64-bit Operating System, x64-based processor
Windows 10
I was playing tankionline.com when a strange chrome update request popped up. I tried to close it but could not. I tried to close the entire window when another window popped up.
I tried closing that window when Windows notifications started alerting me of a virus and Windows' intentions of removing it. It was late, I shutdown the machine.
Today when I look at installed 'Programs and Features' "BingProvidedSearch" shows up at the top of the list (installed on 15/08/2016 ( installed today)).
In 'Task Manager' 'Startup' "ProductUpdater" is also listed and my google searches do not look promising for this either.
I have pasted the logs below.
*** FRST.txt ***
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-08-2016 01
Ran by Eva (administrator) on HENRY-PC (15-08-2016 19:00:40)
Running from C:\Users\Eva\Desktop
Loaded Profiles: Eva & postgres (Available Profiles: HENRY & Eva & postgres & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Sage) C:\Program Files (x86)\winsim\ConnectionManager\SimplyConnectionManager.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Spotify Ltd) C:\Users\Eva\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Sage) C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\SmartScreenSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-09-16] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [ConnectionManager] => C:\Program Files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe [372232 2016-06-10] (Sage)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2372800 2014-11-26] (Microsoft Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1519176 2014-04-30] (Seagate Technology LLC)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [85600 2013-11-26] (Nullsoft, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23546672 2016-08-01] (Dropbox, Inc.)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [75776 2016-07-19] ()
HKU\S-1-5-21-460736838-1080885726-4207931419-1002\...\Run: [Spotify Web Helper] => C:\Users\Eva\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1555056 2016-08-05] (Spotify Ltd)
HKU\S-1-5-21-460736838-1080885726-4207931419-1002\...\Run: [Spotify] => C:\Users\Eva\AppData\Roaming\Spotify\Spotify.exe [6937200 2016-08-05] (Spotify Ltd)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.122
Tcpip\..\Interfaces\{4471eb47-7262-43c2-9d25-fcb4fdd4a1f9}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{b759b702-5312-4a99-aa79-72e16c9fb308}: [DhcpNameServer] 209.91.107.11 209.121.225.11
Tcpip\..\Interfaces\{b9d371f6-bd4f-4aa3-b1e1-399908959482}: [DhcpNameServer] 192.168.1.254 75.153.171.122
Tcpip\..\Interfaces\{c22fc63b-0edb-463b-8e6b-1817b8b657b8}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-334e1111
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-334e1111
HKU\S-1-5-21-460736838-1080885726-4207931419-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-334e1111
HKU\S-1-5-21-460736838-1080885726-4207931419-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_30¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0EzzzyyE0FyCtByD0D0FtB0EtBtBtCyEtN0D0Tzu0StCyCyCyBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyCtDtA0F0CtBtGyDzytB0BtGyB0CyEzztGyD0EtB0CtG0C0Czz0FyDzz0D0EzztD0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBtDtCyDyDyDyCtG0E0BzytAtGyE0DyEyCtG0ByB0FtAtGtAyDzztCtDyByDtD0AyC0DtB2QtN0A0LzuyE%26cr%3D419674973%26a%3Dwbf_fremkfs_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_30¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0EzzzyyE0FyCtByD0D0FtB0EtBtBtCyEtN0D0Tzu0StCyCyCyBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyCtDtA0F0CtBtGyDzytB0BtGyB0CyEzztGyD0EtB0CtG0C0Czz0FyDzz0D0EzztD0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBtDtCyDyDyDyCtG0E0BzytAtGyE0DyEyCtG0ByB0FtAtGtAyDzztCtDyByDtD0AyC0DtB2QtN0A0LzuyE%26cr%3D419674973%26a%3Dwbf_fremkfs_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_30¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0EzzzyyE0FyCtByD0D0FtB0EtBtBtCyEtN0D0Tzu0StCyCyCyBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyCtDtA0F0CtBtGyDzytB0BtGyB0CyEzztGyD0EtB0CtG0C0Czz0FyDzz0D0EzztD0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBtDtCyDyDyDyCtG0E0BzytAtGyE0DyEyCtG0ByB0FtAtGtAyDzztCtDyByDtD0AyC0DtB2QtN0A0LzuyE%26cr%3D419674973%26a%3Dwbf_fremkfs_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_30¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0EzzzyyE0FyCtByD0D0FtB0EtBtBtCyEtN0D0Tzu0StCyCyCyBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyCtDtA0F0CtBtGyDzytB0BtGyB0CyEzztGyD0EtB0CtG0C0Czz0FyDzz0D0EzztD0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBtDtCyDyDyDyCtG0E0BzytAtGyE0DyEyCtG0ByB0FtAtGtAyDzztCtDyByDtD0AyC0DtB2QtN0A0LzuyE%26cr%3D419674973%26a%3Dwbf_fremkfs_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-460736838-1080885726-4207931419-1002 -> DefaultScope {AAE01011-C803-40C8-B932-1F086BF9BBFD} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_30¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0EzzzyyE0FyCtByD0D0FtB0EtBtBtCyEtN0D0Tzu0StCyCyCyBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyCtDtA0F0CtBtGyDzytB0BtGyB0CyEzztGyD0EtB0CtG0C0Czz0FyDzz0D0EzztD0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBtDtCyDyDyDyCtG0E0BzytAtGyE0DyEyCtG0ByB0FtAtGtAyDzztCtDyByDtD0AyC0DtB2QtN0A0LzuyE%26cr%3D419674973%26a%3Dwbf_fremkfs_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-460736838-1080885726-4207931419-1002 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-460736838-1080885726-4207931419-1002 -> {AAE01011-C803-40C8-B932-1F086BF9BBFD} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_30¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0EzzzyyE0FyCtByD0D0FtB0EtBtBtCyEtN0D0Tzu0StCyCyCyBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyCtDtA0F0CtBtGyDzytB0BtGyB0CyEzztGyD0EtB0CtG0C0Czz0FyDzz0D0EzztD0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBtDtCyDyDyDyCtG0E0BzytAtGyE0DyEyCtG0ByB0FtAtGtAyDzztCtDyByDtD0AyC0DtB2QtN0A0LzuyE%26cr%3D419674973%26a%3Dwbf_fremkfs_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-08-09] (Microsoft Corporation)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-08-09] (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-09] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-09] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-09] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-09] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\5aysy0h3.default
FF NewTab: about:newtab
FF DefaultSearchEngine: Yahoo! Powered
FF SelectedSearchEngine: Yahoo! Powered
FF Homepage: hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_30¶m1=1¶m2=f%3D1%26b%3DFirefox%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0EzzzyyE0FyCtByD0D0FtB0EtBtBtCyEtN0D0Tzu0StCyCyCyBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyCtDtA0F0CtBtGyDzytB0BtGyB0CyEzztGyD0EtB0CtG0C0Czz0FyDzz0D0EzztD0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBtDtCyDyDyDyCtG0E0BzytAtGyE0DyEyCtG0ByB0FtAtGtAyDzztCtDyByDtD0AyC0DtB2QtN0A0LzuyE%26cr%3D419674973%26a%3Dwbf_fremkfs_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
FF Keyword.URL: user_pref("keyword.URL", true);
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-08-09] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-460736838-1080885726-4207931419-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Eva\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-18] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-460736838-1080885726-4207931419-1002: vsee.com/VSeeDetection -> C:\Users\Eva\AppData\Roaming\VSeeInstall\npVSeeDetection.dll [2015-12-18] (VSee Lab)
FF SearchPlugin: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\5aysy0h3.default\searchplugins\yahoo! powered.xml [2016-07-24]
FF Extension: FlashGot - C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\5aysy0h3.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-07-24]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-10-16] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-09]
CHR Extension: (Google Docs) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-09]
CHR Extension: (Google Drive) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Rapport) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-02-09]
CHR Extension: (YouTube) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Sheets) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-09]
CHR Extension: (Google Docs Offline) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-19]
CHR Extension: (Chrome Media Router) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-09]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-460736838-1080885726-4207931419-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-460736838-1080885726-4207931419-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173248 2014-11-26] (Microsoft Corp.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2950856 2016-07-25] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-24] (Dropbox, Inc.)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [200240 2016-07-23] (Microsoft Corporation) [File not signed]
R2 postgresql-x64-9.2; C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe [89600 2013-04-01] (PostgreSQL Global Development Group) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2383344 2016-07-11] (IBM Corp.)
S3 Sage 50 Transaction Manager 2015 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2015 - CDN\Sage_SA.TransactionManager.exe [35848 2015-12-10] (Sage)
S3 Sage 50 Transaction Manager 2016 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2016 - CDN\Sage_SA.TransactionManager.exe [35848 2016-06-10] (Sage)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-04-30] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-04-30] (Seagate Technology LLC)
R2 Simply Accounting Database Connection Manager; C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe [25608 2016-06-10] (Sage)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-30] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 RapportCerberus_1609042; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609042.sys [1157960 2016-08-10] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544360 2016-07-11] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215560 2016-07-11] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470056 2016-07-11] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [525992 2016-07-11] (IBM Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [3870464 2015-10-01] (Realtek Semiconductor Corporation )
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49384 2016-03-29] (Microsoft Corporation)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-15 19:00 - 2016-08-15 19:01 - 00027665 _____ C:\Users\Eva\Desktop\FRST.txt
2016-08-15 19:00 - 2016-08-15 19:00 - 00000000 ____D C:\Users\Eva\Desktop\FRST-OlderVersion
2016-08-15 19:00 - 2016-08-15 19:00 - 00000000 ____D C:\FRST
2016-08-15 18:47 - 2016-08-15 19:00 - 02394624 _____ (Farbar) C:\Users\Eva\Desktop\FRST64.exe
2016-08-15 18:39 - 2016-08-15 18:39 - 00041527 _____ C:\Users\Eva\Downloads\Addition.txt
2016-08-15 18:30 - 2016-08-15 18:30 - 00000000 ___HD C:\OneDriveTemp
2016-08-15 00:12 - 2016-08-15 18:29 - 00000000 ____D C:\Users\Eva\AppData\Local\{291A1F46-0DB2-73FE-602A-56164442AA8E}
2016-08-15 00:12 - 2016-08-15 00:12 - 02415123 _____ C:\Users\Eva\AppData\Roaming\sb953.dat
2016-08-15 00:12 - 2016-08-15 00:12 - 00000000 ____D C:\Users\Eva\AppData\Local\cico
2016-08-12 18:35 - 2016-08-12 18:35 - 02131936 _____ (Irfan Skiljan) C:\Users\Eva\Downloads\iview442_setup.exe
2016-08-12 18:32 - 2016-08-12 18:32 - 00930888 _____ C:\Users\Eva\Downloads\Annual Permits.tiff
2016-08-09 19:46 - 2016-08-03 04:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-09 19:46 - 2016-08-03 04:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-09 19:46 - 2016-08-03 04:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-09 19:46 - 2016-08-03 03:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-09 19:46 - 2016-08-03 03:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-09 19:46 - 2016-08-03 03:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-09 19:46 - 2016-08-03 03:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-09 19:46 - 2016-08-03 03:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-09 19:46 - 2016-08-03 03:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-09 19:46 - 2016-08-03 03:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-09 19:46 - 2016-08-03 03:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-09 19:46 - 2016-08-03 03:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-09 19:46 - 2016-08-03 03:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-09 19:46 - 2016-08-03 03:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-09 19:46 - 2016-08-03 03:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-09 19:46 - 2016-08-03 03:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-09 19:46 - 2016-08-03 03:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-09 19:46 - 2016-08-03 03:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-09 19:46 - 2016-08-03 03:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-09 19:46 - 2016-08-03 03:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-09 19:46 - 2016-08-03 03:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-09 19:46 - 2016-08-03 03:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-09 19:46 - 2016-08-03 02:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-09 19:46 - 2016-08-03 02:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-09 19:46 - 2016-08-03 02:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-09 19:46 - 2016-08-03 02:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-09 19:46 - 2016-08-03 02:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-09 19:46 - 2016-08-03 02:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-09 19:46 - 2016-08-03 02:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-09 19:46 - 2016-08-03 02:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-09 19:46 - 2016-08-03 02:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-09 19:46 - 2016-08-03 02:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-09 19:46 - 2016-08-03 02:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-09 19:46 - 2016-08-03 02:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-09 19:46 - 2016-08-03 02:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-09 19:46 - 2016-08-03 02:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-09 19:46 - 2016-08-03 02:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-09 19:46 - 2016-08-03 02:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-09 19:46 - 2016-08-03 02:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-09 19:46 - 2016-08-03 02:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-09 19:46 - 2016-08-03 02:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-09 19:46 - 2016-08-03 02:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-09 19:46 - 2016-08-03 02:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-09 19:46 - 2016-08-03 02:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-09 19:46 - 2016-08-03 02:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-09 19:46 - 2016-08-03 02:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-09 19:46 - 2016-08-03 02:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-09 19:46 - 2016-08-03 02:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-09 19:46 - 2016-08-03 02:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-09 19:46 - 2016-08-03 02:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-09 19:46 - 2016-08-03 02:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-09 19:46 - 2016-08-03 02:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-09 19:46 - 2016-08-03 02:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-09 19:46 - 2016-08-03 02:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-09 19:46 - 2016-08-03 02:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-09 19:46 - 2016-08-03 02:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-09 19:46 - 2016-08-03 02:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-09 19:46 - 2016-08-03 02:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-09 19:46 - 2016-08-03 02:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-09 19:46 - 2016-08-03 02:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-09 19:46 - 2016-08-03 02:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-09 19:46 - 2016-08-03 02:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-09 19:46 - 2016-08-03 02:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-09 19:46 - 2016-08-03 02:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-09 19:46 - 2016-08-03 02:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-09 19:46 - 2016-08-02 22:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-09 19:46 - 2016-08-02 22:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-09 19:46 - 2016-08-02 22:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-09 19:46 - 2016-08-02 22:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-09 19:46 - 2016-08-02 22:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-09 19:46 - 2016-08-02 22:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-09 19:46 - 2016-08-02 22:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-09 19:46 - 2016-08-02 22:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-09 19:46 - 2016-08-02 22:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-09 19:46 - 2016-08-02 22:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-09 19:46 - 2016-08-02 21:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-09 19:46 - 2016-08-02 21:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-09 19:46 - 2016-08-02 21:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-09 19:46 - 2016-08-02 21:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-09 19:46 - 2016-08-02 21:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-09 19:46 - 2016-08-02 21:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-09 19:46 - 2016-08-02 21:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-09 19:46 - 2016-08-02 21:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-09 19:46 - 2016-08-02 21:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-09 19:46 - 2016-08-02 21:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-09 19:46 - 2016-08-02 21:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-09 19:46 - 2016-08-02 21:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-09 19:46 - 2016-08-02 21:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-09 19:46 - 2016-08-02 21:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-09 19:46 - 2016-08-02 21:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-09 19:46 - 2016-08-02 21:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-09 19:46 - 2016-08-02 21:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-09 19:46 - 2016-08-02 21:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-09 19:46 - 2016-08-02 21:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-09 19:46 - 2016-08-02 21:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-09 19:46 - 2016-08-02 21:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-09 19:46 - 2016-08-02 21:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-09 19:46 - 2016-08-02 21:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-09 19:46 - 2016-08-02 21:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-09 19:46 - 2016-08-02 21:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-09 19:46 - 2016-08-02 21:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-09 19:46 - 2016-08-02 21:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-09 19:46 - 2016-08-02 21:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-09 19:45 - 2016-08-03 03:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-09 19:45 - 2016-08-03 03:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-09 19:45 - 2016-08-03 03:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-09 19:45 - 2016-08-03 03:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-09 19:45 - 2016-08-03 02:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-09 19:45 - 2016-08-03 02:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-09 19:45 - 2016-08-03 02:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-09 19:45 - 2016-08-03 02:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-09 19:45 - 2016-08-03 02:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-09 19:45 - 2016-08-03 02:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-09 19:45 - 2016-08-03 02:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-09 19:45 - 2016-08-03 02:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-09 19:45 - 2016-08-03 02:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-09 19:45 - 2016-08-03 02:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-09 19:45 - 2016-08-03 02:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-09 19:45 - 2016-08-03 02:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-09 19:45 - 2016-08-03 02:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-09 19:45 - 2016-08-03 02:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-09 19:45 - 2016-08-03 02:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-09 19:45 - 2016-08-03 02:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-09 19:45 - 2016-08-03 02:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-09 19:45 - 2016-08-02 21:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-09 19:45 - 2016-08-02 21:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-09 19:45 - 2016-08-02 21:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-09 19:45 - 2016-08-02 21:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-09 19:45 - 2016-08-02 21:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-05 10:44 - 2016-08-05 10:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-07-28 20:28 - 2016-07-28 20:28 - 00018381 _____ C:\Users\Eva\Downloads\GDP by Industry.xlsx
2016-07-24 23:49 - 2016-07-25 06:36 - 00000000 ____D C:\Users\Eva\Downloads\Flashgot
2016-07-24 23:12 - 2016-08-15 00:12 - 00000153 _____ C:\Users\Eva\AppData\Roaming\WB.CFG
2016-07-24 22:12 - 2016-08-15 00:12 - 00000284 _____ C:\WINDOWS\Tasks\{74A9F5F3-7B8F-F503-BA05-2BAACE3A64FF}.job
2016-07-24 22:12 - 2016-07-24 22:12 - 00002824 _____ C:\WINDOWS\System32\Tasks\{74A9F5F3-7B8F-F503-BA05-2BAACE3A64FF}
2016-07-24 22:11 - 2016-08-15 00:12 - 00000344 __RSH C:\ProgramData\ntuser.pol
2016-07-24 22:11 - 2016-08-15 00:11 - 00000992 _____ C:\WINDOWS\Tasks\Yahoo! Powered titil.job
2016-07-24 22:11 - 2016-08-15 00:11 - 00000000 ____D C:\ProgramData\{15FCD09F-9FBE-5A59-1978-C41B833A4FD5}
2016-07-24 22:11 - 2016-08-10 19:11 - 00000000 ____D C:\Users\Eva\AppData\Roaming\{7CE34A58-59B1-272E-3287-00FCEE55FDC2}
2016-07-24 22:11 - 2016-07-24 22:12 - 00000000 ____D C:\Users\Eva\Documents\Freemake
2016-07-24 22:11 - 2016-07-24 22:11 - 00004066 _____ C:\WINDOWS\System32\Tasks\Yahoo! Powered titil
2016-07-24 22:11 - 2016-07-24 22:11 - 00002539 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
2016-07-24 22:11 - 2016-07-24 22:11 - 00001393 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2016-07-24 22:11 - 2016-07-24 22:11 - 00000000 ____D C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2016-07-24 22:11 - 2016-07-24 22:11 - 00000000 ____D C:\Users\Eva\AppData\Local\Setup900792828
2016-07-24 22:11 - 2016-07-24 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2016-07-24 22:11 - 2016-07-24 22:11 - 00000000 ____D C:\ProgramData\Freemake
2016-07-24 22:10 - 2016-07-24 22:12 - 00000000 ____D C:\Users\Eva\AppData\Local\ceri
2016-07-24 22:10 - 2016-07-24 22:12 - 00000000 ____D C:\Users\Eva\AppData\Local\{7CBE4AE2-5816-265A-358E-03B211E6FF2A}
2016-07-24 22:10 - 2016-07-24 22:11 - 00000000 ____D C:\Program Files (x86)\Freemake
2016-07-24 22:08 - 2016-07-24 22:08 - 01866512 _____ (Ellora Assets Corporation ) C:\Users\Eva\Downloads\FreemakeVideoConverterSetup.exe
2016-07-24 21:39 - 2016-07-24 21:49 - 00000000 ____D C:\Users\Eva\AppData\Local\CrashDumps
2016-07-24 21:39 - 2016-07-24 21:40 - 00000000 ____D C:\Users\Eva\AppData\Roaming\NVIDIA
2016-07-24 21:36 - 2016-07-24 21:36 - 00001988 _____ C:\Users\Eva\Desktop\Resolve.lnk
2016-07-24 21:36 - 2016-07-24 21:36 - 00000000 ____D C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
2016-07-24 21:36 - 2016-07-24 21:36 - 00000000 ____D C:\ProgramData\Blackmagic Design
2016-07-24 21:36 - 2016-07-24 21:36 - 00000000 ____D C:\Program Files\Blackmagic Design
2016-07-24 21:35 - 2016-07-24 21:35 - 00000020 ___SH C:\Users\postgres\ntuser.ini
2016-07-24 21:35 - 2016-07-24 21:35 - 00000000 _SHDL C:\Users\postgres\My Documents
2016-07-24 21:35 - 2016-07-24 21:35 - 00000000 _SHDL C:\Users\postgres\Documents\My Videos
2016-07-24 21:35 - 2016-07-24 21:35 - 00000000 _SHDL C:\Users\postgres\Documents\My Pictures
2016-07-24 21:35 - 2016-07-24 21:35 - 00000000 _SHDL C:\Users\postgres\Documents\My Music
2016-07-24 21:35 - 2016-04-20 04:13 - 00000000 ____D C:\Users\postgres\AppData\Roaming\Media Center Programs
2016-07-24 21:35 - 2016-04-20 04:13 - 00000000 ____D C:\Users\postgres\AppData\Roaming\Macromedia
2016-07-24 21:35 - 2016-04-20 04:13 - 00000000 ____D C:\Users\postgres\AppData\Local\Trusteer
2016-07-24 21:35 - 2016-04-20 04:13 - 00000000 ____D C:\Users\postgres\AppData\Local\Microsoft Help
2016-07-24 21:35 - 2014-09-20 12:21 - 00002100 _____ C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-07-24 21:33 - 2016-08-14 02:12 - 00000000 ____D C:\Users\postgres
2016-07-24 21:33 - 2016-07-24 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.2
2016-07-24 21:31 - 2016-07-24 21:31 - 00000000 ____D C:\Program Files\PostgreSQL
2016-07-24 21:29 - 2016-06-07 21:06 - 458277816 ____N (Blackmagic Design) C:\Users\Eva\Downloads\DaVinci_Resolve_12.5_Windows.exe
2016-07-24 20:21 - 2016-07-24 20:29 - 00000000 ____D C:\Users\Eva\AppData\Local\Mozilla
2016-07-24 20:21 - 2016-07-24 20:22 - 00000000 ____D C:\Users\Eva\AppData\Roaming\Mozilla
2016-07-24 20:21 - 2016-07-24 20:21 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-07-24 20:21 - 2016-07-24 20:21 - 00001216 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-07-24 20:21 - 2016-07-24 20:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-24 20:21 - 2016-07-24 20:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-07-24 20:19 - 2016-07-24 20:20 - 00242120 _____ C:\Users\Eva\Downloads\Firefox Setup Stub 47.0.1.exe
2016-07-24 20:18 - 2016-07-24 20:22 - 457623546 _____ C:\Users\Eva\Downloads\DaVinci_Resolve_12.5_Windows.zip
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-15 18:46 - 2014-09-13 10:47 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-15 18:34 - 2015-12-23 17:58 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4F1A4D66-7CAA-47C5-89FE-139D441F5158}
2016-08-15 18:32 - 2014-10-06 09:09 - 00000000 ___RD C:\Users\Eva\Dropbox
2016-08-15 18:31 - 2015-09-25 14:45 - 00000000 ____D C:\Users\Eva\AppData\Roaming\Spotify
2016-08-15 18:30 - 2015-09-25 14:46 - 00000000 ____D C:\Users\Eva\AppData\Local\Spotify
2016-08-15 18:30 - 2015-09-24 16:22 - 00000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-08-15 18:30 - 2014-09-20 12:21 - 00000000 ___RD C:\Users\Eva\OneDrive
2016-08-15 18:30 - 2014-09-13 10:47 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-14 23:34 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-14 23:27 - 2015-09-24 16:22 - 00000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-08-14 03:08 - 2016-04-20 04:06 - 00000000 ____D C:\Users\Eva
2016-08-14 02:21 - 2013-09-25 16:23 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-08-14 02:18 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-14 02:12 - 2016-04-20 04:03 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-14 02:12 - 2016-02-13 06:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-10 13:15 - 2016-02-13 06:22 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-10 11:50 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-10 11:25 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-10 11:01 - 2013-09-20 12:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-08-10 11:00 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-10 02:19 - 2015-10-29 23:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-08-10 02:18 - 2016-02-13 06:04 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-10 02:18 - 2015-10-30 00:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-10 02:18 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-09 20:58 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-09 20:58 - 2013-09-18 15:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-09 20:51 - 2013-09-18 15:31 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-09 19:32 - 2015-10-30 00:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-09 19:29 - 2013-09-19 14:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-08-08 17:48 - 2015-08-06 21:51 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-08 17:48 - 2014-09-13 10:47 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-05 10:44 - 2015-09-24 16:22 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-08-04 15:02 - 2014-04-25 12:32 - 00000000 ____D C:\Users\Eva\AppData\Local\Adobe
2016-07-28 19:41 - 2014-09-13 10:47 - 00003982 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 19:41 - 2014-09-13 10:47 - 00003750 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-27 12:25 - 2010-11-20 20:27 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-07-24 22:10 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-07-24 22:10 - 2009-07-13 20:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-07-24 21:39 - 2015-07-28 13:00 - 00000000 ____D C:\Users\Eva\Documents\Henry
==================== Files in the root of some directories =======
2016-08-15 00:12 - 2016-08-15 00:12 - 2415123 _____ () C:\Users\Eva\AppData\Roaming\sb953.dat
2016-07-24 23:12 - 2016-08-15 00:12 - 0000153 _____ () C:\Users\Eva\AppData\Roaming\WB.CFG
2016-04-20 04:02 - 2016-04-20 04:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Files to move or delete:
====================
C:\Windows\Tasks\{74A9F5F3-7B8F-F503-BA05-2BAACE3A64FF}.job
Some files in TEMP:
====================
C:\Users\Eva\AppData\Local\Temp\FreemakeVideoConverterFull.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-08-13 10:29
==================== End of FRST.txt ============================
*** Addition.txt ***
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2016 01
Ran by Eva (15-08-2016 19:01:40)
Running from C:\Users\Eva\Desktop
Windows 10 Pro Version 1511 (X64) (2016-04-20 11:31:29)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-460736838-1080885726-4207931419-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-460736838-1080885726-4207931419-503 - Limited - Disabled)
Eva (S-1-5-21-460736838-1080885726-4207931419-1002 - Administrator - Enabled) => C:\Users\Eva
Guest (S-1-5-21-460736838-1080885726-4207931419-501 - Limited - Disabled)
HENRY (S-1-5-21-460736838-1080885726-4207931419-1000 - Administrator - Enabled) => C:\Users\HENRY
HomeGroupUser$ (S-1-5-21-460736838-1080885726-4207931419-1004 - Limited - Enabled)
postgres (S-1-5-21-460736838-1080885726-4207931419-1005 - Limited - Enabled) => C:\Users\postgres
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0.3.0 - Adobe Systems Incorporated)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.4.167.0 - Microsoft Corporation)
BingProvidedSearch (HKLM-x32\...\BingProvidedSearch) (Version: - )
Brother MFL-Pro Suite MFC-7840W (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version: - Canon Inc.)
DaVinci Resolve (HKLM\...\{5BE8D9B2-D7B5-4059-B9F3-BA984FD2E552}) (Version: 12.5.0052 - Blackmagic Design)
Dropbox (HKLM-x32\...\Dropbox) (Version: 7.4.30 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
ESRI ArcPad 7.1 (HKLM-x32\...\ESRI ArcPad 7.1) (Version: - )
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.98 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.98 - Etron Technology) Hidden
Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
Loggers Edge (HKLM-x32\...\{0CCF7918-8217-45F3-9E45-8EB231178045}) (Version: 4.9.2 - Caribou Software)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7070.2033 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySQL Connector/ODBC 3.51 (HKLM-x32\...\{6A85286D-BA0F-4318-8C30-AD74A33AAD36}) (Version: 3.51.28 - Oracle Corporation)
MySQL Connector/ODBC 5.2(a) (HKLM-x32\...\{6BAA9A62-1520-4063-A5B4-FFB3D6EC62BB}) (Version: 5.2.4 - Oracle Corporation)
NVIDIA 3D Vision Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7030.1021 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7030.1021 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7030.1021 - Microsoft Corporation) Hidden
PostgreSQL 9.2 (HKLM\...\PostgreSQL 9.2) (Version: 9.2 - PostgreSQL Global Development Group)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rapport (x32 Version: 3.5.1609.76 - Trusteer) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Sage 50 Accounting (x32 Version: 22.30.1001 - Sage Software) Hidden
Sage 50 Accounting (x32 Version: 23.10.1001 - Sage Software) Hidden
Sage 50 Accounting Version 2015 (HKLM-x32\...\InstallShield_{1585982E-766D-476A-BF0D-5FE4A1C1BE9F}) (Version: 22.30.1001 - Sage Software)
Sage 50 Accounting Version 2016 (HKLM-x32\...\InstallShield_{3F4F1778-F87C-4B08-BCE6-1BF3E42F26BD}) (Version: 23.10.1001 - Sage Software)
Sage 50 EFT Direct 2013 (HKLM-x32\...\{24264F52-AC06-4097-92BB-963B88132F32}) (Version: 2013 - Sage Software)
Seagate Dashboard (HKLM-x32\...\{67445E65-3D93-428F-83A5-446F7D02689A}) (Version: 3.1.3.0 - Seagate)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-460736838-1080885726-4207931419-1002\...\Spotify) (Version: 1.0.34.146.g28f9eda2 - Spotify AB)
TP-LINK TL-WN821N©_TL-WN822N_TL-WN823N Driver (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.76 - Trusteer)
Unity Web Player (HKU\S-1-5-21-460736838-1080885726-4207931419-1002\...\UnityWebPlayer) (Version: 4.6.0f3 - Unity Technologies ApS)
VSee (HKU\S-1-5-21-460736838-1080885726-4207931419-1002\...\VSee) (Version: 3.1.3.22680 - VSee Lab Inc)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Yahoo! Powered (HKLM-x32\...\winsearch) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-460736838-1080885726-4207931419-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Eva\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {04601ED0-20CA-46E9-A6F5-8A0B598B6B15} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {051B0BE3-CB42-4A2A-A121-95E2326E6905} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {05344639-00AA-460E-AC60-5ED54116871F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0D371FB2-D67C-41BE-89BC-015B57EB9010} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {10AA1049-988E-4825-B152-9F74EE2B7D6D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {20F0A9DC-6EDE-4E74-996C-456964B1381C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {24859493-3000-4E41-8DA7-F7BB693E2288} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {2BB38784-BED5-4157-A3C4-767D0D2893B3} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {2E58BA30-1440-4FB3-B51B-BE912C1D1467} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {33701670-AFE4-4927-96CC-760C515FFCF7} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {34BC0C3F-8224-4FB8-AA62-E802401D5A2A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3992FC68-7E93-461C-8B83-C84C87F2956F} - System32\Tasks\HENRY Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC)
Task: {3D6F0567-D1E4-42AB-ABD6-FB0889D5AF97} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {44E39C71-15B1-4A3B-B280-64848596AF09} - System32\Tasks\AdobeAAMUpdater-1.0-HENRY-PC-Eva => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-09-16] (Adobe Systems Incorporated)
Task: {45EC807C-9A04-46CE-A3AD-9C525C97612D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {4833966E-E8F3-4947-8892-02607BFD9ADE} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {4875EA4F-95CC-4B3F-9664-E5DBA9CC8B14} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {6DEB75E7-C346-4960-A244-A3591C9C7179} - System32\Tasks\HENRY => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC)
Task: {78F538BC-513F-474B-B54E-4C410876A879} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {7933B59A-D8C4-4D18-9A72-446FD6584436} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7E3242EB-0899-48D8-84B4-5530029FB4C8} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {811511DF-067D-4F8C-9255-394A04463141} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {880A5C37-0AF3-44DB-95AD-986262BE99B9} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {8DF532FF-8AD8-4F44-9322-53B7D65F4B53} - System32\Tasks\{ED078EDC-2AD6-4EC3-A2B9-47F1CAE94EFB} => pcalua.exe -a C:\Users\HENRY\Downloads\AdobeAcrobatPro.exe -d C:\Users\HENRY\Downloads
Task: {8EE95191-38DD-4100-84C8-6988A5C800E8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-24] (Dropbox, Inc.)
Task: {8F6AF491-EC19-4C55-BDAE-B4038E2FF290} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {8FCCD9C5-DC60-4A2B-B5A1-7ADC61B839EE} - System32\Tasks\HENRY DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-04-30] (Seagate Technology LLC)
Task: {91D524EE-9077-4761-975C-F775CF520527} - System32\Tasks\Yahoo! Powered titil => Wscript.exe "C:\ProgramData\{15FCD09F-9FBE-5A59-1978-C41B833A4FD5}\fida.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b31354643443039462d394642452d354135392d313937382d4334314238333341344644357d5c736f73696e65" "433a5c50726f6772616d446174615c7b31354643443039462d394642452d354135392d313937 (the data entry has 78 more characters).
Task: {9202DF34-0627-413B-91A9-C8B832C0614D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {9BF53C32-EF99-483A-A86F-6D6339449C5C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-24] (Dropbox, Inc.)
Task: {9FE0C662-EC4D-4337-956E-D2D8D9D9611C} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A0657C43-F94A-4BC2-955A-117A5C794F88} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {A13B28F8-3B42-4ACF-A5F0-50CDEAE3DDD7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {A1580564-1F07-4BCD-8857-4ADD74F740CA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-08-09] (Microsoft Corporation)
Task: {A552F717-28D5-417E-803B-5A6A665962E5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {AAE89895-09FC-4157-ADCC-A56DEE0208FA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AB1D7B70-EC74-4857-B665-1E96CE3CAB3C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {BACAC453-F3E5-4E12-9A10-D06859A77284} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {BD6587E1-6C00-43CF-AE26-2C566840B25A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {C3F7F06D-122C-4432-9860-456307EE1654} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {C6C90145-78CC-44F2-A9F0-5B2405EA6529} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {CCC9982E-CFB8-40D5-8652-28ACB06F659F} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {CDB926C5-89CC-4FDD-990D-001F724C8241} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-04-30] (Seagate Technology LLC)
Task: {CDFCFD3D-9A5A-40EC-BCB3-74D0035B9C3A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {D173AE98-7ED6-4FC9-8A51-EE21880991E4} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {E0661C59-570F-4F42-B9BF-BE95EFD26296} - System32\Tasks\AdobeAAMUpdater-1.0-HENRY-PC-HENRY => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-09-16] (Adobe Systems Incorporated)
Task: {E067DAAE-FF42-4144-8DB4-EA0E97BD33DF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {E1FFC7BC-FEE4-4630-B3ED-E12383FEFC42} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E21A630B-EBCB-4157-A305-E5D9AB6F2DAE} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {E5E5E067-7DD3-426C-9243-A5E2DC18833B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-07-25] (Microsoft Corporation)
Task: {E7FEA7B0-9BAA-4A9A-BEC6-8DB544702878} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-09] (Microsoft Corporation)
Task: {EE1F73FD-079D-4350-94A2-6763D198CC52} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F08BAD19-97FC-44D2-A491-3F0777A4F409} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-07-25] (Microsoft Corporation)
Task: {F35C4863-004D-46C0-BD5D-B4BA662B55CE} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {F46DD5EE-16DD-4DC6-B9EA-2F897CACCE78} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {F7C30E5B-FC85-44DC-B899-A40E92F8F681} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {FB1668FE-C138-4853-A1C9-45DD0317ED57} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FBDC4AFF-2550-44D8-A1C8-00B01CDE71A4} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {FFD2F104-E0AD-4E36-92E9-DF54E65B9961} - System32\Tasks\{74A9F5F3-7B8F-F503-BA05-2BAACE3A64FF} => C:\Users\Eva\AppData\Roaming\{7CE34~1\SyncTask.exe [2013-04-25] () <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Yahoo! Powered titil.job => Wscript.exe C:\ProgramData\{15FCD09F-9FBE-5A59-1978-C41B833A4FD5}\fida.txt <==== ATTENTION
Task: C:\WINDOWS\Tasks\{74A9F5F3-7B8F-F503-BA05-2BAACE3A64FF}.job => C:\Users\Eva\AppData\Roaming\{7CE34~1\SyncTask.exe <==== ATTENTION
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-01-18 18:22 - 2012-08-31 16:03 - 00288768 _____ () C:\WINDOWS\System32\HP1100LM.DLL
2015-01-18 18:23 - 2012-08-31 16:02 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2015-01-18 18:23 - 2012-08-31 16:03 - 03034112 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\hp1100su.dll
2015-01-18 18:23 - 2012-08-31 16:02 - 01038336 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\HP1100GC.dll
2013-09-19 14:15 - 2005-04-22 12:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2016-07-24 21:31 - 2013-04-01 20:41 - 00176128 _____ () C:\Program Files\PostgreSQL\9.2\bin\LIBPQ.dll
2016-07-24 21:33 - 2012-08-14 06:31 - 01328128 _____ () C:\Program Files\PostgreSQL\9.2\bin\libxml2.dll
2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-04-20 04:03 - 2015-08-06 17:24 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-13 12:13 - 2016-06-30 21:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-13 12:13 - 2016-06-30 21:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-07-13 11:06 - 2016-07-13 11:06 - 00959168 _____ () C:\Users\Eva\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-02-13 05:54 - 2016-02-13 05:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 12:15 - 2016-06-30 20:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-24 22:11 - 2016-07-19 16:14 - 00075776 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2016-07-13 12:13 - 2016-06-30 20:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-13 12:13 - 2016-06-30 20:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-13 12:13 - 2016-06-30 20:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-13 12:13 - 2016-06-30 20:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-02 15:51 - 2015-06-02 15:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2016-07-13 11:05 - 2016-07-13 11:05 - 00679624 _____ () C:\Users\Eva\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2013-09-19 14:15 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-12-11 12:47 - 2016-06-29 19:25 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-08-05 10:43 - 2016-06-29 19:25 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-08-05 10:43 - 2016-06-29 19:26 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-08-05 10:43 - 2016-06-29 19:25 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-11 12:47 - 2016-06-29 19:25 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-11 12:47 - 2016-06-29 19:25 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-11 12:47 - 2016-08-01 14:27 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-11 12:47 - 2016-06-29 19:25 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-08-05 10:43 - 2016-08-01 14:26 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 12:47 - 2016-06-29 19:26 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-08-05 10:43 - 2016-08-01 14:26 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-08-05 10:43 - 2016-08-01 14:26 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2015-12-11 12:47 - 2016-06-29 19:27 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-05 10:43 - 2016-06-29 19:25 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-08-05 10:43 - 2016-06-29 19:27 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-11 12:47 - 2016-06-29 19:27 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2015-12-11 12:47 - 2016-06-29 19:27 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-11 12:47 - 2016-08-01 14:27 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-11 12:47 - 2016-06-29 19:27 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-11 12:47 - 2016-06-29 19:27 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-11 12:47 - 2016-06-29 19:27 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-11 12:47 - 2016-06-29 19:27 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-11 12:47 - 2016-06-29 19:27 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-11 12:47 - 2016-06-29 19:27 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-11 12:47 - 2016-06-29 19:27 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-12-11 12:47 - 2016-06-29 19:27 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-08-05 10:43 - 2016-08-01 14:26 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2015-12-11 12:47 - 2016-06-29 19:27 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-02-17 19:00 - 2016-08-01 14:27 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-17 19:00 - 2016-08-01 14:27 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-17 19:00 - 2016-08-01 14:27 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2015-12-11 12:47 - 2016-06-29 19:25 - 00144848 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-08-05 10:44 - 2016-06-29 19:26 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-08-05 10:43 - 2016-08-01 14:26 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-11 12:47 - 2016-08-01 14:27 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 12:47 - 2016-06-29 19:27 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-17 19:00 - 2016-08-01 14:27 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-08-05 10:43 - 2016-06-29 19:28 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-08-05 10:43 - 2016-08-01 14:27 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-08-05 10:43 - 2016-08-01 14:17 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-08-05 10:43 - 2016-08-01 14:27 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-08-05 10:43 - 2016-08-01 14:27 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-11 12:47 - 2016-06-29 19:26 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 03929392 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 01972016 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2015-12-11 12:47 - 2016-06-29 19:27 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-04-14 12:14 - 2016-08-01 14:27 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00168248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-08-08 17:47 - 2016-08-02 17:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-08 17:47 - 2016-08-02 17:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
2016-07-20 12:44 - 2016-08-09 19:25 - 03544768 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\gfx.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-460736838-1080885726-4207931419-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Eva\AppData\Local\Microsoft\BingDesktop\themes\2016-08-15.jpg
DNS Servers: 192.168.1.254 - 75.153.171.122
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "ControlCenter3"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{5D814BAC-D53D-4FAF-8C4C-9D203CAD519D}C:\users\eva\appdata\roaming\vseeinstall\vsee.exe] => (Block) C:\users\eva\appdata\roaming\vseeinstall\vsee.exe
FirewallRules: [TCP Query User{9BF74457-85DB-41D2-9C67-B5DBA8330203}C:\users\eva\appdata\roaming\vseeinstall\vsee.exe] => (Block) C:\users\eva\appdata\roaming\vseeinstall\vsee.exe
FirewallRules: [UDP Query User{82CCEE7C-1B5D-4E37-990A-DDB7F3BF6710}C:\users\eva\appdata\roaming\vseeinstall\vsee.exe] => (Allow) C:\users\eva\appdata\roaming\vseeinstall\vsee.exe
FirewallRules: [TCP Query User{F6568CD4-4F95-42EA-876C-9E63CC74A88C}C:\users\eva\appdata\roaming\vseeinstall\vsee.exe] => (Allow) C:\users\eva\appdata\roaming\vseeinstall\vsee.exe
FirewallRules: [{ACE00E50-DB54-4A74-BD7D-A7FB4E38A7E0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [UDP Query User{44ADFD9F-E3B4-4CC6-9EB5-719CA0EB7E7F}C:\users\eva\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eva\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{A4C77C42-8957-451D-83C6-03E469EB1E9F}C:\users\eva\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eva\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{358FD747-8D64-4067-AD59-69F542DBB8DB}C:\users\eva\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eva\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{63B5D9A2-9F91-411E-891F-7BBC8E48C87B}C:\users\eva\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eva\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A82793CE-85A5-425F-AA58-1E636E91C2CC}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe
FirewallRules: [{5490EC45-AFCB-4AD2-992B-8C4306553AA5}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe
FirewallRules: [{69CB3AB8-52CF-4334-9B42-636CA8072055}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe
FirewallRules: [{4C1C6C5C-A5E7-4A88-9C0C-75746AAACACE}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe
FirewallRules: [{C5BD2138-06AC-41D5-A310-F4CD87781FDC}] => (Allow) LPort=54925
FirewallRules: [{1229D260-1B25-4E67-AC14-C97F17E6CFA2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CB13356B-6CF6-4E31-8ADD-99A65E962B2C}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\MySqlBinary\5.6.10\mysql\mysqld.exe
FirewallRules: [{5460EBD7-9EA3-42B1-8EB8-C171B8BC532E}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\MySqlBinary\5.6.10\mysql\mysqld.exe
FirewallRules: [{DB1243FF-20EB-46DF-9177-1EF64AE80E2E}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{C0A90C95-81E3-44D7-B9C2-D25E3260E332}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{02BA34D3-FF95-46F5-80C7-C721D8CDB317}] => (Allow) LPort=8888
FirewallRules: [TCP Query User{3BB2C343-BDC0-4667-8704-D81D3E8E86DC}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{139170B4-2FEB-4433-B882-6EA5D3F00A11}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{400AA3C6-2737-4B6F-B024-A01EAD8D3F4C}] => (Allow) LPort=8888
FirewallRules: [TCP Query User{12F5A4CE-B802-425F-B8F6-D3980CE4573C}C:\program files (x86)\caribou software\loggers edge\harvboss_xshld4.exe] => (Allow) C:\program files (x86)\caribou software\loggers edge\harvboss_xshld4.exe
FirewallRules: [UDP Query User{956D900D-8EF7-48D1-959B-C45F761ED9DC}C:\program files (x86)\caribou software\loggers edge\harvboss_xshld4.exe] => (Allow) C:\program files (x86)\caribou software\loggers edge\harvboss_xshld4.exe
FirewallRules: [{A926DE7A-9088-4DEC-ABAE-A58C19F2367C}] => (Allow) C:\Users\Eva\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{AD0A225B-E5F8-4C13-B432-3EEA1353C29D}C:\users\eva\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\eva\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{08CFE05A-5876-4D82-B8A9-9DF8D8137033}C:\users\eva\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\eva\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{514F34FE-B756-43D5-8451-35EC6963235D}] => (Allow) C:\Users\Eva\AppData\Local\Temp\7zS1E06\ProductInst64.exe
FirewallRules: [{69DB8891-1957-4BE6-AF2A-3EDA02CB8C3D}] => (Allow) C:\Users\Eva\AppData\Local\Temp\7zS1E06\ProductInst64.exe
FirewallRules: [{A4A71837-C2B0-4569-A92B-F55D24AC615A}] => (Allow) LPort=9100
FirewallRules: [{99C8C28E-12FE-4866-AC82-8ABE5B7DA5B0}] => (Allow) LPort=427
FirewallRules: [{1563F330-3941-48D7-BF6A-BC0D15D63184}] => (Allow) LPort=161
FirewallRules: [{F3EDEA11-574C-40DA-A69C-B1F1BFB5025E}] => (Allow) LPort=427
FirewallRules: [{190581B1-8B49-451A-B459-9D2E26D8E358}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{01A0AF62-52B5-45EA-B762-DBAAC63C01D0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FCE7CC62-C4C4-4DC6-9BA5-3EC58AB6F8A8}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe
FirewallRules: [{3FA1AC9F-705E-45C5-BD69-1F6D95550264}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe
FirewallRules: [{4F5F9C0E-C0CA-4238-9E3E-8DC72F928F36}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe
FirewallRules: [{59AE7BCF-BEEB-495B-9B32-7A3082F2A90F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe
FirewallRules: [{BB6E4373-C297-4F36-AA98-E5B0A69BBDCD}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe
FirewallRules: [{85E36D9A-85E8-48D2-BD70-AB6B44A1B95F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe
FirewallRules: [{36EF34D0-8EF9-413C-B040-6066E2428FC4}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe
FirewallRules: [{6DEBE460-DE1A-46AA-BB6E-7EE23FA99C68}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
FirewallRules: [{3EE415E9-BE0D-4886-97BC-D0194AD72992}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{1F0264FD-517A-4EB5-AEF5-88AA95274CB0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
24-07-2016 19:41:41 Scheduled Checkpoint
02-08-2016 01:00:42 Scheduled Checkpoint
09-08-2016 20:43:27 Windows Update
09-08-2016 20:44:51 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/15/2016 06:40:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program BingDesktop.exe version 1.4.167.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2b98
Start Time: 01d1f75dd201d75e
Termination Time: 4294967295
Application Path: C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
Report Id: 5862522a-6352-11e6-9c2e-1c6f65c63558
Faulting package full name:
Faulting package-relative application ID:
Error: (08/14/2016 03:08:55 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HENRY-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/13/2016 04:34:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HENRY-PC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/13/2016 04:19:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HENRY-PC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/13/2016 04:04:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HENRY-PC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/13/2016 03:49:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HENRY-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/13/2016 03:49:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HENRY-PC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/13/2016 03:23:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HENRY-PC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/12/2016 04:28:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HENRY-PC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/09/2016 08:45:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
System errors:
=============
Error: (08/15/2016 12:13:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_80b089 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (08/14/2016 03:08:55 AM) (Source: DCOM) (EventID: 10010) (User: HENRY-PC)
Description: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca
Error: (08/14/2016 03:08:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_53dde service to connect.
Error: (08/14/2016 03:08:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_53dde service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (08/14/2016 02:12:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Seagate Dashboard Services service to connect.
Error: (08/14/2016 02:12:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BingDesktopUpdate service to connect.
Error: (08/14/2016 02:12:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (08/14/2016 02:12:13 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Error Code: 126
Error: (08/14/2016 02:12:02 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:29:06 PM on 8/13/2016 was unexpected.
Error: (08/13/2016 04:40:02 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {7006698D-2974-4091-A424-85DD0B909E23}
CodeIntegrity:
===================================
Date: 2016-08-15 18:48:46.070
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-08-15 18:48:46.060
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-08-15 18:48:46.048
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-08-15 18:48:46.021
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-08-15 18:48:46.010
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-08-15 18:48:45.988
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-08-15 18:41:56.750
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-08-15 18:41:56.740
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-08-15 18:41:56.709
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-08-15 18:41:56.652
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 20%
Total physical RAM: 16367.11 MB
Available physical RAM: 12934.71 MB
Total Virtual: 32751.11 MB
Available Virtual: 29139.2 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:1396.73 GB) (Free:1165.08 GB) NTFS
Drive f: (WDBlack) (Fixed) (Total:931.51 GB) (Free:659.49 GB) NTFS
Drive g: (Program Files) (Fixed) (Total:232.88 GB) (Free:187.62 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: A9E10684)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1396.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 394A2742)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 394A2743)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=42)
==================== End of Addition.txt ============================