54 - 000000000 ____D C:\ProgramData\NCH Software
2018-02-26 16:00 - 2014-08-18 15:54 - 000000000 ____D C:\Program Files (x86)\NCH Software
2018-02-26 07:51 - 2016-08-21 09:05 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-24 07:33 - 2013-04-24 21:09 - 000000000 ____D C:\Users\UpdatusUser

==================== Files in the root of some directories =======

2014-11-30 00:12 - 2015-12-24 01:38 - 000000637 _____ () C:\Users\djc\AppData\Roaming\pacemaker.ini
2014-11-30 00:12 - 2014-11-30 00:12 - 000000010 _____ () C:\Users\djc\AppData\Roaming\pacemaker_songparams.txt
2018-02-06 20:40 - 2018-03-18 15:44 - 000001275 _____ () C:\Users\djc\AppData\Roaming\SAS7_000.DAT
2015-01-19 23:46 - 2015-09-11 10:46 - 000007168 _____ () C:\Users\djc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-19 08:01

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by djc (25-03-2018 17:00:21)
Running from C:\Users\djc\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2013-04-18 04:22:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3468514421-691215125-1347498807-500 - Administrator - Disabled)
djc (S-1-5-21-3468514421-691215125-1347498807-1000 - Administrator - Enabled) => C:\Users\djc
Guest (S-1-5-21-3468514421-691215125-1347498807-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3468514421-691215125-1347498807-1002 - Limited - Enabled)
kingd (S-1-5-21-3468514421-691215125-1347498807-1004 - Administrator - Enabled) => C:\Users\kingd
UpdatusUser (S-1-5-21-3468514421-691215125-1347498807-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3468514421-691215125-1347498807-1000\...\uTorrent) (Version: 3.4.2.36615 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Amazing Resume Creator (HKLM-x32\...\{12B8A383-783C-4A3E-1163-7BF3E5F31D3C}) (Version: 3.1.4 - CareerJimmy, LLC.) Hidden
Amazing Resume Creator (HKLM-x32\...\careerjimmy.arc) (Version: 3.1.4 - CareerJimmy, LLC.)
BioniX Wallpaper Changer v10 (HKU\S-1-5-21-3468514421-691215125-1347498807-1000\...\BioniX Wallpaper Changer v10) (Version: - )
Brain Games - Chess (HKLM-x32\...\ Brain Games - Chess) (Version: - )
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Camtasia Studio 8 (HKLM-x32\...\{BFA04EE0-8240-4667-8D53-45496A901C33}) (Version: 8.1.2.1327 - TechSmith Corporation)
Citrix Online Launcher (HKLM-x32\...\{75FCE33E-4E0C-4CE1-ADF0-75F258DF27A0}) (Version: 1.0.445 - Citrix)
CleanUp! (HKLM-x32\...\CleanUp!) (Version: - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 5.00 - NCH Software)
DFX (HKLM-x32\...\DFX) (Version: 11.112.0.0 - Power Technology)
Dimension Pro 1.5 (HKLM-x32\...\DimensionPro_x64_is1) (Version: 18.0 - Cakewalk Music Software)
Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
Dropbox (HKU\S-1-5-21-3468514421-691215125-1347498807-1000\...\Dropbox) (Version: 45.4.92 - Dropbox, Inc.)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WorkForce 520 Series Printer Uninstall (HKLM\...\EPSON WorkForce 520 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Security (HKLM\...\{B489BC2D-0079-4631-97BF-CA2378299D43}) (Version: 11.0.159.9 - ESET, spol. s r.o.)
Express Burn (HKLM-x32\...\ExpressBurn) (Version: - NCH Software)
Express Rip CD Ripper Software (HKLM-x32\...\ExpressRip) (Version: 1.97 - NCH Software)
EZdrummer (HKLM-x32\...\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}) (Version: 1.0 - Toontrack)
EZXCocktail (HKLM-x32\...\{147567F0-8575-4BE0-B5B3-62706C67FA5A}) (Version: 1.0 - Toontrack)
Freemake Video Converter version 4.1.10.1 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.10.1 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.1 - Ellora Assets Corporation)
GoToMeeting 8.23.0.8557 (HKU\S-1-5-21-3468514421-691215125-1347498807-1000\...\GoToMeeting) (Version: 8.23.0.8557 - LogMeIn, Inc.)
HP DeskJet 2600 series Basic Device Software (HKLM\...\{8DA7A239-79C2-49FC-826B-DD26A559FF60}) (Version: 43.2.2474.17192 - HP Inc.)
HP DeskJet 2600 series Help (HKLM-x32\...\{9A36A9D9-787C-4E75-914B-CF133FA88FC9}) (Version: 44.0.0 - HP)
HP Dropbox Plugin (HKLM-x32\...\{C68BD3B6-3CC4-4871-94D1-3412A571001F}) (Version: 36.0.100.66344 - HP)
HP EmailSMTP Plugin (HKLM-x32\...\{763E42DC-F6DB-49E5-AAFD-CC3273F858CB}) (Version: 43.0.0.0 - HP)
HP FTP Plugin (HKLM-x32\...\{1E02EFE9-1EDB-4EE4-B02F-1B23C9AF3CD5}) (Version: 43.0.0.0 - HP)
HP Google Drive Plugin (HKLM-x32\...\{ADA6C223-3EEA-4CAF-822A-5380A7A40342}) (Version: 36.0.100.66344 - HP)
HP OneDrive Plugin (HKLM-x32\...\{16DB1A9B-1180-43E7-BE29-7201EE339206}) (Version: 36.0.0.0 - HP)
HP SharePoint Plugin (HKLM-x32\...\{1F73FB9B-71BC-47F8-8AA6-DA9076E4E52B}) (Version: 43.0.0.0 - HP)
ICND1 100-105 Network Simulator Lite (HKLM-x32\...\ICND1 100-105 Network Simulator Lite) (Version: 4.0.0.4 - Pearson IT Certification)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
M-Audio Delta 6.0.8 (x64) (HKLM\...\{16B2C43D-6C49-4A56-957D-E40CEAA2AC06}) (Version: 6.0.8 - M-Audio)
Melodyne Runtime 4.1 (x64) (HKLM\...\{53EE2829-E9DB-4913-B3EA-96F10F84E98B}) (Version: 1.0.1 - Celemony Software GmbH)
Melodyne singletrack (HKLM-x32\...\{16DF894D-FC3F-4B87-908D-671E201CD7A8}) (Version: 2.01.0115 - Celemony Software GmbH)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3468514421-691215125-1347498807-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Firefox 59.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.1 (x64 en-US)) (Version: 59.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.1 - Mozilla)
MSI Afterburner 2.0.0 Beta 4 (HKLM-x32\...\Afterburner) (Version: 2.0.0 Beta 4 - MSI Co., LTD)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NETGEAR A6100 Genie (HKLM-x32\...\{15D27BA3-6CCD-4848-8925-07EF083492AD}) (Version: 1.0.0.32 - NETGEAR) Hidden
NETGEAR A6100 Genie (HKLM-x32\...\InstallShield_{15D27BA3-6CCD-4848-8925-07EF083492AD}) (Version: 1.0.0.32 - NETGEAR)
Nitro PDF Professional (HKLM\...\{EBDD81CB-0F14-4A85-9497-82A620C8F746}) (Version: 6.0.0.29 - Nitro PDF Software)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PaceMaker plug-in for Winamp (HKLM-x32\...\PaceMaker plug-in) (Version: 2.6 - PaceMaker plug-inc.)
Pearson IT Certification Practice Test (HKLM-x32\...\Pearson IT Certification Practice Test_is1) (Version: 1.0.0.25 - Pearson IT Certification)
PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 4.00 - NCH Software)
Pixillion Image Converter (HKLM-x32\...\Pixillion) (Version: 2.93 - NCH Software)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 4.01 - NCH Software)
Rapture 1.2.2 (HKLM-x32\...\Rapture_x64_is1) (Version: 18.0 - Cakewalk Music Software)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-003B-0000-1000-0000000FF1CE}_Office15.PRJPRO_{6E5C415F-1388-4BA6-B926-C19318BE6075}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0051-0000-1000-0000000FF1CE}_Office15.VISPROR_{F0C12872-B60D-4E37-A2F9-20C46A5E1F1A}) (Version: - Microsoft)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
SmartCapture V1.9.2 (HKLM-x32\...\SmartCapture) (Version: - )
Snagit 2018 (HKLM\...\{9FCB7D42-CDC5-4F19-8672-BC3185B25779}) (Version: 18.1.0 - TechSmith Corporation)
SONAR 7 Producer Edition (HKLM-x32\...\SONARProducer_x64_is1) (Version: 15.0 - Cakewalk Music Software)
SONAR X3 Producer (x64) (HKLM-x32\...\SONARX3Producer_x64_is1) (Version: 20.0 - Cakewalk Music Software)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TotalMovieConverter (HKLM-x32\...\Total Movie Converter_is1) (Version: - Helmsman, Inc.)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version: - Microsoft)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 6.00 - NCH Software)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.61 - NCH Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3468514421-691215125-1347498807-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\djc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3468514421-691215125-1347498807-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\djc\AppData\Local\Citrix\GoToMeeting\5742\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-3468514421-691215125-1347498807-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\djc\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3468514421-691215125-1347498807-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\djc\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3468514421-691215125-1347498807-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\djc\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3468514421-691215125-1347498807-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\djc\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3468514421-691215125-1347498807-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\djc\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3468514421-691215125-1347498807-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\djc\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3468514421-691215125-1347498807-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\djc\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3468514421-691215125-1347498807-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\djc\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3468514421-691215125-1347498807-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\djc\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3468514421-691215125-1347498807-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\djc\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3468514421-691215125-1347498807-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\djc\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3468514421-691215125-1347498807-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\djc\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3468514421-691215125-1347498807-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\djc\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3468514421-691215125-1347498807-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\djc\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3468514421-691215125-1347498807-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\djc\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3468514421-691215125-1347498807-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\djc\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3468514421-691215125-1347498807-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\djc\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\djc\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\djc\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\djc\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\djc\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\djc\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\djc\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\djc\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\djc\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1-x32: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-12-18] (ESET)
ContextMenuHandlers1-x32: [NPShellExtension] -> {D0DC6B97-C6FA-4B42-9649-5891A97E5005} => C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NPShellExtension64.dll [2009-08-11] ()
ContextMenuHandlers1-x32: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files\TechSmith\Snagit 2018\DLLx64\SnagitShellExt64.dll [2018-01-25] (TechSmith Corporation)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-12-18] (ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4-x32: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files\TechSmith\Snagit 2018\DLLx64\SnagitShellExt64.dll [2018-01-25] (TechSmith Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2013-01-18] (NVIDIA Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-12-18] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-3468514421-691215125-1347498807-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\djc\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-3468514421-691215125-1347498807-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\djc\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-3468514421-691215125-1347498807-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\djc\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08A8D9B2-11F0-405C-98B5-E0D7B3C9D372} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {08A8D9B2-11F0-405C-98B5-E0D7B3C9D372} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {08A8D9B2-11F0-405C-98B5-E0D7B3C9D372} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)
Task: {09E0B341-1C95-4C7A-B15D-B9D72EE76956} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {10557423-1EFB-4290-BC3F-92A01861C102} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3468514421-691215125-1347498807-1000UA => C:\Users\djc\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {11C30FA2-A24A-4C1D-A02F-B3A534DE96CA} - System32\Tasks\G2MUpdateTask-S-1-5-21-3468514421-691215125-1347498807-1000 => C:\Users\djc\AppData\Local\GoToMeeting\8557\g2mupdate.exe [2018-03-25] (LogMeIn, Inc.)
Task: {308695FF-6560-4254-83F1-07AE458CC0A9} - System32\Tasks\{CE9DD28D-1CE8-4ADB-8347-B7BD7227E43C} => C:\Windows\system32\pcalua.exe -a "C:\Users\djc\Downloads\Camtasia Studio 8.4.3 Build 1699 Incl Serial\camtasia.exe" -d "C:\Users\djc\Downloads\Camtasia Studio 8.4.3 Build 1699 Incl Serial"
Task: {3091AC12-8CE2-461C-8D75-27A4C21C4EF2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {3865EFAB-D8B5-4AEC-8CA3-A93486100BFF} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {3865EFAB-D8B5-4AEC-8CA3-A93486100BFF} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)
Task: {38882187-59F4-4A3E-BDAB-40F255FFFA82} - System32\Tasks\G2MUploadTask-S-1-5-21-3468514421-691215125-1347498807-1000 => C:\Users\djc\AppData\Local\GoToMeeting\8557\g2mupload.exe [2018-03-25] (LogMeIn, Inc.)
Task: {69487ED8-7F7F-4442-AADF-9672DAE34106} - System32\Tasks\{0A467D9C-C473-49E7-AB18-08D001EFC5FA} => C:\Windows\system32\pcalua.exe -a D:\Setup.EXE -d D:\
Task: {BBF92571-010A-4844-8984-B088B834919B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {DFEB2872-FABE-4D0B-A00E-64EFE0D4B0E9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {EBF21B20-0B0E-4BBB-A4A7-4DD01B6041BF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3468514421-691215125-1347498807-1000Core => C:\Users\djc\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {F176CAF3-AD5E-43F2-86C4-EB52E513FD33} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {F176CAF3-AD5E-43F2-86C4-EB52E513FD33} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3468514421-691215125-1347498807-1000Core.job => C:\Users\djc\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3468514421-691215125-1347498807-1000UA.job => C:\Users\djc\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3468514421-691215125-1347498807-1000.job => C:\Users\djc\AppData\Local\GoToMeeting\8557\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3468514421-691215125-1347498807-1000.job => C:\Users\djc\AppData\Local\GoToMeeting\8557\g2mupload.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\djc\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm

==================== Loaded Modules (Whitelisted) ==============

2013-04-24 21:08 - 2013-01-18 11:00 - 000087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-03-18 06:13 - 2018-02-05 14:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-18 06:13 - 2018-03-01 10:31 - 002488608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 008898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-01-07 10:17 - 2016-01-07 10:17 - 000094208 _____ () C:\Program Files (x86)\NETGEAR\A6100\Realtek.dll
2012-11-06 10:47 - 2012-11-06 10:47 - 000114688 _____ () C:\Program Files (x86)\NETGEAR\A6100\EnumDevLib.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:AstInfo [0]
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [261]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3468514421-691215125-1347498807-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\djc\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.100.74 - 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR A6100 Genie.lnk => C:\Windows\pss\NETGEAR A6100 Genie.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^djc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^djc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Cartridge Alerts - HP DJ 2600 series.lnk => C:\Windows\pss\Monitor Cartridge Alerts - HP DJ 2600 series.lnk.Startup
MSCONFIG\startupfolder: C:^Users^djc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SmartCapture.lnk => C:\Windows\pss\SmartCapture.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Bionix Wallpaper 10 => "C:\BioniX Wallpaper\Bionix Wallpaper 10.exe"
MSCONFIG\startupreg: Chromium => "c:\users\djc\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
MSCONFIG\startupreg: DFX => C:\Program Files (x86)\DFX\DFX.exe -startup
MSCONFIG\startupreg: DNS7reminder => "C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking13\Ereg.ini"
MSCONFIG\startupreg: Dropbox Update => "C:\Users\djc\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: Fitbit Connect => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: M-Audio Taskbar Icon => C:\Windows\system32\DeltaIITray.exe
MSCONFIG\startupreg: ProductUpdater => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: TechSmithSnagit => "C:\Program Files\TechSmith\Snagit 2018\Snagit32.exe" /i
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{99FDFAFF-B82A-4FC0-8AAA-F71EEB71047A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{68BF88CC-337F-4AEC-97BE-8823245617F2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{623D4073-616D-4F4C-81B5-DE7C703271D4}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{4376FC13-1CB1-4A68-80A5-FAB962A2DB45}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{09CB6C8A-7491-4782-8F05-6C4F8FB570A7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0C396304-05B9-41A9-9D3D-09828DF35216}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{4C1B9A9C-5E21-4C6E-95CA-D02B7ED58DFC}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{8FA6DD7B-2F9D-4190-82A2-06FF40DECAF4}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{92411C7D-F9F3-4FB5-BB70-3AD30511FF1F}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{7B4A660C-47AE-4269-9658-D86C0E993063}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [TCP Query User{98D5BE39-B795-471F-9CD4-20D601FEB197}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{8CEA748C-2DAF-491E-9489-D8F181DC3695}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{6A9135CD-992A-4A85-A960-D6835C51837A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5064D3E5-F6F0-4424-B530-CE1D517FF0FD}] => (Allow) C:\Users\djc\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{9FD655CD-9DEA-4283-B7DD-930D4E4ED977}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BDCC53F5-3E5C-41C2-A0FD-9E5F1787EA86}] => (Allow) LPort=2869
FirewallRules: [{99609307-CCD2-4C63-A038-DE3B70A73D92}] => (Allow) LPort=1900
FirewallRules: [{291628B5-AA3C-43FA-AAEC-0CE14C867ECC}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{02B9E0B0-C310-40E0-99F4-BBF6984435AD}] => (Allow) C:\Users\djc\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A1EB3091-36B5-44F6-92C5-283E3E36EC94}] => (Allow) C:\Users\djc\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{20B8D728-FBC9-40D4-8A91-272B59851360}] => (Block) %ProgramFiles% (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
FirewallRules: [{97F5C58F-A147-401D-87C0-D0D5743EB4C2}] => (Allow) C:\Users\djc\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9CC7C398-4E68-4BCD-821B-D6436660FC6E}] => (Allow) C:\Users\djc\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{1AE3C6C4-7998-4F0F-BC1C-3FF554C190FE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0A3BEBAA-644D-490A-AD93-17CC18C797E9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{668EBB14-C435-4808-B0BA-18FCCA1FB9E2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{BBECB519-57A0-4B5A-8980-835007300AB1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{F25A2C8B-56BA-494C-8BA0-3DC5491F55F7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5BC4FB74-7F0D-4850-AB4D-F6A0BE3170A5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{D223B641-6678-4DA4-9AF5-31C9E7207778}C:\users\djc\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\djc\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{C700A5D1-8A62-473F-8126-EFF688E53E11}C:\users\djc\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\djc\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{25799161-F1AB-4EF6-AECB-92C9321AA3CF}E:\backups\3cdaemon\3cdaemon.exe] => (Allow) E:\backups\3cdaemon\3cdaemon.exe
FirewallRules: [UDP Query User{FEEF2E07-545A-4E44-972D-A5EDC4DEA15E}E:\backups\3cdaemon\3cdaemon.exe] => (Allow) E:\backups\3cdaemon\3cdaemon.exe
FirewallRules: [{0AAA7F81-3BEC-4DD1-B308-65AEF349CF2F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D2CB76DA-44FB-4362-B0AF-75BCD69444FB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A4C9A59D-0ADB-47C4-A0DC-CE5BF336807E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D52990E8-E3FB-4116-A691-7233E1CD3B2B}] => (Allow) C:\Program Files\HP\HP DeskJet 2600 series\bin\DigitalWizards.exe
FirewallRules: [{54CB3F24-EBB5-4A98-8ACF-46FAC1FDFDC6}] => (Allow) C:\Program Files\HP\HP DeskJet 2600 series\Bin\DeviceSetup.exe
FirewallRules: [{3A38A524-CA68-4F24-AAF1-6C6F47AD15A7}] => (Allow) LPort=5357
FirewallRules: [{8477AA7F-ED50-4901-BCC2-4C93703201D2}] => (Allow) C:\Program Files\HP\HP DeskJet 2600 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{FC465F33-FA40-4FD4-B1E8-DDC935E6706C}] => (Allow) LPort=8298
FirewallRules: [{83373EA9-08E3-4890-BD10-3468B68B6387}] => (Allow) LPort=51001
FirewallRules: [TCP Query User{08158CA2-63E5-4689-A6A6-48B295700326}C:\users\djc\desktop\3cdaemon\3cdaemon.exe] => (Block) C:\users\djc\desktop\3cdaemon\3cdaemon.exe
FirewallRules: [UDP Query User{9C6D1953-90FC-4DEC-AF40-9C98CC8CDEEB}C:\users\djc\desktop\3cdaemon\3cdaemon.exe] => (Block) C:\users\djc\desktop\3cdaemon\3cdaemon.exe

==================== Restore Points =========================

16-03-2018 00:00:05 Scheduled Checkpoint
16-03-2018 19:11:20 Removed Fitbit Connect

==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Description: Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/23/2018 07:47:46 AM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-03-23T13:34:46Z. Error Code: 0x80041321.

Error: (03/23/2018 07:39:52 AM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-03-23T13:33:52Z. Error Code: 0x80041321.

Error: (03/22/2018 09:02:48 PM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-03-23T02:56:48Z. Error Code: 0x80041321.

Error: (03/22/2018 07:02:48 PM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-03-23T00:56:48Z. Error Code: 0x80041321.

Error: (03/22/2018 05:56:13 PM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-03-22T23:50:13Z. Error Code: 0x80041321.

Error: (03/22/2018 03:32:53 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/22/2018 02:33:14 PM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-03-22T20:27:14Z. Error Code: 0x80041321.

Error: (03/22/2018 12:33:14 PM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-03-22T18:27:14Z. Error Code: 0x80041321.


System errors:
=============
Error: (03/25/2018 04:02:16 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Search service hung on starting.

Error: (03/25/2018 04:01:05 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/25/2018 03:57:57 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/25/2018 03:57:47 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/25/2018 03:57:39 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/25/2018 03:57:31 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/25/2018 03:57:25 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/25/2018 03:57:22 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Windows Defender:
===================================
Date: 2015-05-06 03:17:04.937
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{0034B01D-EC05-4D14-93D8-66977832DF3C}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2014-10-30 06:39:13.953
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{15D42ADB-13D8-4FA0-A6E8-C88A68988AB2}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2014-08-22 04:38:43.234
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/SquareNet&threatid=204428
Name:SoftwareBundler:Win32/SquareNet
ID:204428
Severity:Severe
Category:Software Bundler
Path Found:file:C:\ProgramData\NetworkHostTask\vmhost.exe.download;file:C:\ProgramData\Online\sv.exe;file:C:\Users\djc\AppData\Roaming\device\d.exe;file:C:\Users\djc\AppData\Roaming\device\r.txt;file:C:\Users\djc\AppData\Roaming\device\t.txt;file:C:\Users\djc\AppData\Roaming\serv\download.dat;folder:C:\ProgramData\NetworkHostTask\;folder:C:\ProgramData\Online\;folder:C:\Users\djc\AppData\Roaming\device\;folder:C:\Users\djc\AppData\Roaming\serv\;process:pid:1764,ProcessStart:130531481886644422;regkey:HKLM\SOFTWARE\CLASSES\TYPELIB\{DCEE70C6-FA43-4B67-A889-80AF260D2435}\1.0;regkey:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{DCEE70C6-FA43-4B67-A889-80AF260D2435}\1.0;service:NetworkHostSrv;typelib:HKLM\SOFTWARE\CLASSES\TYPELIB\{DCEE70C6-FA43-4B67-A889-80AF260D2435};typelib:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{DCEE70C6-FA43-4B67-A889-80AF260D2435};typelibversion:HKLM\SOFTWARE\CLASSES\TYPELIB\{DCEE70C6-FA43-4B67-A889-80AF260D2435}\1.0;typelibversion:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{DCEE70C6-FA43-4B67-A889-80AF2
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:C:\Windows\System32\svchost.exe

Date: 2014-08-21 22:33:26.401
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/SquareNet&threatid=204428
Name:SoftwareBundler:Win32/SquareNet
ID:204428
Severity:Severe
Category:Software Bundler
Path Found:file:C:\ProgramData\NetworkHostTask\vmhost.exe.download;file:C:\ProgramData\Online\sv.exe;file:C:\Users\djc\AppData\Roaming\device\d.exe;folder:C:\ProgramData\NetworkHostTask\;folder:C:\ProgramData\Online\;folder:C:\Users\djc\AppData\Roaming\device\;folder:C:\Users\djc\AppData\Roaming\serv\;process:pid:1764,ProcessStart:130531481886644422;regkey:HKLM\SOFTWARE\CLASSES\TYPELIB\{DCEE70C6-FA43-4B67-A889-80AF260D2435}\1.0;regkey:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{DCEE70C6-FA43-4B67-A889-80AF260D2435}\1.0;service:NetworkHostSrv;typelib:HKLM\SOFTWARE\CLASSES\TYPELIB\{DCEE70C6-FA43-4B67-A889-80AF260D2435};typelib:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{DCEE70C6-FA43-4B67-A889-80AF260D2435};typelibversion:HKLM\SOFTWARE\CLASSES\TYPELIB\{DCEE70C6-FA43-4B67-A889-80AF260D2435}\1.0;typelibversion:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{DCEE70C6-FA43-4B67-A889-80AF260D2435}\1.0
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:C:\Windows\System32\svchost.exe

Date: 2014-08-21 22:33:05.788
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/SquareNet&threatid=204428
Name:SoftwareBundler:Win32/SquareNet
ID:204428
Severity:Severe
Category:Software Bundler
Path Found:file:C:\ProgramData\Online\sv.exe;process:pid:1764,ProcessStart:130531481886644422
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:C:\Windows\System32\svchost.exe

Date: 2017-01-30 08:00:02.215
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80508001
Error description:A problem is preventing the program from starting. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Signature version:1.205.797.0
Engine version:1.1.12002.0

CodeIntegrity:
===================================

Date: 2015-03-09 23:51:38.883
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-09 23:51:38.882
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-09 23:51:38.880
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-09 23:51:38.818
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-09 23:51:38.814
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-09 23:51:38.811
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-09 23:51:38.760
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-09 23:51:38.756
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Phenom™ II X4 965 Processor
Percentage of memory in use: 67%
Total physical RAM: 4093.55 MB
Available physical RAM: 1329.56 MB
Total Virtual: 8185.31 MB
Available Virtual: 4412.37 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:66.61 GB) NTFS
Drive e: (2TB 0) (Fixed) (Total:1863.01 GB) (Free:368.87 GB) NTFS
Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (2TB 1) (Fixed) (Total:1863.01 GB) (Free:462.93 GB) NTFS
Drive h: () (Fixed) (Total:465.66 GB) (Free:375.59 GB) NTFS

\\?\Volume{a91eac57-a7db-11e2-a819-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: A175A83F)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 36A55739)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: E980D1C3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: A175A83E)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Edited by Oh My!, 27 March 2018 - 07:43 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:07 PM

Posted 27 March 2018 - 07:31 PM

Greetings maddbassist and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please be sure to edit out all offensive information contained in any of the information you post on the site. I modified your latest reports to remove the items.

Please do this.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply

Edited by Oh My!, 27 March 2018 - 07:56 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:07 PM

Posted 30 March 2018 - 09:38 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:07 PM

Posted 01 April 2018 - 08:29 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:07 PM

Posted 03 April 2018 - 08:11 PM

This topic has been re-opened at the request of the person who originally posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 maddbassist

maddbassist
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 PM

Posted 04 April 2018 - 07:14 AM

Here is my CKScan output as requested...

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\cakewalk content\audio library\loops\loopmasters\house techno trance\john flemming and digital blonde\00db_tamb_cracking-dry_133.rx2
c:\cakewalk content\audio library\loops\sample magic\breakbusters\breaks_synthloop_130_digicrackler_f.rx2
c:\cakewalk content\audio library\loops\sample magic\nu-rave\nr_syn130_crackline2_gb.rx2
c:\program files\cakewalk\vstplugins\rxp\contents\loopmasters\rex loops\house techno trance\john flemming and digital blonde\00db_tamb_cracking-dry_133.rx2
c:\program files\cakewalk\vstplugins\rxp\contents\sample magic\rex loops\house techno trance\john flemming and digital blonde\00db_tamb_cracking-dry_133.rx2
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack5.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack6.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack7.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z1\bonhatclosedshankz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z1\bonhatclosedshankz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z1\bonhatclosedshankz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z1\bonhatclosedshankz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z4\bonhatclosedshankz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z4\bonhatclosedshankz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z4\bonhatclosedshankz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z4\bonhatclosedshankz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z1\bonhatclosedtipz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z1\bonhatclosedtipz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z1\bonhatclosedtipz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z1\bonhatclosedtipz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z4\bonhatclosedtipz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z4\bonhatclosedtipz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z4\bonhatclosedtipz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z4\bonhatclosedtipz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z1\bonhatopenshankz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z1\bonhatopenshankz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z1\bonhatopenshankz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z1\bonhatopenshankz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z4\bonhatopenshankz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z4\bonhatopenshankz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z4\bonhatopenshankz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z4\bonhatopenshankz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z1\bonhatopentipz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z1\bonhatopentipz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z1\bonhatopentipz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z1\bonhatopentipz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z4\bonhatopentipz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z4\bonhatopentipz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z4\bonhatopentipz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z4\bonhatopentipz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z1\hat3closedshankz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z1\hat3closedshankz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z1\hat3closedshankz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z1\hat3closedshankz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z4\hat3closedshankz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z4\hat3closedshankz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z4\hat3closedshankz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z4\hat3closedshankz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z1\hat3closedtipz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z1\hat3closedtipz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z1\hat3closedtipz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z1\hat3closedtipz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z4\hat3closedtipz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z4\hat3closedtipz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z4\hat3closedtipz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z4\hat3closedtipz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z1\hat3openshankz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z1\hat3openshankz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z1\hat3openshankz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z1\hat3openshankz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z4\hat3openshankz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z4\hat3openshankz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z4\hat3openshankz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z4\hat3openshankz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z1\hat3opentipz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z1\hat3opentipz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z1\hat3opentipz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z1\hat3opentipz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z4\hat3opentipz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z4\hat3opentipz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z4\hat3opentipz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z4\hat3opentipz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash18z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash18z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash18z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash18z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz4crack4.flac
scanner sequence 3.ZZ.11.TKLBU0
 ----- EOF -----
 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:07 PM

Posted 04 April 2018 - 09:26 AM

Greetings Dan.

Thank you for the information.

When you try to end a process are you getting an Access denied error or something else. Confirm that you are currently unable to stop all non-Microsoft processes as well?

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.


===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time (there is no need to paste the information anywhere)
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3468514421-691215125-1347498807-1000\...\MountPoints2: {a91eac5b-a7db-11e2-a819-806e6f6e6963} - D:\setup.exe
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X]
S3 NTACCESS; \??\D:\NTACCESS_64.sys [X]
S3 SetupNTGLM7X; \??\D:\NTGLM7X.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
AlternateDataStreams: C:\Windows:AstInfo [0]
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [261]
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Reply to questions
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 maddbassist

maddbassist
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 PM

Posted 05 April 2018 - 07:31 AM

Fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by djc (05-04-2018 08:15:28) Run:1
Running from C:\Users\djc\Downloads
Loaded Profiles: djc & UpdatusUser (Available Profiles: djc & UpdatusUser & kingd)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3468514421-691215125-1347498807-1000\...\MountPoints2: {a91eac5b-a7db-11e2-a819-806e6f6e6963} - D:\setup.exe
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X]
S3 NTACCESS; \??\D:\NTACCESS_64.sys [X]
S3 SetupNTGLM7X; \??\D:\NTGLM7X.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
AlternateDataStreams: C:\Windows:AstInfo [0]
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [261]
emptytemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-3468514421-691215125-1347498807-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a91eac5b-a7db-11e2-a819-806e6f6e6963}" => removed successfully
HKLM\Software\Classes\CLSID\{a91eac5b-a7db-11e2-a819-806e6f6e6963} => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}" => removed successfully
"HKLM\Software\Classes\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}" => removed successfully
"HKLM\System\CurrentControlSet\Services\GMSIPCI" => removed successfully
GMSIPCI => service removed successfully
"HKLM\System\CurrentControlSet\Services\NTACCESS" => removed successfully
NTACCESS => service removed successfully
"HKLM\System\CurrentControlSet\Services\SetupNTGLM7X" => removed successfully
SetupNTGLM7X => service removed successfully
"HKLM\System\CurrentControlSet\Services\Synth3dVsc" => removed successfully
Synth3dVsc => service removed successfully
"HKLM\System\CurrentControlSet\Services\tsusbhub" => removed successfully
tsusbhub => service removed successfully
"HKLM\System\CurrentControlSet\Services\VGPU" => removed successfully
VGPU => service removed successfully
C:\Windows => ":AstInfo" ADS removed successfully
C:\ProgramData\TEMP => ":0FF263E8" ADS removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 117921840 B
Java, Flash, Steam htmlcache => 35051 B
Windows/system/drivers => 486831400 B
Edge => 0 B
Chrome => 862156 B
Firefox => 412977954 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 97597965 B
systemprofile32 => 66356 B
LocalService => 132244 B
NetworkService => 901144 B
djc => 2189644463 B
UpdatusUser => 0 B
kingd => 50620 B

RecycleBin => 58372308 B
EmptyTemp: => 3.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:18:21 ====

 

Answers...

 

I get Action could not be completed, Access is denied when I try to shutdown processes.

 

Also, I haven't used the uTorrent app in a long time, will gladly remove it. Just remove in Programs in Control Panel, or is there another method you would recommend?

 

Thank you for your help G.



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:07 PM

Posted 05 April 2018 - 01:05 PM

Greetings.

Yes, you can remove uTorrent via Control Panel.

Please do this.
  • Open Task Manager and confirm dgnsvc.exe is listed under the Processes tab of Task Manager
  • Click Start, type cmd, right click on cmd above and select Run as administrator
  • Confirm the top bar says Administrator: C:\Windows\System32\cmd.exe
  • Type taskkill /f /im dgnsvc.exe and hit Enter
  • Tell me if the process stopped
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 maddbassist

maddbassist
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 PM

Posted 05 April 2018 - 05:35 PM

dgnsvc.exe is not in the process list...



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:07 PM

Posted 05 April 2018 - 06:10 PM

Please replace dgnsvc.exe with one of the non-Microsoft processes you do see that you are unable to stop.


Edited by Oh My!, 05 April 2018 - 06:55 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 maddbassist

maddbassist
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 PM

Posted 06 April 2018 - 12:38 PM

I am able to stop processes now :)  I just tried services for the hay of it, but can't stop running processes. Is that normal? Computer is running better...



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:07 PM

Posted 06 April 2018 - 01:33 PM

There are certain Services that are protected and you are not able to stop them.

Are you experiencing any other "Administrator" type issues where it seems you lack permissions?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users